Datasheet
“main” (Installation and Administration) — 2004/6/25 — 13:29 — page 408 — #434
i
i
i
i
i
i
i
i
/etc/passwd, /etc/shadow, NIS maps, NIS+ tables, or from an LDAP
database. The behavior of this module can be influenced by configuring
the PAM options of the individual application itself or globally by editing
/etc/security/pam_unix2.conf. A very basic configuration file for
the module is shown in Example 20.2.
Example 20.2: pam_unix2.conf
auth: nullok
account:
password: nullok
session: none
The nullok option for module types auth and password specifies that
empty passwords are permitted for the corresponding type of account.
Users are also allowed to change passwords for their accounts. The none
option for the module type session specifies that no messages are logged
on its behalf (this is the default). Learn about additional configuration
options from the comments in the file itself and from the manual page of
pam_unix2.
20.3.2 pam_env.conf
This file can be used to define a standardized environment for users that is
set whenever the pam_env module is called. It lets you preset environment
variables using the following syntax:
VARIABLE [DEFAULT=[value]] [OVERRIDE=[value]]
VARIABLE Name of the environment variable to set.
[DEFAULT=[value]] Default value the administrator wants set.
[OVERRIDE=[value]] Values that may be queried and set by pam_env,
overriding the default value.
A very common example for which the default should be overridden by
pam_env is the DISPLAY variable, which is changed whenever a remote
login takes place. See Example 20.3 on the next page.
408 20.3. Configuration of PAM Modules