summaryrefslogtreecommitdiffstats
path: root/etc/pam.conf
diff options
context:
space:
mode:
Diffstat (limited to 'etc/pam.conf')
-rw-r--r--etc/pam.conf203
1 files changed, 2 insertions, 201 deletions
diff --git a/etc/pam.conf b/etc/pam.conf
index 95bae75..fb45b10 100644
--- a/etc/pam.conf
+++ b/etc/pam.conf
@@ -1,205 +1,6 @@
-# Configuration file for Pluggable Authentication Modules (PAM).
#
-# This file controls the authentication methods that login and other
-# utilities use. See pam(8) for a description of its format.
+# This file should no longer be used. See /etc/pam.d/README for
+# further information.
#
# $FreeBSD$
#
-# service-name module-type control-flag module-path arguments
-#
-# module-type:
-# auth: prompt for a password to authenticate that the user is
-# who they say they are, and set any credentials.
-# account: non-authentication based authorization, based on time,
-# resources, etc.
-# session: housekeeping before and/or after login.
-# password: update authentication tokens.
-#
-# control-flag: How libpam handles success or failure of the module.
-# required: success is required, and on failure all remaining
-# modules are run.
-# requisite: success is required, and on failure no remaining
-# modules are run.
-# sufficient: success is sufficient, and if no previous required
-# module failed, no remaining modules are run.
-# optional: ignored unless the other modules return PAM_IGNORE.
-#
-# arguments:
-# Passed to the module; module-specific plus some generic ones:
-# debug: syslog debug info.
-# no_warn: return no warning messages to the application.
-# Remove this to feed back to the user the
-# reason(s) they are being rejected.
-# use_first_pass: try authentication using password from the
-# preceding auth module.
-# try_first_pass: first try authentication using password from
-# the preceding auth module, and if that fails
-# prompt for a new password.
-# use_mapped_pass: convert cleartext password to a crypto key.
-# expose_account: allow printing more info about the user when
-# prompting.
-#
-# Each final entry must say "required" -- otherwise, things don't
-# work quite right. If you delete a final entry, be sure to change
-# "sufficient" to "required" in the entry before it.
-
-login auth required pam_nologin.so no_warn
-#login auth sufficient pam_opie.so no_warn
-#login auth sufficient pam_kerberosIV.so no_warn try_first_pass
-#login auth sufficient pam_krb5.so no_warn try_first_pass
-#login auth required pam_ssh.so no_warn try_first_pass
-login auth required pam_unix.so no_warn try_first_pass
-#login account required pam_kerberosIV.so
-#login account required pam_krb5.so
-login account required pam_unix.so
-#login session required pam_kerberosIV.so
-#login session required pam_krb5.so
-#login session required pam_ssh.so
-login session required pam_unix.so
-#login password sufficient pam_opie.so no_warn
-#login password sufficient pam_kerberosIV.so no_warn try_first_pass
-#login password sufficient pam_krb5.so no_warn try_first_pass
-login password required pam_unix.so no_warn try_first_pass
-
-rsh auth required pam_nologin.so no_warn
-rsh auth required pam_deny.so no_warn
-rsh account required pam_unix.so
-rsh session required pam_permit.so
-
-# "Standard" su(1) policy.
-su auth sufficient pam_rootok.so no_warn
-su auth requisite pam_wheel.so no_warn auth_as_self noroot_ok
-#su auth sufficient pam_kerberosIV.so no_warn
-#su auth sufficient pam_krb5.so no_warn try_first_pass auth_as_self
-#su auth required pam_opie.so no_warn
-#su auth required pam_ssh.so no_warn try_first_pass
-su auth required pam_unix.so no_warn try_first_pass nullok
-#su account required pam_kerberosIV.so
-#su account required pam_krb5.so
-su account required pam_unix.so
-#su session required pam_kerberosIV.so
-#su session required pam_krb5.so
-#su session required pam_ssh.so
-su session required pam_unix.so
-su password required pam_permit.so
-
-# If you want a "WHEELSU"-type su(1), then comment out the
-# above, and uncomment the below "su" entries.
-#su auth sufficient pam_rootok.so no_warn
-##su auth sufficient pam_kerberosIV.so no_warn
-##su auth sufficient pam_krb5.so no_warn
-#su auth required pam_opie.so no_warn auth_as_self
-#su auth required pam_unix.so no_warn try_first_pass auth_as_self
-##su account required pam_kerberosIV.so
-##su account required pam_krb5.so
-#su account required pam_unix.so
-##su session required pam_kerberosIV.so
-##su session required pam_krb5.so
-##su session required pam_ssh.so
-#su session required pam_unix.so
-#su password required pam_permit.so
-
-# Native ftpd.
-ftpd auth required pam_nologin.so no_warn
-#ftpd auth sufficient pam_kerberosIV.so no_warn
-#ftpd auth sufficient pam_krb5.so no_warn
-#ftpd auth sufficient pam_ssh.so no_warn try_first_pass
-# Uncomment either pam_opie or pam_unix, but not both of them.
-# pam_unix can't be simple chained with pam_opie, ftpd provides proper fallback
-ftpd auth required pam_opie.so no_warn
-#ftpd auth required pam_unix.so no_warn try_first_pass
-#ftpd account required pam_kerberosIV.so
-#ftpd account required pam_krb5.so
-ftpd account required pam_unix.so
-#ftpd session required pam_kerberosIV.so
-#ftpd session required pam_krb5.so
-#ftpd session required pam_ssh.so
-ftpd session required pam_unix.so
-
-# PROftpd.
-ftp auth required pam_nologin.so no_warn
-#ftp auth sufficient pam_kerberosIV.so no_warn
-#ftp auth sufficient pam_krb5.so no_warn
-#ftp auth required pam_opie.so no_warn
-#ftp auth required pam_ssh.so no_warn try_first_pass
-ftp auth required pam_unix.so no_warn try_first_pass
-#ftp account required pam_kerberosIV.so
-#ftp account required pam_krb5.so
-ftp account required pam_unix.so
-#ftp session required pam_kerberosIV.so
-#ftp session required pam_krb5.so
-#ftp session required pam_ssh.so
-ftp session required pam_unix.so
-
-# OpenSSH
-sshd auth required pam_nologin.so no_warn
-sshd auth required pam_unix.so no_warn try_first_pass
-sshd account required pam_unix.so
-sshd session required pam_permit.so
-sshd password required pam_permit.so
-# "csshd" is for challenge-based authentication with sshd (TIS auth, etc.)
-csshd auth required pam_opie.so no_warn
-
-# SRA telnet. Non-SRA telnet uses 'login'.
-telnetd auth required pam_nologin.so no_warn
-telnetd auth required pam_unix.so no_warn try_first_pass
-telnetd account required pam_unix.so
-
-# Don't break startx
-xserver auth required pam_permit.so no_warn
-
-# XDM
-xdm auth required pam_nologin.so no_warn
-#xdm auth sufficient pam_kerberosIV.so no_warn try_first_pass
-#xdm auth sufficient pam_krb5.so no_warn try_first_pass
-#xdm auth sufficient pam_ssh.so no_warn try_first_pass
-xdm auth required pam_unix.so no_warn try_first_pass
-#xdm account required pam_kerberosIV.so
-#xdm account required pam_krb5.so
-xdm account required pam_unix.so
-#xdm session required pam_kerberosIV.so
-#xdm session required pam_krb5.so
-#xdm session required pam_ssh.so
-xdm session required pam_unix.so
-xdm password required pam_deny.so
-
-# KDE (screensavers etc)
-kde auth required pam_nologin.so no_warn
-#kde auth sufficient pam_opie.so no_warn
-#kde auth sufficient pam_kerberosIV.so no_warn try_first_pass
-#kde auth sufficient pam_krb5.so no_warn try_first_pass
-#kde auth required pam_ssh.so no_warn try_first_pass
-kde auth required pam_unix.so no_warn try_first_pass
-
-# GDM (GNOME Display Manager)
-gdm auth required pam_nologin.so no_warn
-#gdm auth sufficient pam_kerberosIV.so no_warn try_first_pass
-#gdm auth sufficient pam_krb5.so no_warn try_first_pass
-#gdm auth sufficient pam_ssh.so no_warn try_first_pass
-gdm auth required pam_unix.so no_warn try_first_pass
-#gdm account required pam_kerberosIV.so
-#gdm account required pam_krb5.so
-gdm account required pam_unix.so
-#gdm session required pam_kerberosIV.so
-#gdm session required pam_krb5.so
-#gdm session required pam_ssh.so
-gdm session required pam_unix.so
-gdm password required pam_deny.so
-
-# Mail services
-#imap auth required pam_nologin.so no_warn
-#imap auth required pam_opie.so no_warn
-#imap auth required pam_ssh.so no_warn try_first_pass
-#imap auth required pam_unix.so no_warn try_first_pass
-#pop3 auth required pam_nologin.so no_warn
-#pop3 auth required pam_opie.so no_warn
-#pop3 auth required pam_ssh.so no_warn try_first_pass
-#pop3 auth required pam_unix.so no_warn try_first_pass
-
-# If we don't match anything else, default to using OPIE or getpwnam().
-other auth required pam_nologin.so no_warn
-#other auth required pam_opie.so no_warn
-other auth required pam_unix.so no_warn try_first_pass
-other account required pam_unix.so
-other session required pam_unix.so
-other password required pam_deny.so
OpenPOWER on IntegriCloud