blob: 6067ea1e335d890c56be82edf541f02c7daa71c9 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
|
#if HAVE_ENV
auth required pam_env.so DEBUG
#endif
#if HAVE_FAILOCK
auth required pam_faillock.so preauth silent audit deny=3 unlock_time=600
auth sufficient pam_unix.so nullok try_first_pass
auth [default=die] pam_faillock.so authfail audit deny=3 unlock_time=600
#endif
#if HAVE_PAM_SSH
auth sufficient pam_ssh.so
#endif
#if HAVE_KRB5
auth KRB5_CONTROL pam_krb5.so KRB5_PARAMS
#endif
auth required pam_unix.so try_first_pass LIKEAUTH NULLOK DEBUG
/* This is needed to make sure that the Kerberos skip-on-success won't cause a bad jump. */
auth optional pam_permit.so
#if HAVE_KRB5
account KRB5_CONTROL pam_krb5.so KRB5_PARAMS
#endif
account required pam_unix.so DEBUG
/* This is needed to make sure that the Kerberos skip-on-success won't cause a bad jump. */
account optional pam_permit.so
#if HAVE_FAILLOCK
account required pam_faillock.so
#endif
#if HAVE_PASSWDQC
password required pam_passwdqc.so min=8,8,8,8,8 retry=3
#endif
#if HAVE_KRB5
password KRB5_CONTROL pam_krb5.so KRB5_PARAMS
#endif
password required pam_unix.so try_first_pass UNIX_AUTHTOK NULLOK UNIX_EXTENDED_ENCRYPTION DEBUG
/* This is needed to make sure that the Kerberos skip-on-success won't cause a bad jump. */
password optional pam_permit.so
#if HAVE_PAM_SSH
session optional pam_ssh.so
#endif
#if HAVE_SYSTEMD
-session optional pam_systemd.so
#endif
#if HAVE_ELOGIND
-session optional pam_elogind.so
#endif
#if HAVE_LIBCAP
auth optional pam_cap.so
#endif
#include "system-session.inc"
|
GitWeb
