diff options
author | des <des@FreeBSD.org> | 2003-06-14 12:35:05 +0000 |
---|---|---|
committer | des <des@FreeBSD.org> | 2003-06-14 12:35:05 +0000 |
commit | 41880f4325c1ada9ca9b90c192214e3b617a952a (patch) | |
tree | 9026a3839960c66a52053f40f835331b2fae44a8 /etc/pam.d | |
parent | 5d547700c7e7b30e33408a56bae0fc1f1a22915d (diff) | |
download | FreeBSD-src-41880f4325c1ada9ca9b90c192214e3b617a952a.zip FreeBSD-src-41880f4325c1ada9ca9b90c192214e3b617a952a.tar.gz |
Add a system policy, and have the login and su policies include it rather
than duplicate it. This requires OpenPAM Dianthus, which was committed two
weeks ago; installing these files on a system running a world older than
June 1st, 2003 will cause login(1) and su(1) to fail.
Diffstat (limited to 'etc/pam.d')
-rw-r--r-- | etc/pam.d/Makefile | 2 | ||||
-rw-r--r-- | etc/pam.d/login | 18 | ||||
-rw-r--r-- | etc/pam.d/su | 13 | ||||
-rw-r--r-- | etc/pam.d/system | 25 |
4 files changed, 35 insertions, 23 deletions
diff --git a/etc/pam.d/Makefile b/etc/pam.d/Makefile index 2832f18..604e1a8 100644 --- a/etc/pam.d/Makefile +++ b/etc/pam.d/Makefile @@ -2,7 +2,7 @@ NOOBJ= noobj FILES= README ftpd gdm imap kde login other passwd pop3 \ - rexecd rsh sshd su telnetd xdm + rexecd rsh sshd su system telnetd xdm FILESDIR= /etc/pam.d FILESMODE= 644 FILESMODE_README= 444 diff --git a/etc/pam.d/login b/etc/pam.d/login index 41342c4..a4c6628 100644 --- a/etc/pam.d/login +++ b/etc/pam.d/login @@ -7,22 +7,14 @@ # auth auth required pam_nologin.so no_warn auth sufficient pam_self.so no_warn -auth sufficient pam_opie.so no_warn no_fake_prompts -auth requisite pam_opieaccess.so no_warn allow_local -#auth sufficient pam_krb5.so no_warn try_first_pass -#auth sufficient pam_ssh.so no_warn try_first_pass -auth required pam_unix.so no_warn try_first_pass nullok +auth include system # account -#account required pam_krb5.so -account required pam_login_access.so -account required pam_securetty.so -account required pam_unix.so +account requisite pam_securetty.so +account include system # session -#session optional pam_ssh.so -session required pam_lastlog.so no_fail +session include system # password -#password sufficient pam_krb5.so no_warn try_first_pass -password required pam_unix.so no_warn try_first_pass +password include system diff --git a/etc/pam.d/su b/etc/pam.d/su index 040bd6f..a1e42dc 100644 --- a/etc/pam.d/su +++ b/etc/pam.d/su @@ -7,16 +7,11 @@ # auth auth sufficient pam_rootok.so no_warn auth sufficient pam_self.so no_warn -auth requisite pam_group.so no_warn root_only fail_safe -auth sufficient pam_opie.so no_warn no_fake_prompts -auth requisite pam_opieaccess.so no_warn allow_local -#auth sufficient pam_krb5.so no_warn try_first_pass auth_as_self -#auth required pam_ssh.so no_warn try_first_pass -auth required pam_unix.so no_warn try_first_pass nullok +auth requisite pam_group.so no_warn group=wheel root_only fail_safe +auth include system # account -#account required pam_krb5.so -account required pam_unix.so +account include system # session -#session optional pam_ssh.so +session include system diff --git a/etc/pam.d/system b/etc/pam.d/system new file mode 100644 index 0000000..c2f4d8b --- /dev/null +++ b/etc/pam.d/system @@ -0,0 +1,25 @@ +# +# $FreeBSD$ +# +# System-wide defaults +# + +# auth +auth sufficient pam_opie.so no_warn no_fake_prompts +auth requisite pam_opieaccess.so no_warn allow_local +#auth sufficient pam_krb5.so no_warn try_first_pass +#auth sufficient pam_ssh.so no_warn try_first_pass +auth required pam_unix.so no_warn try_first_pass nullok + +# account +#account required pam_krb5.so +account required pam_login_access.so +account required pam_unix.so + +# session +#session optional pam_ssh.so +session required pam_lastlog.so no_fail + +# password +#password sufficient pam_krb5.so no_warn try_first_pass +password required pam_unix.so no_warn try_first_pass |