{"id":"rhel9-pre-auth-to-post-auth-access-control","text":"RHEL 9 enforces access control across the full authentication boundary: pre-authentication defenses (pam_faillock account lockout, chage password aging, SSH key-based authentication) gate entry, while post-authentication layered authorization (DAC ugo/rwx permissions → SELinux Type Enforcement → MCS category conjunction) restricts what authenticated subjects can access.","truth_value":"OUT","source":"","source_url":"","source_hash":"","justifications":[],"dependents":[],"metadata":{"_retracted":true},"explanation":{"steps":[{"node":"rhel9-pre-auth-to-post-auth-access-control","truth_value":"OUT","reason":"retracted premise"}]}}