diff options
| -rw-r--r-- | etc/pam.conf | 203 |
1 files changed, 2 insertions, 201 deletions
diff --git a/etc/pam.conf b/etc/pam.conf index 95bae75..fb45b10 100644 --- a/etc/pam.conf +++ b/etc/pam.conf @@ -1,205 +1,6 @@ -# Configuration file for Pluggable Authentication Modules (PAM). # -# This file controls the authentication methods that login and other -# utilities use. See pam(8) for a description of its format. +# This file should no longer be used. See /etc/pam.d/README for +# further information. # # $FreeBSD$ # -# service-name module-type control-flag module-path arguments -# -# module-type: -# auth: prompt for a password to authenticate that the user is -# who they say they are, and set any credentials. -# account: non-authentication based authorization, based on time, -# resources, etc. -# session: housekeeping before and/or after login. -# password: update authentication tokens. -# -# control-flag: How libpam handles success or failure of the module. -# required: success is required, and on failure all remaining -# modules are run. -# requisite: success is required, and on failure no remaining -# modules are run. -# sufficient: success is sufficient, and if no previous required -# module failed, no remaining modules are run. -# optional: ignored unless the other modules return PAM_IGNORE. -# -# arguments: -# Passed to the module; module-specific plus some generic ones: -# debug: syslog debug info. -# no_warn: return no warning messages to the application. -# Remove this to feed back to the user the -# reason(s) they are being rejected. -# use_first_pass: try authentication using password from the -# preceding auth module. -# try_first_pass: first try authentication using password from -# the preceding auth module, and if that fails -# prompt for a new password. -# use_mapped_pass: convert cleartext password to a crypto key. -# expose_account: allow printing more info about the user when -# prompting. -# -# Each final entry must say "required" -- otherwise, things don't -# work quite right. If you delete a final entry, be sure to change -# "sufficient" to "required" in the entry before it. - -login auth required pam_nologin.so no_warn -#login auth sufficient pam_opie.so no_warn -#login auth sufficient pam_kerberosIV.so no_warn try_first_pass -#login auth sufficient pam_krb5.so no_warn try_first_pass -#login auth required pam_ssh.so no_warn try_first_pass -login auth required pam_unix.so no_warn try_first_pass -#login account required pam_kerberosIV.so -#login account required pam_krb5.so -login account required pam_unix.so -#login session required pam_kerberosIV.so -#login session required pam_krb5.so -#login session required pam_ssh.so -login session required pam_unix.so -#login password sufficient pam_opie.so no_warn -#login password sufficient pam_kerberosIV.so no_warn try_first_pass -#login password sufficient pam_krb5.so no_warn try_first_pass -login password required pam_unix.so no_warn try_first_pass - -rsh auth required pam_nologin.so no_warn -rsh auth required pam_deny.so no_warn -rsh account required pam_unix.so -rsh session required pam_permit.so - -# "Standard" su(1) policy. -su auth sufficient pam_rootok.so no_warn -su auth requisite pam_wheel.so no_warn auth_as_self noroot_ok -#su auth sufficient pam_kerberosIV.so no_warn -#su auth sufficient pam_krb5.so no_warn try_first_pass auth_as_self -#su auth required pam_opie.so no_warn -#su auth required pam_ssh.so no_warn try_first_pass -su auth required pam_unix.so no_warn try_first_pass nullok -#su account required pam_kerberosIV.so -#su account required pam_krb5.so -su account required pam_unix.so -#su session required pam_kerberosIV.so -#su session required pam_krb5.so -#su session required pam_ssh.so -su session required pam_unix.so -su password required pam_permit.so - -# If you want a "WHEELSU"-type su(1), then comment out the -# above, and uncomment the below "su" entries. -#su auth sufficient pam_rootok.so no_warn -##su auth sufficient pam_kerberosIV.so no_warn -##su auth sufficient pam_krb5.so no_warn -#su auth required pam_opie.so no_warn auth_as_self -#su auth required pam_unix.so no_warn try_first_pass auth_as_self -##su account required pam_kerberosIV.so -##su account required pam_krb5.so -#su account required pam_unix.so -##su session required pam_kerberosIV.so -##su session required pam_krb5.so -##su session required pam_ssh.so -#su session required pam_unix.so -#su password required pam_permit.so - -# Native ftpd. -ftpd auth required pam_nologin.so no_warn -#ftpd auth sufficient pam_kerberosIV.so no_warn -#ftpd auth sufficient pam_krb5.so no_warn -#ftpd auth sufficient pam_ssh.so no_warn try_first_pass -# Uncomment either pam_opie or pam_unix, but not both of them. -# pam_unix can't be simple chained with pam_opie, ftpd provides proper fallback -ftpd auth required pam_opie.so no_warn -#ftpd auth required pam_unix.so no_warn try_first_pass -#ftpd account required pam_kerberosIV.so -#ftpd account required pam_krb5.so -ftpd account required pam_unix.so -#ftpd session required pam_kerberosIV.so -#ftpd session required pam_krb5.so -#ftpd session required pam_ssh.so -ftpd session required pam_unix.so - -# PROftpd. -ftp auth required pam_nologin.so no_warn -#ftp auth sufficient pam_kerberosIV.so no_warn -#ftp auth sufficient pam_krb5.so no_warn -#ftp auth required pam_opie.so no_warn -#ftp auth required pam_ssh.so no_warn try_first_pass -ftp auth required pam_unix.so no_warn try_first_pass -#ftp account required pam_kerberosIV.so -#ftp account required pam_krb5.so -ftp account required pam_unix.so -#ftp session required pam_kerberosIV.so -#ftp session required pam_krb5.so -#ftp session required pam_ssh.so -ftp session required pam_unix.so - -# OpenSSH -sshd auth required pam_nologin.so no_warn -sshd auth required pam_unix.so no_warn try_first_pass -sshd account required pam_unix.so -sshd session required pam_permit.so -sshd password required pam_permit.so -# "csshd" is for challenge-based authentication with sshd (TIS auth, etc.) -csshd auth required pam_opie.so no_warn - -# SRA telnet. Non-SRA telnet uses 'login'. -telnetd auth required pam_nologin.so no_warn -telnetd auth required pam_unix.so no_warn try_first_pass -telnetd account required pam_unix.so - -# Don't break startx -xserver auth required pam_permit.so no_warn - -# XDM -xdm auth required pam_nologin.so no_warn -#xdm auth sufficient pam_kerberosIV.so no_warn try_first_pass -#xdm auth sufficient pam_krb5.so no_warn try_first_pass -#xdm auth sufficient pam_ssh.so no_warn try_first_pass -xdm auth required pam_unix.so no_warn try_first_pass -#xdm account required pam_kerberosIV.so -#xdm account required pam_krb5.so -xdm account required pam_unix.so -#xdm session required pam_kerberosIV.so -#xdm session required pam_krb5.so -#xdm session required pam_ssh.so -xdm session required pam_unix.so -xdm password required pam_deny.so - -# KDE (screensavers etc) -kde auth required pam_nologin.so no_warn -#kde auth sufficient pam_opie.so no_warn -#kde auth sufficient pam_kerberosIV.so no_warn try_first_pass -#kde auth sufficient pam_krb5.so no_warn try_first_pass -#kde auth required pam_ssh.so no_warn try_first_pass -kde auth required pam_unix.so no_warn try_first_pass - -# GDM (GNOME Display Manager) -gdm auth required pam_nologin.so no_warn -#gdm auth sufficient pam_kerberosIV.so no_warn try_first_pass -#gdm auth sufficient pam_krb5.so no_warn try_first_pass -#gdm auth sufficient pam_ssh.so no_warn try_first_pass -gdm auth required pam_unix.so no_warn try_first_pass -#gdm account required pam_kerberosIV.so -#gdm account required pam_krb5.so -gdm account required pam_unix.so -#gdm session required pam_kerberosIV.so -#gdm session required pam_krb5.so -#gdm session required pam_ssh.so -gdm session required pam_unix.so -gdm password required pam_deny.so - -# Mail services -#imap auth required pam_nologin.so no_warn -#imap auth required pam_opie.so no_warn -#imap auth required pam_ssh.so no_warn try_first_pass -#imap auth required pam_unix.so no_warn try_first_pass -#pop3 auth required pam_nologin.so no_warn -#pop3 auth required pam_opie.so no_warn -#pop3 auth required pam_ssh.so no_warn try_first_pass -#pop3 auth required pam_unix.so no_warn try_first_pass - -# If we don't match anything else, default to using OPIE or getpwnam(). -other auth required pam_nologin.so no_warn -#other auth required pam_opie.so no_warn -other auth required pam_unix.so no_warn try_first_pass -other account required pam_unix.so -other session required pam_unix.so -other password required pam_deny.so |
