Which of the following sentences is true, when using the following /etc/pam.d/login file?

Which of the following sentences is true, when using the following /etc/pam.d/login file?
<code>
#%PAM-l.0
auth required /lib/security/pam_securetty.so
auth required /lib/security/pam_nologin.so
auth sufficient /lib/security/pam_unix.so shadow nullok md5 use_authtok
auth required /lib/security/pam_ldap.so use_first_pass
account sufficient /lib/security/pam_unix.so
account required /lib/security/pam_ldap.so
password required /lib/security/pam_cracklib.so
password sufficient /lib/security/pam_unix.so nullok use_authtok md5 shadow
password required /lib/security/pam_ldap.so use_first_pass
session optional /lib/security/pam_console.so
session sufficient /lib/security/pam_unix.so
session required /lib/security/pam_ldap.so
</code>

Which of the following sentences is true, when using the following /etc/pam.d/login file?

#%PAM-l.0
auth required /lib/security/pam_securetty.so
auth required /lib/security/pam_nologin.so
auth sufficient /lib/security/pam_unix.so shadow nullok md5 use_authtok
auth required /lib/security/pam_ldap.so use_first_pass
account sufficient /lib/security/pam_unix.so
account required /lib/security/pam_ldap.so
password required /lib/security/pam_cracklib.so
password sufficient /lib/security/pam_unix.so nullok use_authtok md5 shadow
password required /lib/security/pam_ldap.so use_first_pass
session optional /lib/security/pam_console.so
session sufficient /lib/security/pam_unix.so
session required /lib/security/pam_ldap.so

A.
All users will be authenticated against the LDAP directory

B.
This is the only file needed to configure LDAP authentication on Linux

C.
Only local users will be able to log in, when the file/etc/nologin exists

D.
Ordinary users will be able to change their password to be blank

E.
If the control flags for auth were changed to required, local users wouldn’t be able to log in



Leave a Reply 2

Your email address will not be published. Required fields are marked *


Micha

Micha

C is correct
pam_nologin is required BUT pam_unix is sufficient.

D is correct
password suffcient pam_unix nullok. So cracklib’s return status doesn’t matter.

E is correct
since pam_unix is now only required and not sufficent anymore, auth will fail even if the local user can athenticate by password. Provided that he is not able to authenticate through ldap

Micha

Micha

Er C is NOT CORRECT of course
sufficent only succeeds if no prior required module failed.