Project

General

Profile

Bug #11671 » pam.conf

My pam configuration (for good measure) - Adam Stylinski, 2019-09-10 03:42 PM

 
1
#
2
# CDDL HEADER START
3
#
4
# The contents of this file are subject to the terms of the
5
# Common Development and Distribution License (the "License").
6
# You may not use this file except in compliance with the License.
7
#
8
# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9
# or http://www.opensolaris.org/os/licensing.
10
# See the License for the specific language governing permissions
11
# and limitations under the License.
12
#
13
# When distributing Covered Code, include this CDDL HEADER in each
14
# file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15
# If applicable, add the following below this CDDL HEADER, with the
16
# fields enclosed by brackets "[]" replaced with your own identifying
17
# information: Portions Copyright [yyyy] [name of copyright owner]
18
#
19
# CDDL HEADER END
20
#
21
#
22
# Copyright 2010 Sun Microsystems, Inc.  All rights reserved.
23
# Use is subject to license terms.
24
#
25
# PAM configuration
26
#
27
# Unless explicitly defined, all services use the modules
28
# defined in the "other" section.
29
#
30
# Modules are defined with relative pathnames, i.e., they are
31
# relative to /usr/lib/security/$ISA. Absolute path names, as
32
# present in this file in previous releases are still acceptable.
33
#
34
# Authentication management
35
#
36
# login service (explicit because of pam_dial_auth)
37
#
38
login	auth requisite		pam_authtok_get.so.1
39
login	auth required		pam_dhkeys.so.1
40
login	auth required		pam_unix_cred.so.1
41
login	auth sufficient		pam_krb5.so.1 debug
42
login	auth required		pam_unix_auth.so.1
43
login	auth required		pam_dial_auth.so.1
44
#
45
# rlogin service (explicit because of pam_rhost_auth)
46
#
47
rlogin	auth sufficient		pam_rhosts_auth.so.1
48
rlogin	auth requisite		pam_authtok_get.so.1
49
rlogin	auth required		pam_dhkeys.so.1
50
rlogin	auth required		pam_unix_cred.so.1
51
rlogin	auth required		pam_unix_auth.so.1
52
#
53
# Kerberized rlogin service
54
#
55
krlogin	auth required		pam_unix_cred.so.1
56
krlogin	auth required		pam_krb5.so.1
57
#
58
# rsh service (explicit because of pam_rhost_auth,
59
# and pam_unix_auth for meaningful pam_setcred)
60
#
61
rsh	auth sufficient		pam_rhosts_auth.so.1
62
rsh	auth required		pam_unix_cred.so.1
63
#
64
# Kerberized rsh service
65
#
66
krsh	auth required		pam_unix_cred.so.1
67
krsh	auth required		pam_krb5.so.1
68
#
69
# Kerberized telnet service
70
#
71
ktelnet	auth required		pam_unix_cred.so.1
72
ktelnet	auth required		pam_krb5.so.1
73
#
74
# PPP service (explicit because of pam_dial_auth)
75
#
76
ppp	auth requisite		pam_authtok_get.so.1
77
ppp	auth required		pam_dhkeys.so.1
78
ppp	auth required		pam_unix_cred.so.1
79
ppp	auth required		pam_unix_auth.so.1
80
ppp	auth required		pam_dial_auth.so.1
81
#
82
# GDM Autologin (explicit because of pam_allow).  These need to be
83
# here as there is no mechanism for packages to amend pam.conf as
84
# they are installed.
85
#
86
gdm-autologin auth  required    pam_unix_cred.so.1
87
gdm-autologin auth  sufficient  pam_allow.so.1
88
#
89
# Default definitions for Authentication management
90
# Used when service name is not explicitly mentioned for authentication
91
#
92
other	auth requisite		pam_authtok_get.so.1
93
other	auth required		pam_dhkeys.so.1
94
other	auth required		pam_unix_cred.so.1
95
other	auth sufficient		pam_krb5.so.1 debug
96
other	auth required		pam_unix_auth.so.1
97
#
98
# passwd command (explicit because of a different authentication module)
99
#
100
passwd	auth required		pam_passwd_auth.so.1
101
#
102
# cron service (explicit because of non-usage of pam_roles.so.1)
103
#
104
cron	account required	pam_unix_account.so.1
105
#
106
# cups service (explicit because of non-usage of pam_roles.so.1)
107
#
108
cups	account	required	pam_unix_account.so.1
109
#
110
# GDM Autologin (explicit because of pam_allow) This needs to be here
111
# as there is no mechanism for packages to amend pam.conf as they are
112
# installed.
113
#
114
gdm-autologin account  sufficient  pam_allow.so.1
115
#
116
# Default definition for Account management
117
# Used when service name is not explicitly mentioned for account management
118
#
119
other	account requisite	pam_roles.so.1
120
other	account required	pam_unix_account.so.1
121
other   account required        pam_krb5.so.1 debug
122
#
123
# Default definition for Session management
124
# Used when service name is not explicitly mentioned for session management
125
#
126
other	session required	pam_unix_session.so.1
127
other	session required	pam_krb5.so.1 debug
128
#
129
# Default definition for Password management
130
# Used when service name is not explicitly mentioned for password management
131
#
132
other	password required	pam_dhkeys.so.1
133
other	password requisite	pam_authtok_get.so.1
134
other	password requisite	pam_authtok_check.so.1
135
other	password sufficient	pam_krb5.so.1 debug
136
other	password required	pam_authtok_store.so.1
137
#
138
# Support for Kerberos V5 authentication and example configurations can
139
# be found in the pam_krb5(5) man page under the "EXAMPLES" section.
140
#
(3-3/5)