/etc/authselect/custom/user-profile/system-auth内容详解

以下为CentOS Linux release 8.5.2111系统/etc/authselect/custom/user-profile/system-authPAM默认配置。/etc/authselect/custom/user-profile/system-auth文件为

[root@localhost user-profile]# cat /etc/authselect/custom/user-profile/system-auth
{
   imply "with-smartcard" if "with-smartcard-required"}
auth        required                                     pam_env.so
auth        required                                     pam_faildelay.so delay=2000000
auth        required                                     pam_faillock.so preauth silent                         {
   include if "with-faillock"}
auth        [success=1 default=ignore]                   pam_succeed_if.so service notin login:gdm:xdm:kdm:xscreensaver:gnome-screensaver:kscreensaver quiet use_uid {
   include if "with-smartcard-required"}
auth        [success=done ignore=ignore default=die]     pam_sss.so require_cert_auth ignore_authinfo_unavail   {
   include if "with-smartcard-required"}
auth        sufficient                                   pam_fprintd.so                                         {
   include if "with-fingerprint"}
auth        sufficient                                   pam_u2f.so cue                                         {
   include if "with-pam-u2f"}
auth        required                                     pam_u2f.so cue {
   if not "without-pam-u2f-nouserok":nouserok} {
   include if "with-pam-u2f-2fa"}
auth        [default=1 ignore=ignore success=ok]         pam_usertype.so isregular
auth        [default=1 ignore=ignore success=ok]         pam_localuser.so                                       {
   exclude if "with-smartcard"}
auth        [default=2