1 # |
|
2 # |
|
3 # |
|
4 # |
|
5 # Copyright (c) 1996, 2011, Oracle and/or its affiliates. All rights reserved. |
|
6 # |
|
7 # PAM configuration |
|
8 # |
|
9 # Unless explicitly defined, all services use the modules |
|
10 # defined in the "other" section. |
|
11 # |
|
12 # Modules are defined with relative pathnames, i.e., they are |
|
13 # relative to /usr/lib/security/$ISA. Absolute path names, as |
|
14 # present in this file in previous releases are still acceptable. |
|
15 # |
|
16 # Authentication management |
|
17 # |
|
18 # login service (explicit because of pam_dial_auth) |
|
19 # |
|
20 login auth requisite pam_authtok_get.so.1 |
|
21 login auth required pam_dhkeys.so.1 |
|
22 login auth required pam_unix_cred.so.1 |
|
23 login auth sufficient pam_winbind.so.1 try_first_pass |
|
24 login auth binding pam_unix_auth.so.1 server_policy |
|
25 login auth required pam_dial_auth.so.1 |
|
26 # |
|
27 # rlogin service (explicit because of pam_rhost_auth) |
|
28 # |
|
29 rlogin auth sufficient pam_rhosts_auth.so.1 |
|
30 rlogin auth requisite pam_authtok_get.so.1 |
|
31 rlogin auth required pam_dhkeys.so.1 |
|
32 rlogin auth required pam_unix_cred.so.1 |
|
33 rlogin auth sufficient pam_winbind.so.1 try_first_pass |
|
34 rlogin auth required pam_unix_auth.so.1 |
|
35 # |
|
36 # Kerberized rlogin service |
|
37 # |
|
38 krlogin auth required pam_unix_cred.so.1 |
|
39 krlogin auth required pam_krb5.so.1 |
|
40 # |
|
41 # rsh service (explicit because of pam_rhost_auth, |
|
42 # and pam_unix_auth for meaningful pam_setcred) |
|
43 # |
|
44 rsh auth sufficient pam_rhosts_auth.so.1 |
|
45 rsh auth required pam_unix_cred.so.1 |
|
46 # |
|
47 # Kerberized rsh service |
|
48 # |
|
49 krsh auth required pam_unix_cred.so.1 |
|
50 krsh auth required pam_krb5.so.1 |
|
51 # |
|
52 # Kerberized telnet service |
|
53 # |
|
54 ktelnet auth required pam_unix_cred.so.1 |
|
55 ktelnet auth required pam_krb5.so.1 |
|
56 # |
|
57 # PPP service (explicit because of pam_dial_auth) |
|
58 # |
|
59 ppp auth requisite pam_authtok_get.so.1 |
|
60 ppp auth required pam_dhkeys.so.1 |
|
61 ppp auth required pam_unix_cred.so.1 |
|
62 ppp auth required pam_unix_auth.so.1 |
|
63 ppp auth required pam_dial_auth.so.1 |
|
64 # |
|
65 # GDM Autologin (explicit because of pam_allow). These need to be |
|
66 # here as there is no mechanism for packages to amend pam.conf as |
|
67 # they are installed. |
|
68 # |
|
69 gdm-autologin auth required pam_unix_cred.so.1 |
|
70 gdm-autologin auth sufficient pam_allow.so.1 |
|
71 # |
|
72 # Default definitions for Authentication management |
|
73 # Used when service name is not explicitly mentioned for authentication |
|
74 # |
|
75 other auth requisite pam_authtok_get.so.1 |
|
76 other auth required pam_dhkeys.so.1 |
|
77 other auth required pam_unix_cred.so.1 |
|
78 other auth sufficient pam_winbind.so.1 try_first_pass |
|
79 other auth required pam_unix_auth.so.1 |
|
80 # |
|
81 # passwd command (explicit because of a different authentication module) |
|
82 # |
|
83 passwd auth binding pam_passwd_auth.so.1 server_policy |
|
84 passwd auth required pam_winbind.so.1 |
|
85 # |
|
86 # cron service (explicit because of non-usage of pam_roles.so.1) |
|
87 # |
|
88 cron account required pam_unix_account.so.1 |
|
89 # |
|
90 # cups service (explicit because of non-usage of pam_roles.so.1) |
|
91 # |
|
92 cups account required pam_unix_account.so.1 |
|
93 # |
|
94 # GDM Autologin (explicit because of pam_allow) This needs to be here |
|
95 # as there is no mechanism for packages to amend pam.conf as they are |
|
96 # installed. |
|
97 # |
|
98 gdm-autologin account sufficient pam_allow.so.1 |
|
99 # |
|
100 # Default definition for Account management |
|
101 # Used when service name is not explicitly mentioned for account management |
|
102 # |
|
103 other account requisite pam_roles.so.1 |
|
104 other account sufficient pam_winbind.so.1 |
|
105 other account binding pam_unix_account.so.1 server_policy |
|
106 # |
|
107 # Default definition for Session management |
|
108 # Used when service name is not explicitly mentioned for session management |
|
109 # |
|
110 other session required pam_unix_session.so.1 |
|
111 other session required pam_winbind.so.1 try_first_pass |
|
112 # |
|
113 # Default definition for Password management |
|
114 # Used when service name is not explicitly mentioned for password management |
|
115 # |
|
116 other password required pam_dhkeys.so.1 |
|
117 other password requisite pam_authtok_get.so.1 |
|
118 # Password construction requirements apply to all users. |
|
119 # Remove force_check to have the traditional authorized administrator |
|
120 # bypass of construction requirements. |
|
121 other password requisite pam_authtok_check.so.1 force_check |
|
122 other password sufficient pam_winbind.so.1 try_first_pass |
|
123 other password required pam_authtok_store.so.1 |
|
124 # |
|
125 # Support for Kerberos V5 authentication and example configurations can |
|
126 # be found in the pam_krb5(5) man page under the "EXAMPLES" section. |
|
127 # |
|