search cancel

Does the PAMSC endpoint software update the system pam.conf (system-auth) file?

book

Article ID: 228866

calendar_today

Updated On:

Products

CA Privileged Access Manager - Server Control (PAMSC)

Issue/Introduction

Would like to kindly inquire if below settings in /etc/pam.d/system-auth file are specific to our product PAM/PAMSC.

 

account required pam_faillock.so

auth required pam_tally2.so deny=3

 

Environment

Release : 14.x

Component : PAMSC Endpoint Agent

Resolution

These 2 lines were not updated but the PAMSC endpoint software does update the /etc/pam.d/system-auth (pam.conf) configuration to allow us a more reliable means of identifying the user login. Below is a sample pam.conf from a linux install (Solaris and AIX will differ in formatting) with the additional pam_seos.so lines. 

 

[[email protected] ~]# cat /etc/pam.d/system-auth

#%PAM-1.0

# This file is auto-generated.

# User changes will be destroyed the next time authconfig is run.

auth required pam_env.so

auth required pam_faildelay.so delay=2000000

auth sufficient pam_fprintd.so

auth sufficient pam_unix.so nullok try_first_pass

auth       optional     pam_seos.so

auth requisite pam_succeed_if.so uid >= 1000 quiet_success

auth required pam_deny.so

 

account    optional     pam_seos.so

account required pam_unix.so

account sufficient pam_localuser.so

account sufficient pam_succeed_if.so uid < 1000 quiet

account required pam_permit.so

 

password  sufficient  pam_seos.so

password requisite pam_pwquality.so try_first_pass local_users_only retry=3 authtok_type=

password sufficient pam_unix.so sha512 shadow nullok try_first_pass use_authtok

password required pam_deny.so

 

session    optional     pam_seos.so

session optional pam_keyinit.so revoke

session required pam_limits.so

-session optional pam_systemd.so

session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid

session required pam_unix.so