Previous Topic: packageNext Topic: passwd


pam_seos

In the [pam_seos] section, the tokens help you to more fully exploit the programming interface PAM (Pluggable Authentication Module).

api_update_lastaccterm

Specifies whether the API libraries update the last access time and date of a user (through SEOS_VerifyCreate).

Valid values are:

0 - the last access time and date is not updated.

1 - the last access time and date is updated.

Default: 0

bypass_services

Defines which services PAM bypasses.

Default: ftp, vsftpd

call_segrace

Specifies whether to call the segrace utility with any login automatically.

Valid values are yes and no.

Default: no

call_sepass

Specifies whether to use the sepass utility in the pam_seos password management service.

Values: No, Yes

Default: No

debug_mode_for_user

Specifies whether to inform the user of the reason for the login denial.

Valid values are yes and no.

Default: no

failed_login_file

Specifies the location of the failed login audit file pam_seos.

Default: ACInstallDir/pam_seos_failed_logins.log

pam_login_events_enabled

Specifies whether pam_seos sends login events to seosd.

Values: 0 - do not send login events; 1 - send login events

Default: 1

pam_get_groups

Specifies whether pam_seos retrieves user groups from operating system.

Values: 0 - do not attempt to retrieve groups; 1 - attempt to retrieve groups

Default: 1

pam_groups_timeout

Defines the timeout interval, in seconds, that CA ControlMinder PAM uses for API to retrieve user groups.

Default: 10

PamPassUserInfo

Specifies whether pam_seos sends user information to seosd. This token is required when you use enterprise users, which CA ControlMinder has no information for. Set this setting to 0 if you are not using enterprise users (osuser_enabled = no).

Values: 0 - do not send user information; 1 - send user information.

Default: 1

pam_surrogate_events_enabled

Specifies whether pam_seos sends surrogate events to seosd.

Values: 0 - do not send surrogate events; 1 - send surrogate events.

Default: 1

process_failed_logins

Specifies whether pam_seos calls pam_authenticate to authenticate user passwords and process failed logins.

Set this token to 0 if you do not want pam_authenticate to be called twice.

Values: 0 - do not call pam_authenticate from CA ControlMinder PAM module; 1 - call pam_authenticate from CA ControlMinder PAM module.

Default: 1

serevu_use_pam_seos

Specifies whether serevu should use the pam_seos login failure log file instead of the system file.

This feature increases the accuracy of serevu.

Default: yes on HP-UX Itanium (IA64) and Linux, no on all other operating systems