Which of the following sentences is true, when using the following /etc/pam.d/login file?
#%PAM-l.0
auth required /lib/security/pam_securetty.so
auth required /lib/security/pam_nologin.so
auth sufficient /lib/security/pam_unix.so shadow nullok md5 use_authtok
auth required /lib/security/pam_ldap.so use_first_pass
account sufficient /lib/security/pam_unix.so
account required /lib/security/pam_ldap.so
password required /lib/security/pam_cracklib.so
password sufficient /lib/security/pam_unix.so nullok use_authtok md5 shadow
password required /lib/security/pam_ldap.so use_first_pass
session optional /lib/security/pam_console.so
session sufficient /lib/security/pam_unix.so
session required /lib/security/pam_ldap.so
A.
All users will be authenticated against the LDAP directory
B.
This is the only file needed to configure LDAP authentication on Linux
C.
Only local users will be able to log in, when the file/etc/nologin exists
D.
Ordinary users will be able to change their password to be blank
E.
If the control flags for auth were changed to required, local users wouldn’t be able to log in
C is correct
pam_nologin is required BUT pam_unix is sufficient.
D is correct
password suffcient pam_unix nullok. So cracklib’s return status doesn’t matter.
E is correct
since pam_unix is now only required and not sufficent anymore, auth will fail even if the local user can athenticate by password. Provided that he is not able to authenticate through ldap
Er C is NOT CORRECT of course
sufficent only succeeds if no prior required module failed.