Linux – The difference between /etc/pam.d/login and /etc/pam.d/system-auth

linuxpamrhel5Security

I want to configure securetty to limit root directly access. Now I am clear if I add:

auth        required      pam_securetty.so

into /etc/pam.d/system-auth, and keep only "console" in /etc/securetty, ssh login will also be prohibit.
And if I add:

auth        required      pam_securetty.so

into /etc/pam.d/login, and keep only "console" in /etc/securetty, ssh login will not be prohibit.

Now I am not very clear about the difference between /etc/pam.d/login and /etc/pam.d/system-auth. Could anyone give me some reference or some guide?
Thanks a lot!

P.S.
/etc/pam.d/login vs. /etc/pam.d/system-auth
also give a little about it, but I want to get more to make me more clear.

Best Answer

The /etc/pam.d/system-auth file is used by Red-Hat and like systems to group together common security policies. It is often included in other /etc/pam.d policy files where those common policies are required.

When accessing a system via ssh through sshd, the /etc/pam.d/sshd policy file is consulted. This file includes /etc/pam.d/system-auth so your changes to /etc/pam.d/system-auth are valid.

The file /etc/pam.d/login is consulted when you log in via the /bin/login program therefore any changes to it only affect /bin/login.

Best Answer

Related Solutions

Linux – /etc/pam.d/login vs. /etc/pam.d/system-auth

Ssh – rhel configure: limit root direct login to systems except through system consoles

Related Topic