I'm hoping someone can help me out. I am new to pam.d config. I made configurations changes to /etc/pam.d/system-auth and /etc/pam.d/login. When these files are configured the way they are, I can't login and/or I can't login in the GUI interface and a terminal. Can someone help clarify the pam.d stuff?
Contents of /etc/pam.d/login
Code:
#%PAM-1.0
#line added per security guide
auth required pam_stack.so service=system-auth
auth [user_unknown=ignore success=ok ignore=ignore default=bad] pam_securetty.so
auth include system-auth
account required pam_nologin.so
account include system-auth
password include system-auth
# pam_selinux.so close should be the first session rule
session required pam_selinux.so close
session include system-auth
session required pam_loginuid.so
session optional pam_console.so
# pam_selinux.so open should only be followed by sessions to be executed in the
user context
session required pam_selinux.so open
session optional pam_keyinit.so force revoke
Contents of /etc/pam.d/system-auth
Code:
auth required pam_env.so
auth required pam_tally.so per_user deny=3
auth sufficient pam_unix.so try_first_pass
auth required pam_deny.so
account required pam_tally.so
account required pam_unix.so
account sufficient pam_succeed_if.so uid < 500 quiet
account required pam_permit.so
password requisite pam_cracklib.so minlen=8 ucredit=-1 lcredit=-1 dcredit=-1 ocredit=-1 retry=3
password sufficient pam_unix.so nullok use_authtok md5 shadow remember=24
password required pam_deny.so
session optional pam_keyinit.so revoke
session required pam_limits.so
session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid
session required pam_unix.so