Contains configuration information for login and user authentication.
The /etc/security/login.cfg file is an ASCII file that contains stanzas of configuration information for login and user authentication. Each stanza has a name, followed by a : (colon), that defines its purpose. Attributes are in the form Attribute=Value. Each attribute ends with a new-line character, and each stanza ends with an additional new-line character. For an example of a stanza, see the "Examples" section.
There are three types of stanzas:
port | Defines the login characteristics of ports. |
authentication method | Defines the authentication methods for users. |
user configuration | Defines programs that change user attributes. |
Port stanzas define the login characteristics of ports and are named with the full path name of the port. Each port should have its own separate stanza. Each stanza has the following attributes:
These stanzas define the authentication methods for users assigned in the /etc/security/user file. The name of each stanza must be identical to one of the methods defined by the auth1 or the auth2 attribute in the /etc/security/user file.
Each stanza has one attribute:
program | Contains the full path name of a program that provides primary or secondary authentication for a user. Program flags and parameters may be included. |
Since the SYSTEM authentication method is supported directly by the login command and the su command, and the NONE method does not provide any authentication, neither requires definition. However, all other authentication methods must be defined in this file. Different authentication methods can be defined for each user.
User-configuration stanzas provide configuration information for programs that change user attributes. There is one user-configuration stanza: usw.
Note: Password restrictions have no effect if you are on a network using Network Information Services (NIS). See "Network Information Service (NIS) Overview for System Management" in AIX Version 4.3 System Management Guide: Communications and Networks for a description of NIS.
The usw stanza defines the configuration of miscellaneous facilities. The following attributes can be included:
logintimeout | Defines the time (in seconds) the user is given to type the password. The value is a decimal integer string. The default is a value of 60. |
maxlogins | Defines the maximum number of simultaneous logins to the system.
The format is a decimal integer string. The default value varies depending on the specific machine license.
A value of 0 indicates no limit on simultaneous login attempts.
Note: Login sessions include rlogins and telnets; these are counted against the maximum allowable number of simultaneous logins by the maxlogins attribute. |
shells | Defines the valid shells on the system. This attribute is used by the chsh command to determine which shells a user can select. The value is a list of comma-separated full path names. The default is /usr/bin/sh, /usr/bin/bsh, /usr/bin/csh, /usr/bin/ksh, or /usr/bin/tsh. |
Access Control: This command should grant read (r) and write (w) access to the root user and members of the security group.
Event | Information |
---|---|
S_LOGIN_WRITE | File name |
meth1: program = /bin/auth_meth1
/dev/tty0: sak_enabled = true herald = "login to tty0:"
This command is part of Base Operating System (BOS) Runtime.
/etc/security/login.cfg | Specifies the path to the file. |
/etc/group | Contains the basic attributes of groups. |
/etc/security/group | Contains the extended attributes of groups. |
/etc/passwd | Contains the basic attributes of users. |
/etc/security/passwd | Contains password information. |
/etc/security/user | Contains the extended attributes of users. |
/etc/security/environ | Contains the environment attributes of users. |
/etc/security/limits | Contains the process resource limits of users. |
/etc/security/audit/config | Contains audit system configuration information. |
/etc/security/lastlog | Contains last login information. |
The chfn command, chsec command, chsh command, login command, passwd command, pwdadm command, su command.
The newpass subroutine.
Security Administration in AIX Version 4.3 System Management Concepts: Operating System and Devices.