Subtitles of the Movie

When a user opens a text console and logs in Red Hat Enterprise Linux verifies the log in, in part by using the etc slash pam dot d slash login configuration file. So, let's take a look at this file. That first line is a long line, yeah, but it's pretty simple. It ignores unknown users, and also this particular directive uses the etc slash securetty file to limit root user access to secure terminals. The next line includes the auth directives from the system-auth configuration file. As described in another video, those directives set up environment variables and allow different users to log in. This account directive checks for accounts not allowed to log in and checks for the existence of an etc slash nologin file. If that file exists, regular users are not allowed to log in to your computer. Any regular user that tries to log in, in that case, gets to read the contents of that etc slash nologin file as a message. These next two directives include more directives from the system-auth configuration file. So, let's take a look at that system-auth file, shall we? The reference to the PAM Unix module brings up the normal user name and password prompts. Surface users, in other words, those users with a user ID under 500, are automatically logged in quietly, in other words, without messages, which is why they're given the sbin nologin shell as defined in the etc slash passwrd configuration file. Because there is a reference to system-auth, we need to refer to the password directives from the system-auth configuration file. The first password directive, this particular directive, means that password strength is checked against the crack library. This allows the use of a previously successful password, and if no password has been entered, three re-tries are allowed. After the third re-try, the console is reset. This directive here expects encrypted passwords using the md5 algorithm associated with the shadow password suite, it allows the use of authentication from an NIS server. Null or blank passwords are okay. A previously properly entered password is used, and if that doesn't already exist, the user is prompted for a password. If NIS is not configured as a client on this system, this little bit wouldn't exist in this file. This directive is trivial as noted in the associated read-me file, as discussed in another video, that module always fails, so PAM moves on to the next directive, back in the etc slash pam dot d slash login file. So, let's look at those session directives. This first, and fifth, session directive, deactivates and reactivates SELinux, so these particular session directives aren't subject to SELinux limits. This session directive includes the session directives from the system-auth configuration file. And those session directives, in brief, allow you to set limits on individual users through the etc slash security slash limits dot conf configuration file. This directive logs the user ID for audits. That directive is optional, so let's ignore that. The final directive forces a unique session keyring and revokes that keyring when the session is closed to close one more potential security hole. That's it for the main videos for the RHCE course. The following videos review each of the RHCE skills as listed in the RHCE Exam Prep Guide, and should serve as a review for those of you who've listened to the videos so far.