Previous Topic: serevuNext Topic: Restrictions and Limitations


pam_seos

pam_seos is a Pluggable Authentication Module (PAM) that CA ControlMinder uses for advanced account management functions. CA ControlMinder calls pam_seos during the login procedure of any login program. The module is a shared object that can be dynamically loaded to provide the necessary functionality upon demand.

You can configure pam_seos to perform three actions:

Note: CA ControlMinder invokes segrace only when a password change is needed.

Note: To obtain failed login events from SSH, the SSH version you are using must be compiled and configured to support PAM. If your version of SSH does not use PAM, CA ControlMinder cannot detect whether a user has violated the failed login rules.

The installation program adds the relevant lines to the pam.conf configuration file, and stores the old configuration file as /etc/pam.conf.bak.

Configuration of the pam_seos modules is performed through the seos.ini file. Set the following tokens, located in the [pam_seos] section, according to the required functionality:

To use the Password Expiration and Grace Logins check, set the following token in the seos.ini file:

call_segrace = Yes

To use Login Debug Mode, set the following token in the seos.ini file:

debug_mode_for_user = Yes

To make serevu use pam_seos login failure detection, set the following token in the seos.ini file:

serevu_use_pam_seos = Yes