4.13.  Security settings
Prev Chapter 4. Configuration and Installation Options Next

4.13.  Security settings

Using the features of this module, you will be able to change the local security settings on the target system. The local security settings include the boot configuration, login settings, password settings, user addition settings, and file permissions.

Configuring the security settings automatically corresponds to the Custom Settings in the security module available in the running system which lets you create your own, customized configuration.

Example 4.29.  Security configuration

See the reference for the meaning and the possible values of the settings in the following example. 

...
   <security>
      <console_shutdown>ignore</console_shutdown>
      <cwd_in_root_path>no</cwd_in_root_path>
      <displaymanager_remote_access>no</displaymanager_remote_access>
      <fail_delay>3</fail_delay>
      <faillog_enab>yes</faillog_enab>
      <gid_max>60000</gid_max>
      <gid_min>101</gid_min>
      <kdm_shutdown>root</kdm_shutdown>
      <lastlog_enab>yes</lastlog_enab>
      <encryption>md5</encryption>
      <obscure_checks_enab>no</obscure_checks_enab>
      <pass_max_days>99999</pass_max_days>
      <pass_max_len>8</pass_max_len>
      <pass_min_days>1</pass_min_days>
      <pass_min_len>6</pass_min_len>
      <pass_warn_age>14</pass_warn_age>
      <passwd_use_cracklib>yes</passwd_use_cracklib>
      <permission_security>secure</permission_security>
      <run_updatedb_as>nobody</run_updatedb_as>
      <uid_max>60000</uid_max>
      <uid_min>500</uid_min>
  </security>
...

4.13.1. Password Settings Options

Change various password settings. These settings are mainly stored in the /etc/login.defs file.

Use this resource to activate one of the encryption methods currently supported. If not set, DES is configured.

DES, the Linux default method, works in all network environments, but it restricts you to passwords no longer than eight characters. MD5 allows longer passwords, thus provides more security, but some network protocols don't support this, and you may have problems with NIS. Blowfish is also supported.

Additionally, you can setup the system to check for password plausibility and length etc.

4.13.2. Boot Settings

Use the security resource, you can change various boot settings.

  • How to interpret Ctrl + Alt + Del

    When someone at the console has pressed the CTRL + ALT + DEL key combination, the system usually reboots. Sometimes it is desirable to ignore this event, for example, when the system serves as both workstation and server.

  • Shutdown behavior of KDM

    Set who is allowed to shut down the machine from KDM.

4.13.3. Login Settings

Change various login settings. These settings are mainly stored in the '/etc/login.defs' file.

4.13.4. New user settings (useradd settings)

Set the minimum and maximum possible user ID and set the minimum and maximum possible group ID.

Prev Up Next
4.12.  Mail Configuration (Sendmail or Postfix)  Home 4.14.  Monitor and X11 Configuration