1SYSTEM-AUTH-AC(5)             File Formats Manual            SYSTEM-AUTH-AC(5)
2
3
4

NAME

6       system-auth-ac,  password-auth-ac, smartcard-auth-ac, fingerprint-auth-
7       ac, postlogin-ac - Common configuration  files  for  PAMified  services
8       written by authconfig(8)
9
10

SYNOPSIS

12       /etc/pam.d/system-auth-ac
13
14
15

DESCRIPTION

17       The  purpose of this configuration file is to provide common configura‐
18       tion file for all applications and service daemons calling PAM library.
19
20
21       The system-auth configuration file is included from all individual ser‐
22       vice  configuration  files with the help of the include directive. When
23       authconfig(8) writes the system PAM configuration file it replaces  the
24       default  system-auth file with a symlink pointing to system-auth-ac and
25       writes the configuration to this file. The symlink is  not  changed  on
26       subsequent  configuration  changes  even  if  it points elsewhere. This
27       allows system administrators to override the configuration  written  by
28       authconfig.
29
30       The  authconfig  now  writes the authentication modules also into addi‐
31       tional    PAM    configuration    files    /etc/pam.d/password-auth-ac,
32       /etc/pam.d/smartcard-auth-ac,    and    /etc/pam.d/fingerprint-auth-ac.
33       These configuration files contain only modules which perform  authenti‐
34       cation with the respective kinds of authentication tokens.  For example
35       /etc/pam.d/smartcard-auth[-ac] will not contain pam_unix  and  pam_ldap
36       modules  and  /etc/pam.d/password-auth[-ac] will not contain pam_pkcs11
37       and pam_fprintd modules.
38
39       The file /etc/pam.d/postlogin-ac contains common services to be invoked
40       after  login.  An  example  can  be  a  module  that encrypts an user's
41       filesystem or user's keyring and is decrypted by his password.
42
43       The PAM configuration files of services which are  accessed  by  remote
44       connections  such  as sshd or ftpd now include the /etc/pam.d/password-
45       auth configuration file instead of /etc/pam.d/system-auth.
46
47
48

EXAMPLE

50       Configure system to use pam_tally2 for configuration of maximum  number
51       of failed logins. Also call pam_access to verify if access is allowed.
52
53       Make system-auth symlink point to system-auth-local which contains:
54
55       auth            requisite       pam_access.so
56       auth            requisite       pam_tally2.so deny=3 lock_time=30 \
57                                             unlock_time=3600
58       auth            include         system-auth-ac
59       account         required        pam_tally2.so
60       account         include         system-auth-ac
61       password        include         system-auth-ac
62       session         include         system-auth-ac
63
64
65

BUGS

67       None known.
68
69

SEE ALSO

71       authconfig(8), authconfig-gtk(8), pam(8), system-auth(5)
72
73
74
75Red Hat, Inc.                    2010 March 31               SYSTEM-AUTH-AC(5)
Impressum