5.2. Avoid having a weak `other' configuration

5.2. Avoid having a weak `other' configuration
Prev	Chapter 5. Security issues	Next

It is not a good thing to have a weak default (other) entry. This service is the default configuration for all PAM aware applications and if it is weak, your system is likely to be vulnerable to attack.

Here is a sample "other" configuration file. The pam_deny module will deny access and the pam_warn module will send a syslog message to auth.notice:

#
# The PAM configuration file for the `other' service
#
auth      required   pam_deny.so
auth      required   pam_warn.so
account   required   pam_deny.so
account   required   pam_warn.so
password  required   pam_deny.so
password  required   pam_warn.so
session   required   pam_deny.so
session   required   pam_warn.so

Prev	Up	Next
5.1. If something goes wrong	Home	Chapter 6. A reference guide for available modules