- Home
- Server Administration
- LPIC-2 Linux Engineer 202
31.
You're using an LDAP server for authentication, and you want to ensure that users have
local home directories whenever they log into a computer. What line would you add to your
PAM configuration to ensure that home directories are created, if necessary?
- A.account requisite pam_securetty.so umask=0022
- B.session required pam_unix.so skel=/etc/skel
- C.auth sufficient pam_deny.so skel=/etc/skel
- D.session required pam_mkhomedir.so skel=/etc/skel umask=0022
- Answer & Explanation
- Report
Answer : [D]
Explanation :
Explanation :
| The pam_mkhomedir.so module creates a home directory for the user if one doesn't already exist, and option D shows a valid configuration for its use, so this option is correct. The pam_securetty.so module is typically used to prevent direct root logins from anything but the console device, so option A is incorrect; pam_unix.so is the module for handling standard local Linux accounts, so option B is incorrect; and pam_deny.so always fails, giving a default - fail option for stacks that might otherwise produce ambiguous or successful results, so option C is incorrect. |
32.
What is the purpose of the pam_cracklib.so module?
- A.It identifies known crackers by their IP addresses as part of an account stack.
- B.It tests the strength of a password as part of a password stack.
- C.It presents humorous sayings to users as part of a session stack.
- D.It verifies that a user's account hasn't been cracked as part of an auth stack.
- Answer & Explanation
- Report
Answer : [B]
Explanation :
Explanation :
| The pam_cracklib.so module does as option B specifies; it's intended to force users to enter good passwords when they change their passwords. Option A could be an imperfect description of the Fail2Ban program, but this program isn't part of PAM, much less the pam_cracklib.so module. Humorous sayings can be generated and displayed at login time by the fortune program, but not by the pam_cracklib.so module, so option C is incorrect. Although a tool to do as option D describes would be very useful, it would also be very difficult to write, and this option certainly does not describe pam_cracklib.so . |
33.
The /etc/pam.d/login file includes the following auth stack. Which authentication
system does the login tool use?
auth required pam_securetty.so
auth include system-login
auth required pam_securetty.so
auth include system-login
- A.Standard Unix/Linux local accounts
- B.An LDAP server
- C.A Winbind server
- D.The correct answer cannot be determined from the provided information
- Answer & Explanation
- Report
Answer : [D]
Explanation :
Explanation :
| The specified auth stack calls pam_securetty.so , which can restrict access based on the terminal used, and includes the contents of the system - login file. Thus, which authentication system (or systems) is used depends on the contents of that file, which the question does not present, making option D correct. Any, all, or none of options A, B, and C might be correct. |
34.
Where are user passwords normally stored on a Linux computer configured to use shadow
passwords and pam_unix.so as the sole authentication method?
- A./etc/shadow
- B./var/shadow - pw
- C./var/accounts/shadow/pass.db
- D./etc/passwd
- Answer & Explanation
- Report
Answer : [A]
Explanation :
Explanation :
| The /etc/shadow file holds passwords on systems configured to use shadow passwords with pam_unix.so . Options B and C both describe fictitious files. The /etc/passwd file is real, and it holds account information but not actual passwords when shadow passwords are enabled (as they are by default with all modern Linux distributions). |
35.
What feature is present on each non - comment line of /etc/pam.conf that's not present in
the files in the /etc/pam.d directory?
- A.A management group name
- B.A service name
- C.A control flag
- D.A module filename
- Answer & Explanation
- Report
Answer : [B]
Explanation :
Explanation :
| The /etc/pam.conf file can take the place of all the files in /etc/pam.d ; but to do so, it needs a way to associate each stack with a particular service, so each /etc/pam.conf file entry begins with a service name, as option B specifies. Options A, C, and D all describe features that are present in entries for both /etc/pam.conf and the files in /etc/pam.d . (Options passed to the module may also appear in both file types.) |
|
|
||||||||||||||||||||||||||||
