|
Last change
on this file since 2345 was
1068,
checked in by quentin, 17 years ago
|
|
Disallow root keyboard-interactive logins
|
|
File size:
897 bytes
|
| Line | |
|---|
| 1 | #%PAM-1.0 |
|---|
| 2 | # Authentication modules |
|---|
| 3 | |
|---|
| 4 | # If their user exists (success), |
|---|
| 5 | auth [success=ignore ignore=ignore default=1] pam_succeed_if.so uid >= 0 |
|---|
| 6 | # print the "You don't have tickets" error: |
|---|
| 7 | auth [success=die ignore=reset default=die] pam_echo.so file=/etc/issue.net.no_tkt |
|---|
| 8 | # else print the "your account doesn't exist" error: |
|---|
| 9 | auth [success=die ignore=reset default=die] pam_echo.so file=/etc/issue.net.no_user |
|---|
| 10 | |
|---|
| 11 | # Set environment variables: |
|---|
| 12 | auth required pam_env.so |
|---|
| 13 | # Use Unix authentication and succeed immediately (sufficient): |
|---|
| 14 | auth sufficient pam_unix.so try_first_pass |
|---|
| 15 | # If they somehow slipped through, deny: |
|---|
| 16 | auth required pam_deny.so |
|---|
| 17 | |
|---|
| 18 | account required pam_nologin.so |
|---|
| 19 | account include system-auth |
|---|
| 20 | password include system-auth |
|---|
| 21 | session optional pam_keyinit.so force revoke |
|---|
| 22 | session include system-auth |
|---|
| 23 | session required pam_loginuid.so |
|---|
Note: See
TracBrowser
for help on using the repository browser.
