search cancel

Does the PAMSC endpoint software update the system pam.conf (system-auth) file?


Article ID: 228866


Updated On:


CA Privileged Access Manager - Server Control (PAMSC)


Would like to kindly inquire if below settings in /etc/pam.d/system-auth file are specific to our product PAM/PAMSC.


account required

auth required deny=3



Release : 14.x

Component : PAMSC Endpoint Agent


These 2 lines were not updated but the PAMSC endpoint software does update the /etc/pam.d/system-auth (pam.conf) configuration to allow us a more reliable means of identifying the user login. Below is a sample pam.conf from a linux install (Solaris and AIX will differ in formatting) with the additional lines. 


[[email protected] ~]# cat /etc/pam.d/system-auth


# This file is auto-generated.

# User changes will be destroyed the next time authconfig is run.

auth required

auth required delay=2000000

auth sufficient

auth sufficient nullok try_first_pass

auth       optional

auth requisite uid >= 1000 quiet_success

auth required


account    optional

account required

account sufficient

account sufficient uid < 1000 quiet

account required


password  sufficient

password requisite try_first_pass local_users_only retry=3 authtok_type=

password sufficient sha512 shadow nullok try_first_pass use_authtok

password required


session    optional

session optional revoke

session required

-session optional

session [success=1 default=ignore] service in crond quiet use_uid

session required