-   Red Hat (
-   -   RHEL4 Upgrade 3 /etc/pam.d/common-account needed? (

newbie_ned 11-09-2006 01:34 PM

RHEL4 Upgrade 3 /etc/pam.d/common-account needed?
We are doing a security audit of the lab I work at and one of the problems I was given to solve was if the /etc/pam.d/common-account file needs to be in our pam.d setup. Also if so, what it should contain.

After researching a little it seems to me that this module will perform common checks on all accounts that log into the system, i.e. if the account is still valid, password has expired, and any other global checks / restrictions.

This leads me to believe that the file should be included and a good content would be:

'account required /lib/security/'

I was wondering if anyone could agree with me or offer any suggestions.

Thank you in advance for any guidance.


Lenard 11-09-2006 05:17 PM

No, have a look at the /etc/pam.d/system-auth file for one (it's already there).

newbie_ned 11-13-2006 01:01 PM

pam.d/system-auth redundancy?
Hmmm, I do see that 'account required /lib/security/' is already in system-auth. So why do I see examples of people using /etc/pam.d/common-account? Isn't that a little redundant?

Thank you.

Lenard 11-13-2006 01:48 PM

Depends, what examples are you talking about??

newbie_ned 11-13-2006 02:16 PM

Sorry, I think I"m giving too much weight to the few examples I've seen on the web. A more relevant question would be:

When would a person use the /etc/pam.d/common-account if that person also has the /etc/pam.d/system-auth setup?

All times are GMT -5. The time now is 06:02 PM.