DistributedNetworks DistributedNetworks

Host Security  «Prev 

Disabling password-free logins

This command displays the contents of the rlogin and rsh PAM authorization files.

This line indicates that users can use a .rhosts file in their home directory to allow password-free logins. Because this line is only "sufficient," users are not required to have a .rhosts file.

This line indicates that if the user is trying to log in as root, the tty on which they are logging in must be listed in the /etc/securetty.

This line will cause the system to ask the user for a password and will check the password.

This line checks to see if the file /etc/nologin exists. If this file exists, the system displays the contents of the file. If the user is not root, he or she will not be able to log in.

This line instructs the system to compare the user's attributes (stored in the password database) against system limits. For example, the system will check when the user's password last changed (a value stored in the password database) against the system limit, and if the limit is exceeded, require the user to change their password.

This ine subjects a newly changed password to a series of tests to ensure that it cannot be easily determined by a dictionary-based password cracking program.

This line specifies that if the login program changes the user's password, it should use the pam_pwdb.so module to do so.

This line specifies that the pam_pwdb.so module should be used to manage the session.