Configure PAMs passwd Module To Implement system-auth Substack When Changing Passwords

Description

Verify that pam is configured to use /etc/pam.d/system-auth when changing passwords. Look for the following line in /etc/pam.d/passwd:

password substack system-auth

Rationale

Including system-auth from the passwd module ensures that the user must pass through the PAM configuration for system authentication as found in /etc/pam.d/system-auth when changing passwords.

ID: xccdf_org.ssgproject.content_rule_passwd_system-auth_substack
Severity: Medium
References: CCI-000192

IA-5(1)(a) IA-5(1)(a) IA-5(1).1(v)

SRG-OS-000069-GPOS-00037
Updated: about 1 year ago