202-450 Exam Dumps - LPIC-2 - Exam 202 (part 2 of 2), version 4.5

To fully disable password based logins for SSH, you need to set both Challenge Response Authentication and Password Authentication to no in the sshd configuration file. These options control whether the server will accept password-based authentication methods such as keyboard-interactive or PAM. Setting them to no will only allow public key authentication or other methods that do not involve passwords. References:

• LPIC-2 Exam 202 Objectives1
• LPIC-2 Exam 202 Study Guide2
• LPIC-2 Exam 202 Topic 208: SSH Configuration3

 This option enables Samba to synchronize the UNIX password with the SMB password when the encrypted SMB password in the passdb is changed using smbpasswd. This means that the user only needs to change their password once, and both the UNIX and SMB passwords will be updated. Samba will use the passwd program specified by the passwd program option to change the UNIX password. Samba will also follow the passwd chat option to communicate with the passwd program. The other options are either invalid or irrelevant for this question. References: 1, 2, 3

 The line A is valid in a configuration file in /etc/pam.d/ because it follows the correct syntax and semantics of a PAM configuration file. The syntax of a PAM configuration file is:

module_interface control_flag module_name module_arguments

The module_interface specifies the type of authentication action that the module can perform. There are four types of module interface: auth, account, password, and session. The control_flag specifies how important the success or failure of the module is to the overall authentication process. There are four types of control flag: required, requisite, sufficient, and optional. The module_name specifies the name of the library that contains the module. The module_arguments are optional parameters that can modify the behavior of the module.

The line A has the following components:

• module_interface: auth, which means the module is used for user authentication.
• control_flag: required, which means the module must succeed for authentication to continue. If the module fails, the failure is recorded and the rest of the modules are executed.
• module_name: pam_unix.so, which means the module is the standard Unix authentication module that verifies the user’s password against the /etc/passwd and /etc/shadow files.
• module_arguments: try_first_pass nullok, which means the module tries to use the password that was previously entered by the user (if any), and allows users with empty passwords to log in.

The line B is invalid because it has the wrong order of the fields. The control_flag should come before the module_name, not after. The line C is invalid because it uses parentheses and colons instead of spaces to separate the fields. The line D is invalid because it has the wrong syntax for the control_flag. The control_flag should be a single word, not a word in parentheses.

 The options rw and ro are valid in /etc/exports. They specify whether the exported file system is mounted with read-write or read-only permissions by the clients. The option rw allows the clients to modify the files on the server, while the option ro prevents any changes by the clients. These options can be applied to all or specific hosts in the /etc/exports file123 References:

• LPIC-2 Overview
• LPIC-2 202-450
• 10 practical examples to export NFS shares in Linux | GoLinuxCloud

The option in the sshd configuration file that instructs sshd to permit only specific user names to log in to a system is AllowUsers. This option can be followed by a list of user name patterns, separated by spaces, that are allowed to log in. For example:

AllowUsers alice bob

This will allow only alice and bob to log in via ssh. Any other user will be denied access. The AllowUsers option can also take the form USER@HOST to restrict logins to particular users from particular hosts. For example:

AllowUsers alice@192.168.1.* bob@example.com

This will allow alice to log in from any host in the 192.168.1.0/24 network, and bob to log in from the host example.com. The AllowUsers option can be used in conjunction with the DenyUsers option, which does the opposite. The allow/deny directives are processed in the following order: DenyUsers, AllowUsers, DenyGroups, and finally AllowGroups.

References:

• sshd_config - OpenSSH SSH daemon configuration file
• Allow Or Deny SSH Access To A Particular User Or Group In Linux - OSTechNix