diff options
author | markm <markm@FreeBSD.org> | 2000-01-04 06:08:58 +0000 |
---|---|---|
committer | markm <markm@FreeBSD.org> | 2000-01-04 06:08:58 +0000 |
commit | d4444ae911a59f6f5481f6e0e31357ca05adc8f5 (patch) | |
tree | f08367475d5002f3d9ff0468cf5dec6fd64f0fee /etc/pam.conf | |
parent | 59326b98ed9aee28ca52d8d88e14366b6b10d639 (diff) | |
download | FreeBSD-src-d4444ae911a59f6f5481f6e0e31357ca05adc8f5.zip FreeBSD-src-d4444ae911a59f6f5481f6e0e31357ca05adc8f5.tar.gz |
Add a whole bunch of example entries for pam. This should help get
folk over various hurdles.
Diffstat (limited to 'etc/pam.conf')
-rw-r--r-- | etc/pam.conf | 24 |
1 files changed, 16 insertions, 8 deletions
diff --git a/etc/pam.conf b/etc/pam.conf index b9b93dd..19f3e50 100644 --- a/etc/pam.conf +++ b/etc/pam.conf @@ -9,19 +9,27 @@ # # $FreeBSD$ -# If the user can authenticate with S/Key, that's sufficient. +# If the user can authenticate with S/Key, that's sufficient; allow clear +# password. Try kerberos, then try plain unix password. login auth sufficient pam_skey.so - -# Check skey.access to make sure it is OK to let the user type in -# a cleartext password. If not, then fail right here. login auth requisite pam_cleartext_pass_ok.so - -# If you want KerberosIV authentication, uncomment the next line: #login auth sufficient pam_kerberosIV.so try_first_pass - -# Traditional getpwnam() authentication. login auth required pam_unix.so try_first_pass +# r-utils are broken; ensure this doesn't bother folk +rshd auth sufficient pam_deny.so + +# Don't break startx +xserver auth required pam_permit.so + +# XDM is difficult; it fails or moans unless there are modules for each +# of the four management groups; auth, account, session and password. +xdm auth required pam_unix.so +#xdm auth sufficient pam_kerberosIV.so try_first_pass +xdm account required pam_unix.so try_first_pass +xdm session required pam_deny.so +xdm password required pam_deny.so + # If we don't match anything else, default to using getpwnam(). other auth required pam_unix.so try_first_pass other account required pam_unix.so try_first_pass |