pam_seos

pam_seos
capamsc141
In the [pam_seos] section, the tokens help you to more fully exploit the programming interface PAM (Pluggable Authentication Module).
  • api_update_lastaccterm
    Specifies whether the API libraries update the last access time and date of a user (through SEOS_VerifyCreate).
    Valid values are:
    0
    -
    the last access time and date is not updated.
    1
    - the last access time and date is updated.
    Default:
    0
  • bypass_services
    Defines which services PAM bypasses.
    Default:
    ftp, vsftpd
  • call_segrace
    Specifies whether to call the segrace utility with any login automatically.
    Valid values are yes and no.
    Default:
    no
  • call_sepass
    Specifies whether to use the sepass utility in the pam_seos password management service.
    Values:
    No, Yes
    Default:
    No
  • debug_mode_for_user
    Specifies whether to inform the user of the reason for the login denial.
    Valid values are yes and no.
    Default:
    no
  • failed_login_file
    Specifies the location of the failed login audit file pam_seos.
    Default:
    ACInstallDir
    /pam_seos_failed_logins.log
  • pam_login_events_enabled
    Specifies whether pam_seos sends login events to seosd.
    Values
    :
    0
    - do not send login events;
    1
    - send login events
    Default
    : 1
  • pam_get_groups
    Specifies whether pam_seos retrieves user groups from operating system.
    Values
    : 0 - do not attempt to retrieve groups; 1 - attempt to retrieve groups
    Default
    : 1
  • pam_groups_timeout
    Defines the timeout interval, in seconds, that 
    Privileged Access Manager
    PAM uses for API to retrieve user groups.
    Default
    : 10
  • PamPassUserInfo
    Specifies whether pam_seos sends user information to seosd. This token is required when you use enterprise users, which 
    Privileged Access Manager
     has no information for. Set this setting to 0 if you are not using enterprise users (osuser_enabled = no).
    Values:
    0
    - do not send user information;
    1
    - send user information.
    Default:
    1
  • pam_surrogate_events_enabled
    Specifies whether pam_seos sends surrogate events to seosd.
    Values
    :
    0
    - do not send surrogate events;
    1
    - send surrogate events.
    Default
    : 1
  • process_failed_logins
    Specifies whether pam_seos calls pam_authenticate to authenticate user passwords and process failed logins.
    Set this token to 0 if you do
    not
    want pam_authenticate to be called twice.
    Values:
    0
    - do not call pam_authenticate from the 
    Privileged Access Manager
    PAM module;
    1
    - call pam_authenticate from the 
    Privileged Access Manager
    PAM module.
    Default:
    1
  • serevu_use_pam_seos
    Specifies whether serevu uses the pam_seos login failure log file instead of the system file.
    This feature increases the accuracy of serevu.
    Default:
    yes