diff options
-rw-r--r-- | etc/pam.d/Makefile | 2 | ||||
-rw-r--r-- | etc/pam.d/login | 18 | ||||
-rw-r--r-- | etc/pam.d/su | 13 | ||||
-rw-r--r-- | etc/pam.d/system | 25 |
4 files changed, 35 insertions, 23 deletions
diff --git a/etc/pam.d/Makefile b/etc/pam.d/Makefile index 2832f18..604e1a8 100644 --- a/etc/pam.d/Makefile +++ b/etc/pam.d/Makefile @@ -2,7 +2,7 @@ NOOBJ= noobj FILES= README ftpd gdm imap kde login other passwd pop3 \ - rexecd rsh sshd su telnetd xdm + rexecd rsh sshd su system telnetd xdm FILESDIR= /etc/pam.d FILESMODE= 644 FILESMODE_README= 444 diff --git a/etc/pam.d/login b/etc/pam.d/login index 41342c4..a4c6628 100644 --- a/etc/pam.d/login +++ b/etc/pam.d/login @@ -7,22 +7,14 @@ # auth auth required pam_nologin.so no_warn auth sufficient pam_self.so no_warn -auth sufficient pam_opie.so no_warn no_fake_prompts -auth requisite pam_opieaccess.so no_warn allow_local -#auth sufficient pam_krb5.so no_warn try_first_pass -#auth sufficient pam_ssh.so no_warn try_first_pass -auth required pam_unix.so no_warn try_first_pass nullok +auth include system # account -#account required pam_krb5.so -account required pam_login_access.so -account required pam_securetty.so -account required pam_unix.so +account requisite pam_securetty.so +account include system # session -#session optional pam_ssh.so -session required pam_lastlog.so no_fail +session include system # password -#password sufficient pam_krb5.so no_warn try_first_pass -password required pam_unix.so no_warn try_first_pass +password include system diff --git a/etc/pam.d/su b/etc/pam.d/su index 040bd6f..a1e42dc 100644 --- a/etc/pam.d/su +++ b/etc/pam.d/su @@ -7,16 +7,11 @@ # auth auth sufficient pam_rootok.so no_warn auth sufficient pam_self.so no_warn -auth requisite pam_group.so no_warn root_only fail_safe -auth sufficient pam_opie.so no_warn no_fake_prompts -auth requisite pam_opieaccess.so no_warn allow_local -#auth sufficient pam_krb5.so no_warn try_first_pass auth_as_self -#auth required pam_ssh.so no_warn try_first_pass -auth required pam_unix.so no_warn try_first_pass nullok +auth requisite pam_group.so no_warn group=wheel root_only fail_safe +auth include system # account -#account required pam_krb5.so -account required pam_unix.so +account include system # session -#session optional pam_ssh.so +session include system diff --git a/etc/pam.d/system b/etc/pam.d/system new file mode 100644 index 0000000..c2f4d8b --- /dev/null +++ b/etc/pam.d/system @@ -0,0 +1,25 @@ +# +# $FreeBSD$ +# +# System-wide defaults +# + +# auth +auth sufficient pam_opie.so no_warn no_fake_prompts +auth requisite pam_opieaccess.so no_warn allow_local +#auth sufficient pam_krb5.so no_warn try_first_pass +#auth sufficient pam_ssh.so no_warn try_first_pass +auth required pam_unix.so no_warn try_first_pass nullok + +# account +#account required pam_krb5.so +account required pam_login_access.so +account required pam_unix.so + +# session +#session optional pam_ssh.so +session required pam_lastlog.so no_fail + +# password +#password sufficient pam_krb5.so no_warn try_first_pass +password required pam_unix.so no_warn try_first_pass |