NET 4000 Chapter Notes - Chapter 12.3.3: Superuser, Pluggable Authentication Module

Administrators can prevent users from logging in to a linux system. This may be necessary while troubleshooting problems or while responding to a security event. Login blocking is enabled using the pluggable authentication modules (pam) module configured in the /etc/pam. d/login file. Is a set of modules that enables various authentication systems on a linux computer. For example, one pam module can be used to enable biometric logins while another enables standard user and password authentication. The following line in the /etc/pam. d/login file configures pam to check and see if a file named /etc/nologin exists: auth requisite pam_nologin. so. On some distributions (such as fedora) the /etc/pam. d/login file uses the syntax of auth required pam_nologin. so to enable login blocking. If /etc/nologin does exist and the user is not root, authentication is blocked and an optional message is displayed to the end user. The following list describes the tasks necessary to configure login blocking: