From d4444ae911a59f6f5481f6e0e31357ca05adc8f5 Mon Sep 17 00:00:00 2001 From: markm Date: Tue, 4 Jan 2000 06:08:58 +0000 Subject: Add a whole bunch of example entries for pam. This should help get folk over various hurdles. --- etc/pam.conf | 24 ++++++++++++++++-------- 1 file changed, 16 insertions(+), 8 deletions(-) (limited to 'etc/pam.conf') diff --git a/etc/pam.conf b/etc/pam.conf index b9b93dd..19f3e50 100644 --- a/etc/pam.conf +++ b/etc/pam.conf @@ -9,19 +9,27 @@ # # $FreeBSD$ -# If the user can authenticate with S/Key, that's sufficient. +# If the user can authenticate with S/Key, that's sufficient; allow clear +# password. Try kerberos, then try plain unix password. login auth sufficient pam_skey.so - -# Check skey.access to make sure it is OK to let the user type in -# a cleartext password. If not, then fail right here. login auth requisite pam_cleartext_pass_ok.so - -# If you want KerberosIV authentication, uncomment the next line: #login auth sufficient pam_kerberosIV.so try_first_pass - -# Traditional getpwnam() authentication. login auth required pam_unix.so try_first_pass +# r-utils are broken; ensure this doesn't bother folk +rshd auth sufficient pam_deny.so + +# Don't break startx +xserver auth required pam_permit.so + +# XDM is difficult; it fails or moans unless there are modules for each +# of the four management groups; auth, account, session and password. +xdm auth required pam_unix.so +#xdm auth sufficient pam_kerberosIV.so try_first_pass +xdm account required pam_unix.so try_first_pass +xdm session required pam_deny.so +xdm password required pam_deny.so + # If we don't match anything else, default to using getpwnam(). other auth required pam_unix.so try_first_pass other account required pam_unix.so try_first_pass -- cgit v1.1