--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/components/samba/samba/Solaris/pam.conf-winbind Wed May 25 18:33:43 2011 +0200
@@ -0,0 +1,221 @@
+#
+# CDDL HEADER START
+#
+# The contents of this file are subject to the terms of the
+# Common Development and Distribution License (the "License").
+# You may not use this file except in compliance with the License.
+#
+# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
+# or http://www.opensolaris.org/os/licensing.
+# See the License for the specific language governing permissions
+# and limitations under the License.
+#
+# When distributing Covered Code, include this CDDL HEADER in each
+# file and include the License file at usr/src/OPENSOLARIS.LICENSE.
+# If applicable, add the following below this CDDL HEADER, with the
+# fields enclosed by brackets "[]" replaced with your own identifying
+# information: Portions Copyright [yyyy] [name of copyright owner]
+#
+# CDDL HEADER END
+#
+# Copyright (c) 2007, 2011, Oracle and/or its affiliates. All rights reserved.
+#
+# PAM configuration
+#
+# Unless explicitly defined, all services use the modules
+# defined in the "other" section.
+#
+# Modules are defined with relative pathnames, i.e., they are
+# relative to /usr/lib/security/$ISA. Absolute path names, as
+# present in this file in previous releases are still acceptable.
+#
+# Authentication management
+#
+# login service (explicit because of pam_dial_auth)
+#
+login auth requisite pam_authtok_get.so.1
+login auth required pam_dhkeys.so.1
+login auth required pam_unix_cred.so.1
+login auth required pam_unix_auth.so.1
+login auth required pam_dial_auth.so.1
+#
+# rlogin service (explicit because of pam_rhost_auth)
+#
+rlogin auth sufficient pam_rhosts_auth.so.1
+rlogin auth requisite pam_authtok_get.so.1
+rlogin auth required pam_dhkeys.so.1
+rlogin auth required pam_unix_cred.so.1
+rlogin auth required pam_unix_auth.so.1
+#
+# Kerberized rlogin service
+#
+krlogin auth required pam_unix_cred.so.1
+krlogin auth binding pam_krb5.so.1
+krlogin auth required pam_unix_auth.so.1
+#
+# rsh service (explicit because of pam_rhost_auth,
+# and pam_unix_auth for meaningful pam_setcred)
+#
+rsh auth sufficient pam_rhosts_auth.so.1
+rsh auth required pam_unix_cred.so.1
+#
+# Kerberized rsh service
+#
+krsh auth required pam_unix_cred.so.1
+krsh auth binding pam_krb5.so.1
+krsh auth required pam_unix_auth.so.1
+#
+# Kerberized telnet service
+#
+ktelnet auth required pam_unix_cred.so.1
+ktelnet auth binding pam_krb5.so.1
+ktelnet auth required pam_unix_auth.so.1
+#
+# PPP service (explicit because of pam_dial_auth)
+#
+ppp auth requisite pam_authtok_get.so.1
+ppp auth required pam_dhkeys.so.1
+ppp auth required pam_unix_cred.so.1
+ppp auth required pam_unix_auth.so.1
+ppp auth required pam_dial_auth.so.1
+#
+# Default definitions for Authentication management
+# Used when service name is not explicitly mentioned for authentication
+#
+other auth requisite pam_authtok_get.so.1
+other auth required pam_dhkeys.so.1
+other auth required pam_unix_cred.so.1
+other auth required pam_unix_auth.so.1
+#
+# passwd command (explicit because of a different authentication module)
+#
+passwd auth required pam_passwd_auth.so.1
+#
+# cron service (explicit because of non-usage of pam_roles.so.1)
+#
+cron account required pam_unix_account.so.1
+#
+# Default definition for Account management
+# Used when service name is not explicitly mentioned for account management
+#
+other account requisite pam_roles.so.1
+other account sufficient pam_unix_account.so.1
+other account required pam_winbind.so
+#
+# Default definition for Session management
+# Used when service name is not explicitly mentioned for session management
+#
+other session required pam_unix_session.so.1
+#
+# Default definition for Password management
+# Used when service name is not explicitly mentioned for password management
+#
+other password required pam_dhkeys.so.1
+other password requisite pam_authtok_get.so.1
+other password requisite pam_authtok_check.so.1
+other password required pam_winbind.so
+other password required pam_authtok_store.so.1
+#
+# Support for Kerberos V5 authentication and example configurations can
+# be found in the pam_krb5(5) man page under the "EXAMPLES" section.
+#
+#
+# PAM configuration
+#
+# Unless explicitly defined, all services use the modules
+# defined in the "other" section.
+#
+# Modules are defined with relative pathnames, i.e., they are
+# relative to /usr/lib/security/$ISA. Absolute path names, as
+# present in this file in previous releases are still acceptable.
+#
+# Authentication management
+#
+# login service (explicit because of pam_dial_auth)
+#
+login auth requisite pam_authtok_get.so.1
+login auth required pam_dhkeys.so.1
+login auth required pam_unix_cred.so.1
+login auth required pam_unix_auth.so.1
+login auth required pam_dial_auth.so.1
+#
+# rlogin service (explicit because of pam_rhost_auth)
+#
+rlogin auth sufficient pam_rhosts_auth.so.1
+rlogin auth requisite pam_authtok_get.so.1
+rlogin auth required pam_dhkeys.so.1
+rlogin auth required pam_unix_cred.so.1
+rlogin auth required pam_unix_auth.so.1
+#
+# Kerberized rlogin service
+#
+krlogin auth required pam_unix_cred.so.1
+krlogin auth binding pam_krb5.so.1
+krlogin auth required pam_unix_auth.so.1
+#
+# rsh service (explicit because of pam_rhost_auth,
+# and pam_unix_auth for meaningful pam_setcred)
+#
+rsh auth sufficient pam_rhosts_auth.so.1
+rsh auth required pam_unix_cred.so.1
+#
+# Kerberized rsh service
+#
+krsh auth required pam_unix_cred.so.1
+krsh auth binding pam_krb5.so.1
+krsh auth required pam_unix_auth.so.1
+#
+# Kerberized telnet service
+#
+ktelnet auth required pam_unix_cred.so.1
+ktelnet auth binding pam_krb5.so.1
+ktelnet auth required pam_unix_auth.so.1
+#
+# PPP service (explicit because of pam_dial_auth)
+#
+ppp auth requisite pam_authtok_get.so.1
+ppp auth required pam_dhkeys.so.1
+ppp auth required pam_unix_cred.so.1
+ppp auth required pam_unix_auth.so.1
+ppp auth required pam_dial_auth.so.1
+#
+# Default definitions for Authentication management
+# Used when service name is not explicitly mentioned for authentication
+#
+other auth requisite pam_authtok_get.so.1
+other auth required pam_dhkeys.so.1
+other auth required pam_unix_cred.so.1
+other auth required pam_unix_auth.so.1
+#
+# passwd command (explicit because of a different authentication module)
+#
+passwd auth required pam_passwd_auth.so.1
+#
+# cron service (explicit because of non-usage of pam_roles.so.1)
+#
+cron account required pam_unix_account.so.1
+#
+# Default definition for Account management
+# Used when service name is not explicitly mentioned for account management
+#
+other account requisite pam_roles.so.1
+other account sufficient pam_unix_account.so.1
+other account required pam_winbind.so
+#
+# Default definition for Session management
+# Used when service name is not explicitly mentioned for session management
+#
+other session required pam_unix_session.so.1
+#
+# Default definition for Password management
+# Used when service name is not explicitly mentioned for password management
+#
+other password required pam_dhkeys.so.1
+other password requisite pam_authtok_get.so.1
+other password requisite pam_authtok_check.so.1
+other password required pam_winbind.so
+other password required pam_authtok_store.so.1
+#
+# Support for Kerberos V5 authentication and example configurations can
+# be found in the pam_krb5(5) man page under the "EXAMPLES" section.
+#