pam_seos.so entry removed when user update pam configuration via OS tool, authconfig, pam-config

book

Article ID: 16879

calendar_today

Updated On:

Products

CA Virtual Privilege Manager CA Privileged Identity Management Endpoint (PIM) CA Privileged Access Manager (PAM)

Issue/Introduction



pam_seos.so entry is removed when customer change pam entry via OS tool. 

SUSE: pam-config, RHEL: authconfig 

 

Please let me know how to recover pam_seos.so entry.

 

Environment

OS: LinuxProduct: CA Privileged Identity Manager Endpoint

Resolution

These tools are updating PAM configuration files as default setting.

So, the entry which is update by manual is removed.

It works as design on tools. 

 

Please add manually along with original PAM setting after installation.

Additional Information

Just after install PIM on Redhat Enterprise Linux 7.2 as sample:

----- password-auth

#%PAM-1.0

# This file is auto-generated.

# User changes will be destroyed the next time authconfig is run.

auth required pam_env.so

auth sufficient pam_unix.so nullok try_first_pass

auth       optional pam_seos.so

auth requisite pam_succeed_if.so uid >= 1000 quiet_success

auth required pam_deny.so

 

account    optional pam_seos.so

account required pam_unix.so

account sufficient pam_localuser.so

account sufficient pam_succeed_if.so uid < 1000 quiet

account required pam_permit.so

 

password  sufficient  pam_seos.so

password requisite pam_pwquality.so try_first_pass local_users_only retry=3 authtok_type=

password sufficient pam_unix.so sha512 shadow nullok try_first_pass use_authtok

password required pam_deny.so

 

session    optional pam_seos.so

session optional pam_keyinit.so revoke

session required pam_limits.so

-session optional pam_systemd.so

session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid

session required pam_unix.so

-----