diff options
| author | des <des@FreeBSD.org> | 2003-02-10 00:50:03 +0000 |
|---|---|---|
| committer | des <des@FreeBSD.org> | 2003-02-10 00:50:03 +0000 |
| commit | d4d4a833ae0443bd6ff37b15255b35bda1464d32 (patch) | |
| tree | 977dcc9470d5a5c5834587ede08319b78f65a6ad | |
| parent | 439e079c7bb7144cf54342b133449c39cc1bef5c (diff) | |
| download | FreeBSD-src-d4d4a833ae0443bd6ff37b15255b35bda1464d32.zip FreeBSD-src-d4d4a833ae0443bd6ff37b15255b35bda1464d32.tar.gz | |
Major cleanup & homogenization.
| -rw-r--r-- | etc/pam.d/ftpd | 22 | ||||
| -rw-r--r-- | etc/pam.d/gdm | 23 | ||||
| -rw-r--r-- | etc/pam.d/imap | 10 | ||||
| -rw-r--r-- | etc/pam.d/kde | 21 | ||||
| -rw-r--r-- | etc/pam.d/login | 28 | ||||
| -rw-r--r-- | etc/pam.d/other | 19 | ||||
| -rw-r--r-- | etc/pam.d/passwd | 4 | ||||
| -rw-r--r-- | etc/pam.d/pop3 | 10 | ||||
| -rw-r--r-- | etc/pam.d/rexecd | 13 | ||||
| -rw-r--r-- | etc/pam.d/rsh | 10 | ||||
| -rw-r--r-- | etc/pam.d/sshd | 22 | ||||
| -rw-r--r-- | etc/pam.d/su | 53 | ||||
| -rw-r--r-- | etc/pam.d/telnetd | 25 | ||||
| -rw-r--r-- | etc/pam.d/xdm | 21 |
14 files changed, 150 insertions, 131 deletions
diff --git a/etc/pam.d/ftpd b/etc/pam.d/ftpd index bfbf940..c217e0e 100644 --- a/etc/pam.d/ftpd +++ b/etc/pam.d/ftpd @@ -5,20 +5,20 @@ # # auth -auth required pam_nologin.so no_warn -#auth sufficient pam_kerberosIV.so no_warn -#auth sufficient pam_krb5.so no_warn -#auth sufficient pam_ssh.so no_warn try_first_pass -auth sufficient pam_opie.so no_warn no_fake_prompts +auth required pam_nologin.so no_warn +auth sufficient pam_opie.so no_warn no_fake_prompts auth requisite pam_opieaccess.so no_warn -auth required pam_unix.so no_warn try_first_pass +#auth sufficient pam_kerberosIV.so no_warn +#auth sufficient pam_krb5.so no_warn +#auth sufficient pam_ssh.so no_warn try_first_pass +auth required pam_unix.so no_warn try_first_pass # account -#account required pam_kerberosIV.so -#account required pam_krb5.so +#account required pam_kerberosIV.so +#account required pam_krb5.so account required pam_unix.so # session -#session required pam_kerberosIV.so -#session required pam_krb5.so -#session required pam_ssh.so +#session required pam_kerberosIV.so +#session required pam_krb5.so +session required pam_permit.so diff --git a/etc/pam.d/gdm b/etc/pam.d/gdm index a108601..7b391b7 100644 --- a/etc/pam.d/gdm +++ b/etc/pam.d/gdm @@ -5,22 +5,19 @@ # # auth -auth required pam_nologin.so no_warn -#auth sufficient pam_kerberosIV.so no_warn try_first_pass -#auth sufficient pam_krb5.so no_warn try_first_pass -#auth sufficient pam_ssh.so no_warn try_first_pass -auth required pam_unix.so no_warn try_first_pass +auth required pam_nologin.so no_warn +#auth sufficient pam_kerberosIV.so no_warn try_first_pass +#auth sufficient pam_krb5.so no_warn try_first_pass +#auth sufficient pam_ssh.so no_warn try_first_pass +auth required pam_unix.so no_warn try_first_pass # account -#account required pam_kerberosIV.so -#account required pam_krb5.so +#account required pam_kerberosIV.so +#account required pam_krb5.so account required pam_unix.so # session -#session required pam_kerberosIV.so -#session required pam_krb5.so -#session required pam_ssh.so +#session required pam_kerberosIV.so +#session required pam_krb5.so +#session optional pam_ssh.so session required pam_permit.so - -# password -password required pam_deny.so diff --git a/etc/pam.d/imap b/etc/pam.d/imap index eaf53d2..b9d3829 100644 --- a/etc/pam.d/imap +++ b/etc/pam.d/imap @@ -5,8 +5,8 @@ # # auth -#auth required pam_nologin.so no_warn -#auth sufficient pam_opie.so no_warn no_fake_prompts -#auth requisite pam_opieaccess.so no_warn -#auth required pam_ssh.so no_warn try_first_pass -#auth required pam_unix.so no_warn try_first_pass +#auth required pam_nologin.so no_warn +#auth sufficient pam_kerberosIV.so no_warn try_first_pass +#auth sufficient pam_krb5.so no_warn try_first_pass +#auth sufficient pam_ssh.so no_warn try_first_pass +auth required pam_unix.so no_warn try_first_pass diff --git a/etc/pam.d/kde b/etc/pam.d/kde index 4d23ae8..7b0ea45 100644 --- a/etc/pam.d/kde +++ b/etc/pam.d/kde @@ -5,10 +5,19 @@ # # auth -auth required pam_nologin.so no_warn -auth sufficient pam_opie.so no_warn no_fake_prompts -auth requisite pam_opieaccess.so no_warn +auth required pam_nologin.so no_warn #auth sufficient pam_kerberosIV.so no_warn try_first_pass -#auth sufficient pam_krb5.so no_warn try_first_pass -#auth required pam_ssh.so no_warn try_first_pass -auth required pam_unix.so no_warn try_first_pass +#auth sufficient pam_krb5.so no_warn try_first_pass +#auth sufficient pam_ssh.so no_warn try_first_pass +auth required pam_unix.so no_warn try_first_pass + +# account +#account required pam_kerberosIV.so +#account required pam_krb5.so +account required pam_unix.so + +# session +#session required pam_kerberosIV.so +#session required pam_krb5.so +#session optional pam_ssh.so +session required pam_permit.so diff --git a/etc/pam.d/login b/etc/pam.d/login index 997879d..748ddaa 100644 --- a/etc/pam.d/login +++ b/etc/pam.d/login @@ -5,29 +5,29 @@ # # auth -auth required pam_nologin.so no_warn -auth sufficient pam_self.so no_warn -auth sufficient pam_opie.so no_warn no_fake_prompts +auth required pam_nologin.so no_warn +auth sufficient pam_self.so no_warn +auth sufficient pam_opie.so no_warn no_fake_prompts auth requisite pam_opieaccess.so no_warn #auth sufficient pam_kerberosIV.so no_warn try_first_pass -#auth sufficient pam_krb5.so no_warn try_first_pass -#auth sufficient pam_ssh.so no_warn try_first_pass -auth required pam_unix.so no_warn try_first_pass nullok +#auth sufficient pam_krb5.so no_warn try_first_pass +#auth sufficient pam_ssh.so no_warn try_first_pass +auth required pam_unix.so no_warn try_first_pass nullok # account -#account required pam_kerberosIV.so -#account required pam_krb5.so +#account required pam_kerberosIV.so +#account required pam_krb5.so account required pam_login_access.so account required pam_securetty.so account required pam_unix.so # session -#session required pam_kerberosIV.so -#session required pam_krb5.so -#session required pam_ssh.so -session required pam_lastlog.so no_fail +#session required pam_kerberosIV.so +#session required pam_krb5.so +#session optional pam_ssh.so +session required pam_lastlog.so no_fail # password #password sufficient pam_kerberosIV.so no_warn try_first_pass -#password sufficient pam_krb5.so no_warn try_first_pass -password required pam_unix.so no_warn try_first_pass +#password sufficient pam_krb5.so no_warn try_first_pass +password required pam_unix.so no_warn try_first_pass diff --git a/etc/pam.d/other b/etc/pam.d/other index 81e0055..c4fe614 100644 --- a/etc/pam.d/other +++ b/etc/pam.d/other @@ -5,16 +5,25 @@ # # auth -auth required pam_nologin.so no_warn -auth sufficient pam_opie.so no_warn no_fake_prompts +auth required pam_nologin.so no_warn +auth sufficient pam_opie.so no_warn no_fake_prompts auth requisite pam_opieaccess.so no_warn -auth required pam_unix.so no_warn try_first_pass +#auth sufficient pam_kerberosIV.so no_warn try_first_pass +#auth sufficient pam_krb5.so no_warn try_first_pass +#auth sufficient pam_ssh.so no_warn try_first_pass +auth required pam_unix.so no_warn try_first_pass # account +#account required pam_kerberosIV.so +#account required pam_krb5.so +account required pam_login_access.so account required pam_unix.so # session -session required pam_lastlog.so no_warn no_fail +#session required pam_kerberosIV.so +#session required pam_krb5.so +#session optional pam_ssh.so +session required pam_permit.so # password -password required pam_deny.so +password required pam_permit.so diff --git a/etc/pam.d/passwd b/etc/pam.d/passwd index d732c42..fb768cf 100644 --- a/etc/pam.d/passwd +++ b/etc/pam.d/passwd @@ -7,5 +7,5 @@ # passwd(1) does not use the auth, account or session services. # password -#password requisite pam_passwdqc.so enforce=users -password required pam_unix.so no_warn try_first_pass +#password requisite pam_passwdqc.so enforce=users +password required pam_unix.so no_warn try_first_pass diff --git a/etc/pam.d/pop3 b/etc/pam.d/pop3 index 3657f12..3e91558 100644 --- a/etc/pam.d/pop3 +++ b/etc/pam.d/pop3 @@ -5,8 +5,8 @@ # # auth -#auth required pam_nologin.so no_warn -#auth sufficient pam_opie.so no_warn no_fake_prompts -#auth requisite pam_opieaccess.so no_warn -#auth required pam_ssh.so no_warn try_first_pass -#auth required pam_unix.so no_warn try_first_pass +#auth required pam_nologin.so no_warn +#auth sufficient pam_kerberosIV.so no_warn try_first_pass +#auth sufficient pam_krb5.so no_warn try_first_pass +#auth sufficient pam_ssh.so no_warn try_first_pass +auth required pam_unix.so no_warn try_first_pass diff --git a/etc/pam.d/rexecd b/etc/pam.d/rexecd index 2126f86..532348e 100644 --- a/etc/pam.d/rexecd +++ b/etc/pam.d/rexecd @@ -5,12 +5,15 @@ # # auth -auth required pam_nologin.so no_warn -auth required pam_unix.so no_warn use_first_pass +auth required pam_nologin.so no_warn +auth required pam_unix.so no_warn use_first_pass # account -account required pam_unix.so no_warn -account required pam_ftpusers.so no_warn disallow +account required pam_ftpusers.so no_warn disallow +account required pam_unix.so no_warn # session -session required pam_permit.so no_warn +session required pam_permit.so + +# password +password required pam_deny.so diff --git a/etc/pam.d/rsh b/etc/pam.d/rsh index c560463..02c0048 100644 --- a/etc/pam.d/rsh +++ b/etc/pam.d/rsh @@ -5,8 +5,14 @@ # # auth -auth required pam_nologin.so no_warn -auth required pam_rhosts.so no_warn +auth required pam_nologin.so no_warn +auth required pam_rhosts.so no_warn # account account required pam_unix.so + +# session +session required pam_permit.so + +# password +password required pam_deny.so diff --git a/etc/pam.d/sshd b/etc/pam.d/sshd index 41ab3b0..b4f44bc 100644 --- a/etc/pam.d/sshd +++ b/etc/pam.d/sshd @@ -5,19 +5,27 @@ # # auth -auth required pam_nologin.so no_warn -auth sufficient pam_opie.so no_warn no_fake_prompts -auth required pam_opieaccess.so no_warn -#auth sufficient pam_krb5.so no_warn try_first_pass -auth required pam_unix.so no_warn try_first_pass +auth required pam_nologin.so no_warn +auth sufficient pam_opie.so no_warn no_fake_prompts +auth requisite pam_opieaccess.so no_warn +#auth sufficient pam_kerberosIV.so no_warn try_first_pass +#auth sufficient pam_krb5.so no_warn try_first_pass +#auth sufficient pam_ssh.so no_warn try_first_pass +auth required pam_unix.so no_warn try_first_pass # account +#account required pam_kerberosIV.so +#account required pam_krb5.so account required pam_login_access.so -#account required pam_krb5.so account required pam_unix.so # session +#session required pam_kerberosIV.so +#session required pam_krb5.so +#session optional pam_ssh.so session required pam_permit.so # password -password required pam_permit.so +#password sufficient pam_kerberosIV.so no_warn try_first_pass +#password sufficient pam_krb5.so no_warn try_first_pass +password required pam_unix.so no_warn try_first_pass diff --git a/etc/pam.d/su b/etc/pam.d/su index 01dd99f..1803474 100644 --- a/etc/pam.d/su +++ b/etc/pam.d/su @@ -5,49 +5,22 @@ # # auth -auth sufficient pam_rootok.so no_warn -auth sufficient pam_self.so no_warn -auth requisite pam_group.so no_warn root_only fail_safe -#auth sufficient pam_kerberosIV.so no_warn -#auth sufficient pam_krb5.so no_warn try_first_pass auth_as_self -auth sufficient pam_opie.so no_warn no_fake_prompts +auth sufficient pam_rootok.so no_warn +auth sufficient pam_self.so no_warn +auth requisite pam_group.so no_warn root_only fail_safe +auth sufficient pam_opie.so no_warn no_fake_prompts auth requisite pam_opieaccess.so no_warn -#auth required pam_ssh.so no_warn try_first_pass -auth required pam_unix.so no_warn try_first_pass nullok +#auth sufficient pam_kerberosIV.so no_warn +#auth sufficient pam_krb5.so no_warn try_first_pass auth_as_self +#auth required pam_ssh.so no_warn try_first_pass +auth required pam_unix.so no_warn try_first_pass nullok # account -#account required pam_kerberosIV.so -#account required pam_krb5.so +#account required pam_kerberosIV.so +#account required pam_krb5.so account required pam_unix.so # session -#session required pam_kerberosIV.so -#session required pam_krb5.so -#session required pam_ssh.so - -# password -password required pam_permit.so - - -# If you want a "WHEELSU"-type su(1), then comment out the -# above, and uncomment the entries below. -## auth -#auth sufficient pam_rootok.so no_warn -##auth sufficient pam_kerberosIV.so no_warn -##auth sufficient pam_krb5.so no_warn -#auth required pam_opie.so no_warn auth_as_self no_fake_prompts -#auth required pam_unix.so no_warn try_first_pass auth_as_self - -## account -##account required pam_kerberosIV.so -##account required pam_krb5.so -#account required pam_unix.so - -## session -##session required pam_kerberosIV.so -##session required pam_krb5.so -##session required pam_ssh.so -#session required pam_unix.so - -## password -#password required pam_permit.so +#session required pam_kerberosIV.so +#session required pam_krb5.so +#session optional pam_ssh.so diff --git a/etc/pam.d/telnetd b/etc/pam.d/telnetd index 25fa6cf..9934257 100644 --- a/etc/pam.d/telnetd +++ b/etc/pam.d/telnetd @@ -5,10 +5,27 @@ # # auth -auth required pam_nologin.so no_warn -auth sufficient pam_opie.so no_warn no_fake_prompts -auth required pam_opieaccess.so no_warn -auth required pam_unix.so no_warn try_first_pass +auth required pam_nologin.so no_warn +auth sufficient pam_opie.so no_warn no_fake_prompts +auth requisite pam_opieaccess.so no_warn +#auth sufficient pam_kerberosIV.so no_warn try_first_pass +#auth sufficient pam_krb5.so no_warn try_first_pass +#auth sufficient pam_ssh.so no_warn try_first_pass +auth required pam_unix.so no_warn try_first_pass # account +#account required pam_kerberosIV.so +#account required pam_krb5.so +account required pam_login_access.so account required pam_unix.so + +# session +#session required pam_kerberosIV.so +#session required pam_krb5.so +#session optional pam_ssh.so +session required pam_lastlog.so no_fail + +# password +#password sufficient pam_kerberosIV.so no_warn try_first_pass +#password sufficient pam_krb5.so no_warn try_first_pass +password required pam_unix.so no_warn try_first_pass diff --git a/etc/pam.d/xdm b/etc/pam.d/xdm index 4ad29e4..4dcfb4c 100644 --- a/etc/pam.d/xdm +++ b/etc/pam.d/xdm @@ -5,22 +5,19 @@ # # auth -auth required pam_nologin.so no_warn +auth required pam_nologin.so no_warn #auth sufficient pam_kerberosIV.so no_warn try_first_pass -#auth sufficient pam_krb5.so no_warn try_first_pass -#auth sufficient pam_ssh.so no_warn try_first_pass -auth required pam_unix.so no_warn try_first_pass +#auth sufficient pam_krb5.so no_warn try_first_pass +#auth sufficient pam_ssh.so no_warn try_first_pass +auth required pam_unix.so no_warn try_first_pass # account -#account required pam_kerberosIV.so -#account required pam_krb5.so +#account required pam_kerberosIV.so +#account required pam_krb5.so account required pam_unix.so # session -#session required pam_kerberosIV.so -#session required pam_krb5.so -#session required pam_ssh.so +#session required pam_kerberosIV.so +#session required pam_krb5.so +#session required pam_ssh.so session required pam_permit.so - -# password -password required pam_deny.so |
