In the [pam_seos] section, the tokens help you to more fully exploit the programming interface PAM (Pluggable Authentication Module).
Specifies whether the API libraries update the last access time and date of a user (through SEOS_VerifyCreate).
Valid values are:
0 - the last access time and date is not updated.
1 - the last access time and date is updated.
Default: 0
Defines which services PAM bypasses.
Default: ftp, vsftpd
Specifies whether to call the segrace utility with any login automatically.
Valid values are yes and no.
Default: no
Specifies whether to use the sepass utility in the pam_seos password management service.
Values: No, Yes
Default: No
Specifies whether to inform the user of the reason for the login denial.
Valid values are yes and no.
Default: no
Specifies the location of the failed login audit file pam_seos.
Default: ACInstallDir/pam_seos_failed_logins.log
Specifies whether pam_seos sends login events to seosd.
Values: 0 - do not send login events; 1 - send login events
Default: 1
Specifies whether pam_seos retrieves user groups from operating system.
Values: 0 - do not attempt to retrieve groups; 1 - attempt to retrieve groups
Default: 1
Defines the timeout interval, in seconds, that CA ControlMinder PAM uses for API to retrieve user groups.
Default: 10
Specifies whether pam_seos sends user information to seosd. This token is required when you use enterprise users, which CA ControlMinder has no information for. Set this setting to 0 if you are not using enterprise users (osuser_enabled = no).
Values: 0 - do not send user information; 1 - send user information.
Default: 1
Specifies whether pam_seos sends surrogate events to seosd.
Values: 0 - do not send surrogate events; 1 - send surrogate events.
Default: 1
Specifies whether pam_seos calls pam_authenticate to authenticate user passwords and process failed logins.
Set this token to 0 if you do not want pam_authenticate to be called twice.
Values: 0 - do not call pam_authenticate from CA ControlMinder PAM module; 1 - call pam_authenticate from CA ControlMinder PAM module.
Default: 1
Specifies whether serevu should use the pam_seos login failure log file instead of the system file.
This feature increases the accuracy of serevu.
Default: yes on HP-UX Itanium (IA64) and Linux, no on all other operating systems
Copyright © 2013 CA Technologies.
All rights reserved.
|
|