Datasheet
“main” (Installation and Administration) — 2004/6/25 — 13:29 — page 409 — #435
i
i
i
i
i
i
i
i
20
PAM — Pluggable Authentication Modules
Example 20.3: pam_env.conf
REMOTEHOST DEFAULT=localhost OVERRIDE=@{PAM_RHOST}
DISPLAY DEFAULT=${REMOTEHOST}:0.0 OVERRIDE=${DISPLAY}
The first line sets the value of the REMOTEHOST variable to localhost,
which is used whenever pam_env cannot determine any other value. The
DISPLAY variable in turn contains the value of REMOTEHOST. More infor-
mation can be obtained from the comments in the file /etc/security/
pam_env.conf.
20.3.3 pam_pwcheck.conf
This configuration file is for the pam_pwcheck module, which reads op-
tions from it for all password type modules. Settings stored in this file
take precedence over the PAM settings of an individual application. If
application-specific settings have not been defined, the application uses
the global settings. Example 20.4 is an example:
Example 20.4: pam_pwcheck.conf
password: nullok blowfish use_cracklib
This tells pam_pwcheck to allow empty passwords and modification of
passwords. It also tells the module to use the Blowfish algorithm for pass-
word encryption and to check passwords with CrackLib. More options for
the module are mentioned in the file /etc/security/pam_pwcheck.
conf.
20.3.4 limits.conf
System limits can be set on a user or group basis in the file limits.conf,
which is read by the pam_limits module. The file allows you to set hard
limits, which may not be exceeded at all, and soft limits, which may be ex-
ceeded temporarily. To learn about the syntax and the available options,
read the comments included in the file.
409
SUSE LINUX Enterprise Server