B4. PAM Authentication

The settings are stored in the auth-pam.conf configuration file.

The main tags of the configuration file:

<enabled>—defines whether PAM authentication is used. Valid values of the value attribute: yes | no.

<order>—sequential number of PAM authentication if multiple authentication methods are used. The value of the value attribute is an integer consistent with the values of the other authentication methods.

<service>—name of the service (module) to be used to create a PAM context. The service name is specified as the value of the name attribute. PAM can read the policies for this service from the /etc/pam.d/<service_name> file or from /etc/pam.conf if the file does not exist. If the <service> tag is missing from the configuration file, the name drwcs is used by default.

<admin-flag>—parameters of the control flag used for identifying a user as an administrator. Changing the attribute values is not recommended.

An example of the configuration file:

...

<!-- Enable this authorization module -->

<enabled value="no" />

<!-- This authorization module number in the stack -->

<order value="50" />

<!-- PAM service name>" -->

<service name="drwcs" />

<!-- PAM data to be queried: PAM stack must return INT zero/non-zero -->

<admin-flag mandatory="no" name="DrWeb_Esuite_Admin" />

...