| Documentation Chapter 19. Authentication with PAM / 19.3. Configuration of PAM Modules | ||||
|---|---|---|---|---|
 | 19.2. The PAM Configuration of sshd | 19.4. Configuring PAM Using pam-config |  | |
| Documentation Chapter 19. Authentication with PAM / 19.3. Configuration of PAM Modules | ||||
|---|---|---|---|---|
| 19.2. The PAM Configuration of sshd | 19.4. Configuring PAM Using pam-config | | |
Some of the PAM modules are configurable. The corresponding configuration
files are located in /etc/security. This section
briefly describes the configuration files relevant to the sshd
example—pam_env.conf, and
limits.conf.
This file can be used to define a standardized environment for users
that is set whenever the pam_env module is called.
With it, preset environment variables using the following syntax:
VARIABLE [DEFAULT=[value]] [OVERRIDE=[value]]
VARIABLE
Name of the environment variable to set.
[DEFAULT=[value]]
Default value the administrator wants set.
[OVERRIDE=[value]]
Values that may be queried and set by pam_env,
overriding the default value.
A typical example of how pam_env can be used is the
adaptation of the DISPLAY variable, which is
changed whenever a remote login takes place. This is shown in
Example 19.6, “pam_env.conf”.
Example 19.6. pam_env.conf
REMOTEHOST DEFAULT=localhost OVERRIDE=@{PAM_RHOST}
DISPLAY DEFAULT=${REMOTEHOST}:0.0 OVERRIDE=${DISPLAY}
The first line sets the value of the REMOTEHOST
variable to localhost, which is used whenever
pam_env cannot determine any other value. The
DISPLAY variable in turn contains the value of
REMOTEHOST. Find more information in the
comments in the file /etc/security/pam_env.conf.
System limits can be set on a user or group basis in the file
limits.conf, which is read by the
pam_limits module. The file allows you to set hard
limits, which may not be exceeded at all, and soft limits, which may be
exceeded temporarily. To learn about the syntax and the available
options, read the comments included in the file
/etc/security/limits.conf.
