5.2. Avoid having a weak `other' configuration

5.2. Avoid having a weak `other' configuration

It is not a good thing to have a weak default (other) entry. This service is the default configuration for all PAM aware applications and if it is weak, your system is likely to be vulnerable to attack.

Here is a sample "other" configuration file. The pam_deny module will deny access and the pam_warn module will send a syslog message to auth.notice:

#
# The PAM configuration file for the `other' service
#
auth      required   pam_deny.so
auth      required   pam_warn.so
account   required   pam_deny.so
account   required   pam_warn.so
password  required   pam_deny.so
password  required   pam_warn.so
session   required   pam_deny.so
session   required   pam_warn.so