IBM 10 SP1 EAL4 Server User Manual


 
5.13.6 I&A support
5.13.6.1 pam_tally
The pam_tally utility allows administrative users to reset the failed login counter kept in the
/var/log/faillog. Please see the
/usr/share/doc/packages/pam/modules/README.pam_tally file on a SLES system for more
information.
5.13.6.2 unix_chkpwd
The unix_chkpwd helper program works with the pam_unix PAM module (Section 5.11.1.3). It is
intended only to be executed by the pam_unix PAM module and logs an error if executed otherwise. For
more information on the unix_chkpwd helper program, please see the unix_chkpwd(8) man page.
The unix_chkpwd helper program typically follows these processing steps:
1. Sets up a signal handler.
2. Checks that it is not running on a TTY.
3. Gets the user's name.
4. Verifies the password if passed the verify command line argument.
5. Updates the shadow file if passed the update command line argument.
6. Reads the password from stdin.
7. Validates the length of the password.
8. Verifies the password against the shadow database.
9. Zeros the password memory.
10. Exits.
5.14 Batch processing
Batch processing on the SLES system means to submit a job that will be run when the system load permits.
Batch processing allows users to perform CPU-intensive tasks while the system load is low; it also allows
users and system administrators to automate routine maintenance tasks. While batch processing provides a
convenient feature, it also raises a security issue, because a privileged process has to perform a task ordered
by a normal user.
This section describes different trusted commands and processes that implement the batch processing feature.
Mechanisms are highlighted that ensure how normal users are prevented from performing actions for which
they are not authorized. Batch processing is implemented with the crontab, batch and at user
commands, and the cron and atd trusted processes. The command batch is a script that invokes at;
therefore, only at internals are described in this section.
5.14.1 Batch processing user commands
5.14.1.1 crontab
crontab is the batch processing user command. crontab uses a control file to dictate when repeated jobs
will execute.
208