34 # login service (explicit because of pam_dial_auth) |
18 # login service (explicit because of pam_dial_auth) |
35 # |
19 # |
36 login auth requisite pam_authtok_get.so.1 |
20 login auth requisite pam_authtok_get.so.1 |
37 login auth required pam_dhkeys.so.1 |
21 login auth required pam_dhkeys.so.1 |
38 login auth required pam_unix_cred.so.1 |
22 login auth required pam_unix_cred.so.1 |
39 login auth required pam_unix_auth.so.1 |
23 login auth sufficient pam_winbind.so.1 try_first_pass |
|
24 login auth binding pam_unix_auth.so.1 server_policy |
40 login auth required pam_dial_auth.so.1 |
25 login auth required pam_dial_auth.so.1 |
41 # |
26 # |
42 # rlogin service (explicit because of pam_rhost_auth) |
27 # rlogin service (explicit because of pam_rhost_auth) |
43 # |
28 # |
44 rlogin auth sufficient pam_rhosts_auth.so.1 |
29 rlogin auth sufficient pam_rhosts_auth.so.1 |
45 rlogin auth requisite pam_authtok_get.so.1 |
30 rlogin auth requisite pam_authtok_get.so.1 |
46 rlogin auth required pam_dhkeys.so.1 |
31 rlogin auth required pam_dhkeys.so.1 |
47 rlogin auth required pam_unix_cred.so.1 |
32 rlogin auth required pam_unix_cred.so.1 |
|
33 rlogin auth sufficient pam_winbind.so.1 try_first_pass |
48 rlogin auth required pam_unix_auth.so.1 |
34 rlogin auth required pam_unix_auth.so.1 |
49 # |
35 # |
50 # Kerberized rlogin service |
36 # Kerberized rlogin service |
51 # |
37 # |
52 krlogin auth required pam_unix_cred.so.1 |
38 krlogin auth required pam_unix_cred.so.1 |
53 krlogin auth binding pam_krb5.so.1 |
39 krlogin auth required pam_krb5.so.1 |
54 krlogin auth required pam_unix_auth.so.1 |
|
55 # |
40 # |
56 # rsh service (explicit because of pam_rhost_auth, |
41 # rsh service (explicit because of pam_rhost_auth, |
57 # and pam_unix_auth for meaningful pam_setcred) |
42 # and pam_unix_auth for meaningful pam_setcred) |
58 # |
43 # |
59 rsh auth sufficient pam_rhosts_auth.so.1 |
44 rsh auth sufficient pam_rhosts_auth.so.1 |
60 rsh auth required pam_unix_cred.so.1 |
45 rsh auth required pam_unix_cred.so.1 |
61 # |
46 # |
62 # Kerberized rsh service |
47 # Kerberized rsh service |
63 # |
48 # |
64 krsh auth required pam_unix_cred.so.1 |
49 krsh auth required pam_unix_cred.so.1 |
65 krsh auth binding pam_krb5.so.1 |
50 krsh auth required pam_krb5.so.1 |
66 krsh auth required pam_unix_auth.so.1 |
|
67 # |
51 # |
68 # Kerberized telnet service |
52 # Kerberized telnet service |
69 # |
53 # |
70 ktelnet auth required pam_unix_cred.so.1 |
54 ktelnet auth required pam_unix_cred.so.1 |
71 ktelnet auth binding pam_krb5.so.1 |
55 ktelnet auth required pam_krb5.so.1 |
72 ktelnet auth required pam_unix_auth.so.1 |
|
73 # |
56 # |
74 # PPP service (explicit because of pam_dial_auth) |
57 # PPP service (explicit because of pam_dial_auth) |
75 # |
58 # |
76 ppp auth requisite pam_authtok_get.so.1 |
59 ppp auth requisite pam_authtok_get.so.1 |
77 ppp auth required pam_dhkeys.so.1 |
60 ppp auth required pam_dhkeys.so.1 |
78 ppp auth required pam_unix_cred.so.1 |
61 ppp auth required pam_unix_cred.so.1 |
79 ppp auth required pam_unix_auth.so.1 |
62 ppp auth required pam_unix_auth.so.1 |
80 ppp auth required pam_dial_auth.so.1 |
63 ppp auth required pam_dial_auth.so.1 |
81 # |
64 # |
82 # Default definitions for Authentication management |
65 # GDM Autologin (explicit because of pam_allow). These need to be |
83 # Used when service name is not explicitly mentioned for authentication |
66 # here as there is no mechanism for packages to amend pam.conf as |
|
67 # they are installed. |
84 # |
68 # |
85 other auth requisite pam_authtok_get.so.1 |
69 gdm-autologin auth required pam_unix_cred.so.1 |
86 other auth required pam_dhkeys.so.1 |
70 gdm-autologin auth sufficient pam_allow.so.1 |
87 other auth required pam_unix_cred.so.1 |
|
88 other auth required pam_unix_auth.so.1 |
|
89 # |
|
90 # passwd command (explicit because of a different authentication module) |
|
91 # |
|
92 passwd auth required pam_passwd_auth.so.1 |
|
93 # |
|
94 # cron service (explicit because of non-usage of pam_roles.so.1) |
|
95 # |
|
96 cron account required pam_unix_account.so.1 |
|
97 # |
|
98 # Default definition for Account management |
|
99 # Used when service name is not explicitly mentioned for account management |
|
100 # |
|
101 other account requisite pam_roles.so.1 |
|
102 other account sufficient pam_unix_account.so.1 |
|
103 other account required pam_winbind.so |
|
104 # |
|
105 # Default definition for Session management |
|
106 # Used when service name is not explicitly mentioned for session management |
|
107 # |
|
108 other session required pam_unix_session.so.1 |
|
109 # |
|
110 # Default definition for Password management |
|
111 # Used when service name is not explicitly mentioned for password management |
|
112 # |
|
113 other password required pam_dhkeys.so.1 |
|
114 other password requisite pam_authtok_get.so.1 |
|
115 other password requisite pam_authtok_check.so.1 |
|
116 other password required pam_winbind.so |
|
117 other password required pam_authtok_store.so.1 |
|
118 # |
|
119 # Support for Kerberos V5 authentication and example configurations can |
|
120 # be found in the pam_krb5(5) man page under the "EXAMPLES" section. |
|
121 # |
|
122 # |
|
123 # PAM configuration |
|
124 # |
|
125 # Unless explicitly defined, all services use the modules |
|
126 # defined in the "other" section. |
|
127 # |
|
128 # Modules are defined with relative pathnames, i.e., they are |
|
129 # relative to /usr/lib/security/$ISA. Absolute path names, as |
|
130 # present in this file in previous releases are still acceptable. |
|
131 # |
|
132 # Authentication management |
|
133 # |
|
134 # login service (explicit because of pam_dial_auth) |
|
135 # |
|
136 login auth requisite pam_authtok_get.so.1 |
|
137 login auth required pam_dhkeys.so.1 |
|
138 login auth required pam_unix_cred.so.1 |
|
139 login auth required pam_unix_auth.so.1 |
|
140 login auth required pam_dial_auth.so.1 |
|
141 # |
|
142 # rlogin service (explicit because of pam_rhost_auth) |
|
143 # |
|
144 rlogin auth sufficient pam_rhosts_auth.so.1 |
|
145 rlogin auth requisite pam_authtok_get.so.1 |
|
146 rlogin auth required pam_dhkeys.so.1 |
|
147 rlogin auth required pam_unix_cred.so.1 |
|
148 rlogin auth required pam_unix_auth.so.1 |
|
149 # |
|
150 # Kerberized rlogin service |
|
151 # |
|
152 krlogin auth required pam_unix_cred.so.1 |
|
153 krlogin auth binding pam_krb5.so.1 |
|
154 krlogin auth required pam_unix_auth.so.1 |
|
155 # |
|
156 # rsh service (explicit because of pam_rhost_auth, |
|
157 # and pam_unix_auth for meaningful pam_setcred) |
|
158 # |
|
159 rsh auth sufficient pam_rhosts_auth.so.1 |
|
160 rsh auth required pam_unix_cred.so.1 |
|
161 # |
|
162 # Kerberized rsh service |
|
163 # |
|
164 krsh auth required pam_unix_cred.so.1 |
|
165 krsh auth binding pam_krb5.so.1 |
|
166 krsh auth required pam_unix_auth.so.1 |
|
167 # |
|
168 # Kerberized telnet service |
|
169 # |
|
170 ktelnet auth required pam_unix_cred.so.1 |
|
171 ktelnet auth binding pam_krb5.so.1 |
|
172 ktelnet auth required pam_unix_auth.so.1 |
|
173 # |
|
174 # PPP service (explicit because of pam_dial_auth) |
|
175 # |
|
176 ppp auth requisite pam_authtok_get.so.1 |
|
177 ppp auth required pam_dhkeys.so.1 |
|
178 ppp auth required pam_unix_cred.so.1 |
|
179 ppp auth required pam_unix_auth.so.1 |
|
180 ppp auth required pam_dial_auth.so.1 |
|
181 # |
71 # |
182 # Default definitions for Authentication management |
72 # Default definitions for Authentication management |
183 # Used when service name is not explicitly mentioned for authentication |
73 # Used when service name is not explicitly mentioned for authentication |
184 # |
74 # |
185 other auth requisite pam_authtok_get.so.1 |
75 other auth requisite pam_authtok_get.so.1 |
186 other auth required pam_dhkeys.so.1 |
76 other auth required pam_dhkeys.so.1 |
187 other auth required pam_unix_cred.so.1 |
77 other auth required pam_unix_cred.so.1 |
|
78 other auth sufficient pam_winbind.so.1 try_first_pass |
188 other auth required pam_unix_auth.so.1 |
79 other auth required pam_unix_auth.so.1 |
189 # |
80 # |
190 # passwd command (explicit because of a different authentication module) |
81 # passwd command (explicit because of a different authentication module) |
191 # |
82 # |
192 passwd auth required pam_passwd_auth.so.1 |
83 passwd auth binding pam_passwd_auth.so.1 server_policy |
|
84 passwd auth required pam_winbind.so.1 |
193 # |
85 # |
194 # cron service (explicit because of non-usage of pam_roles.so.1) |
86 # cron service (explicit because of non-usage of pam_roles.so.1) |
195 # |
87 # |
196 cron account required pam_unix_account.so.1 |
88 cron account required pam_unix_account.so.1 |
197 # |
89 # |
|
90 # cups service (explicit because of non-usage of pam_roles.so.1) |
|
91 # |
|
92 cups account required pam_unix_account.so.1 |
|
93 # |
|
94 # GDM Autologin (explicit because of pam_allow) This needs to be here |
|
95 # as there is no mechanism for packages to amend pam.conf as they are |
|
96 # installed. |
|
97 # |
|
98 gdm-autologin account sufficient pam_allow.so.1 |
|
99 # |
198 # Default definition for Account management |
100 # Default definition for Account management |
199 # Used when service name is not explicitly mentioned for account management |
101 # Used when service name is not explicitly mentioned for account management |
200 # |
102 # |
201 other account requisite pam_roles.so.1 |
103 other account requisite pam_roles.so.1 |
202 other account sufficient pam_unix_account.so.1 |
104 other account sufficient pam_winbind.so.1 |
203 other account required pam_winbind.so |
105 other account binding pam_unix_account.so.1 server_policy |
204 # |
106 # |
205 # Default definition for Session management |
107 # Default definition for Session management |
206 # Used when service name is not explicitly mentioned for session management |
108 # Used when service name is not explicitly mentioned for session management |
207 # |
109 # |
208 other session required pam_unix_session.so.1 |
110 other session required pam_unix_session.so.1 |
|
111 other session required pam_winbind.so.1 try_first_pass |
209 # |
112 # |
210 # Default definition for Password management |
113 # Default definition for Password management |
211 # Used when service name is not explicitly mentioned for password management |
114 # Used when service name is not explicitly mentioned for password management |
212 # |
115 # |
213 other password required pam_dhkeys.so.1 |
116 other password required pam_dhkeys.so.1 |
214 other password requisite pam_authtok_get.so.1 |
117 other password requisite pam_authtok_get.so.1 |
215 other password requisite pam_authtok_check.so.1 |
118 # Password construction requirements apply to all users. |
216 other password required pam_winbind.so |
119 # Remove force_check to have the traditional authorized administrator |
|
120 # bypass of construction requirements. |
|
121 other password requisite pam_authtok_check.so.1 force_check |
|
122 other password sufficient pam_winbind.so.1 try_first_pass |
217 other password required pam_authtok_store.so.1 |
123 other password required pam_authtok_store.so.1 |
218 # |
124 # |
219 # Support for Kerberos V5 authentication and example configurations can |
125 # Support for Kerberos V5 authentication and example configurations can |
220 # be found in the pam_krb5(5) man page under the "EXAMPLES" section. |
126 # be found in the pam_krb5(5) man page under the "EXAMPLES" section. |
221 # |
127 # |