pam_seos
pam_seos
capamsc141
In the [pam_seos] section, the tokens help you to more fully exploit the programming interface PAM (Pluggable Authentication Module).
- api_update_lastacctermSpecifies whether the API libraries update the last access time and date of a user (through SEOS_VerifyCreate).Valid values are:0-the last access time and date is not updated.1- the last access time and date is updated.Default:0
- bypass_servicesDefines which services PAM bypasses.Default:ftp, vsftpd
- call_segraceSpecifies whether to call the segrace utility with any login automatically.Valid values are yes and no.Default:no
- call_sepassSpecifies whether to use the sepass utility in the pam_seos password management service.Values:No, YesDefault:No
- debug_mode_for_userSpecifies whether to inform the user of the reason for the login denial.Valid values are yes and no.Default:no
- failed_login_fileSpecifies the location of the failed login audit file pam_seos.Default:ACInstallDir/pam_seos_failed_logins.log
- pam_login_events_enabledSpecifies whether pam_seos sends login events to seosd.Values:0- do not send login events;1- send login eventsDefault: 1
- pam_get_groupsSpecifies whether pam_seos retrieves user groups from operating system.Values: 0 - do not attempt to retrieve groups; 1 - attempt to retrieve groupsDefault: 1
- pam_groups_timeoutDefines the timeout interval, in seconds, thatPrivileged Access ManagerPAM uses for API to retrieve user groups.Default: 10
- PamPassUserInfoSpecifies whether pam_seos sends user information to seosd. This token is required when you use enterprise users, whichPrivileged Access Managerhas no information for. Set this setting to 0 if you are not using enterprise users (osuser_enabled = no).Values:0- do not send user information;1- send user information.Default:1
- pam_surrogate_events_enabledSpecifies whether pam_seos sends surrogate events to seosd.Values:0- do not send surrogate events;1- send surrogate events.Default: 1
- process_failed_loginsSpecifies whether pam_seos calls pam_authenticate to authenticate user passwords and process failed logins.Set this token to 0 if you donotwant pam_authenticate to be called twice.Values:0- do not call pam_authenticate from thePrivileged Access ManagerPAM module;1- call pam_authenticate from thePrivileged Access ManagerPAM module.Default:1
- serevu_use_pam_seosSpecifies whether serevu uses the pam_seos login failure log file instead of the system file.This feature increases the accuracy of serevu.Default:yes