IBM 10 SP1 EAL4 Server User Manual


 
# Service-level configuration
# ---------------------------
[ssmtp]
accept = 465
connect = 25
The above configuration secures localhost-SMTP when someone connects to it via port 465. The
configuration tells stunnel to listen to the SSH port 465, and to send all info to the plain port 25 on
localhost.
For additional information about stunnel, refer to its man page as well as http://stunnel.mirt.net and
http://www.stunnel.org.
5.12.4.6 xinetd
The xinetd daemon dispatches children to service incoming requests. For more information on xinetd,
see the SLES Security Guide or the xinetd(8) man page.
5.13 System management
5.13.1 Account Management
5.13.1.1 chage
The chage program allows a system administrator to alter a user’s password expiration data. See the chage
man page for more information. chage generally follows these steps.
1. Sets language.
2. Sets up a variable indicating whether the application user is the root user.
3. Parses command-line arguments.
4. Performs a sanity check on command-line arguments.
5. If the application user is not root, allows only the listing of the user’s own password age parameters.
6. Invokes getpwuid (getuid()) to obtain the application user’s passwd structure.
7. Invokes pam_start() to initialize the PAM library and to identify the application with a
particular service name.
8. Invokes pam_authenticate() to authenticate the application user. Generates an audit record to
log the authentication attempt and its outcome.
9. Invokes pam_acct_mgmt() to perform module specific account management.
10. If called to list password age parameters, lists them now and exits.
11. Locks and opens authentication database files.
12. Updates appropriate database files with new password age parameters.
13. Closes database files.
196