diff options
| author | markm <markm@FreeBSD.org> | 2001-08-26 18:15:32 +0000 |
|---|---|---|
| committer | markm <markm@FreeBSD.org> | 2001-08-26 18:15:32 +0000 |
| commit | 6aa19e79d5eface4601533c494d7c847066eff62 (patch) | |
| tree | 3734663931798b72e9b22ce9439be40e6ca689e7 /etc | |
| parent | 9e62e18a5938abcb9c07141a6359226377886a05 (diff) | |
| download | FreeBSD-src-6aa19e79d5eface4601533c494d7c847066eff62.zip FreeBSD-src-6aa19e79d5eface4601533c494d7c847066eff62.tar.gz | |
Tidy, reorder and adjust to more correctly reflect FreeBSD default
policy.
Diffstat (limited to 'etc')
| -rw-r--r-- | etc/pam.conf | 48 |
1 files changed, 35 insertions, 13 deletions
diff --git a/etc/pam.conf b/etc/pam.conf index 91874ec..ed1d214 100644 --- a/etc/pam.conf +++ b/etc/pam.conf @@ -44,18 +44,23 @@ # "sufficient" to "required" in the entry before it. login auth required pam_nologin.so no_warn +#login auth sufficient pam_opie.so no_warn #login auth sufficient pam_kerberosIV.so no_warn try_first_pass #login auth sufficient pam_krb5.so no_warn try_first_pass -#login auth sufficient pam_opie.so no_warn #login auth required pam_ssh.so no_warn try_first_pass login auth required pam_unix.so no_warn try_first_pass #login account required pam_kerberosIV.so #login account required pam_krb5.so -login account required pam_permit.so +#login account required pam_ssh.so +login account required pam_unix.so #login session required pam_kerberosIV.so #login session required pam_krb5.so -login session required pam_permit.so -login password required pam_permit.so +#login session required pam_ssh.so +login session required pam_unix.so +#login password sufficient pam_opie.so no_warn +#login password sufficient pam_kerberosIV.so no_warn try_first_pass +#login password sufficient pam_krb5.so no_warn try_first_pass +login password required pam_unix.so no_warn try_first_pass rsh auth required pam_nologin.so no_warn rsh auth required pam_permit.so no_warn @@ -64,7 +69,7 @@ rsh session required pam_permit.so # "Standard" su(1) policy. su auth sufficient pam_rootok.so no_warn -su auth requisite pam_wheel.so no_warn auth_as_self +su auth requisite pam_wheel.so no_warn auth_as_self noroot_ok #su auth sufficient pam_kerberosIV.so no_warn #su auth sufficient pam_krb5.so no_warn try_first_pass auth_as_self #su auth required pam_opie.so no_warn @@ -72,11 +77,13 @@ su auth requisite pam_wheel.so no_warn auth_as_self su auth required pam_unix.so no_warn try_first_pass nullok #su account required pam_kerberosIV.so #su account required pam_krb5.so +#su account required pam_ssh.so su account required pam_unix.so #su session required pam_kerberosIV.so #su session required pam_krb5.so +#su session required pam_ssh.so +su session required pam_unix.so su password required pam_permit.so -su session required pam_permit.so # If you want a "WHEELSU"-type su(1), then comment out the # above, and uncomment the below "su" entries. @@ -87,11 +94,13 @@ su session required pam_permit.so #su auth required pam_unix.so no_warn try_first_pass auth_as_self ##su account required pam_kerberosIV.so ##su account required pam_krb5.so +##su account required pam_ssh.so #su account required pam_unix.so ##su session required pam_kerberosIV.so ##su session required pam_krb5.so +##su session required pam_ssh.so +#su session required pam_unix.so #su password required pam_permit.so -#su session required pam_permit.so # Native ftpd. ftpd auth required pam_nologin.so no_warn @@ -102,9 +111,12 @@ ftpd auth required pam_nologin.so no_warn ftpd auth required pam_unix.so no_warn try_first_pass #ftpd account required pam_kerberosIV.so #ftpd account required pam_krb5.so +#ftpd account required pam_ssh.so ftpd account required pam_unix.so #ftpd session required pam_kerberosIV.so #ftpd session required pam_krb5.so +#ftpd session required pam_ssh.so +ftpd session required pam_unix.so # PROftpd. ftp auth required pam_nologin.so no_warn @@ -115,16 +127,19 @@ ftp auth required pam_nologin.so no_warn ftp auth required pam_unix.so no_warn try_first_pass #ftp account required pam_kerberosIV.so #ftp account required pam_krb5.so -ftp session required pam_unix.so +#ftp account required pam_ssh.so +ftp account required pam_unix.so #ftp session required pam_kerberosIV.so #ftp session required pam_krb5.so +#ftp session required pam_ssh.so +ftp session required pam_unix.so # OpenSSH sshd auth required pam_nologin.so no_warn sshd auth required pam_unix.so no_warn try_first_pass sshd account required pam_unix.so -sshd password required pam_permit.so sshd session required pam_permit.so +sshd password required pam_permit.so # "csshd" is for challenge-based authentication with sshd (TIS auth, etc.) csshd auth required pam_opie.so no_warn @@ -136,15 +151,20 @@ telnetd account required pam_unix.so # Don't break startx xserver auth required pam_permit.so no_warn -# XDM is difficult; it fails or moans unless there are modules for each -# of the four management groups; auth, account, session and password. +# XDM xdm auth required pam_nologin.so no_warn #xdm auth sufficient pam_kerberosIV.so no_warn try_first_pass #xdm auth sufficient pam_krb5.so no_warn try_first_pass -#xdm auth required pam_ssh.so no_warn try_first_pass +#xdm auth sufficient pam_ssh.so no_warn try_first_pass xdm auth required pam_unix.so no_warn try_first_pass +#xdm account required pam_kerberosIV.so +#xdm account required pam_krb5.so +#xdm account required pam_ssh.so xdm account required pam_unix.so -xdm session required pam_deny.so +#xdm session required pam_kerberosIV.so +#xdm session required pam_krb5.so +#xdm session required pam_ssh.so +xdm session required pam_unix.so xdm password required pam_deny.so # Mail services @@ -162,3 +182,5 @@ other auth required pam_nologin.so no_warn #other auth required pam_opie.so no_warn other auth required pam_unix.so no_warn try_first_pass other account required pam_unix.so +other session required pam_unix.so +other password required pam_deny.so |
