~~NOCACHE~~
## 72.アクセス管理-pam.d-login

### /etc/pam.d/login設定
<sxh bash; gutter:True>
#変更
vi /etc/pam.d/login

</sxh>

### /etc/pam.d/login設定詳細
ハイライト行を追記する。
%%/etc/security/limits.conf%%の設定を反映する。
%%pam_limits.so%%は%%/etc/security/limits.conf%%に書かれた制限を適用します。[[InfrastructureConstruction:RHEL8:UserLimit|インフラ構築/RHEL8/11.ユーザリミット]]
<sxh bash; highlight: [18]; gutter:True;>
#%PAM-1.0
auth       substack     system-auth
auth       include      postlogin
account    required     pam_nologin.so
account    include      system-auth
password   include      system-auth
# pam_selinux.so close should be the first session rule
session    required     pam_selinux.so close
session    required     pam_loginuid.so
session    optional     pam_console.so
# pam_selinux.so open should only be followed by sessions to be executed in the user context
session    required     pam_selinux.so open
session    required     pam_namespace.so
session    optional     pam_keyinit.so force revoke
session    include      system-auth
session    include      postlogin
-session   optional     pam_ck_connector.so
session    required     pam_limits.so

</sxh>
https://int128.hatenablog.com/entry/20090726/1248622071

### 初期値
<sxh bash; gutter:True>
#%PAM-1.0
auth       substack     system-auth
auth       include      postlogin
account    required     pam_nologin.so
account    include      system-auth
password   include      system-auth
# pam_selinux.so close should be the first session rule
session    required     pam_selinux.so close
session    required     pam_loginuid.so
session    optional     pam_console.so
# pam_selinux.so open should only be followed by sessions to be executed in the user context
session    required     pam_selinux.so open
session    required     pam_namespace.so
session    optional     pam_keyinit.so force revoke
session    include      system-auth
session    include      postlogin
-session   optional     pam_ck_connector.so
</sxh>

{{tag>AWS RHEL 実践的}}