blob: 4bc2f083bb99be30b36ef833a5695af63b5b9d04 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
|
# Configuration file for Pluggable Authentication Modules (PAM).
#
# This file controls the authentication methods that login and other
# utilities use. See pam(8) for a description of its format.
#
# Note: the final entry must say "required" -- otherwise, things don't
# work quite right. If you delete the final entry, be sure to change
# "sufficient" to "required" in the entry before it.
#
# $FreeBSD$
# If the user can authenticate with S/Key, that's sufficient; allow clear
# password. Try kerberos, then try plain unix password.
login auth sufficient pam_skey.so
login auth requisite pam_cleartext_pass_ok.so
#login auth sufficient pam_kerberosIV.so try_first_pass
login auth required pam_unix.so try_first_pass
# Same requirement for ftpd as login
ftpd auth sufficient pam_skey.so
ftpd auth requisite pam_cleartext_pass_ok.so
#ftpd auth sufficient pam_kerberosIV.so try_first_pass
ftpd auth required pam_unix.so try_first_pass
# OpenSSH with PAM support requires similar modules. The session one is
# a bit strange, though...
sshd auth sufficient pam_skey.so
#sshd auth sufficient pam_kerberosIV.so try_first_pass
sshd auth required pam_unix.so try_first_pass
sshd session required pam_permit.so
# Don't break startx
xserver auth required pam_permit.so
# XDM is difficult; it fails or moans unless there are modules for each
# of the four management groups; auth, account, session and password.
xdm auth required pam_unix.so
#xdm auth sufficient pam_kerberosIV.so try_first_pass
xdm account required pam_unix.so try_first_pass
xdm session required pam_deny.so
xdm password required pam_deny.so
# Mail services
imap auth required pam_unix.so try_first_pass
pop3 auth required pam_unix.so try_first_pass
# If we don't match anything else, default to using getpwnam().
other auth required pam_unix.so try_first_pass
other account required pam_unix.so try_first_pass
|