1998-11-20 23:20:01 +00:00
|
|
|
# Configuration file for Pluggable Authentication Modules (PAM).
|
|
|
|
#
|
|
|
|
# This file controls the authentication methods that login and other
|
|
|
|
# utilities use. See pam(8) for a description of its format.
|
|
|
|
#
|
|
|
|
# Note: the final entry must say "required" -- otherwise, things don't
|
|
|
|
# work quite right. If you delete the final entry, be sure to change
|
|
|
|
# "sufficient" to "required" in the entry before it.
|
|
|
|
#
|
|
|
|
# $FreeBSD$
|
|
|
|
|
2000-01-04 06:08:58 +00:00
|
|
|
# If the user can authenticate with S/Key, that's sufficient; allow clear
|
|
|
|
# password. Try kerberos, then try plain unix password.
|
1998-11-20 23:20:01 +00:00
|
|
|
login auth sufficient pam_skey.so
|
|
|
|
login auth requisite pam_cleartext_pass_ok.so
|
|
|
|
#login auth sufficient pam_kerberosIV.so try_first_pass
|
|
|
|
login auth required pam_unix.so try_first_pass
|
1999-12-21 08:36:10 +00:00
|
|
|
|
2000-02-12 20:22:20 +00:00
|
|
|
# Same requirement for ftpd as login
|
|
|
|
ftpd auth sufficient pam_skey.so
|
|
|
|
ftpd auth requisite pam_cleartext_pass_ok.so
|
|
|
|
#ftpd auth sufficient pam_kerberosIV.so try_first_pass
|
|
|
|
ftpd auth required pam_unix.so try_first_pass
|
|
|
|
|
2000-12-05 03:01:33 +00:00
|
|
|
# OpenSSH with PAM support requires similar modules. The session one is
|
|
|
|
# a bit strange, though...
|
|
|
|
sshd auth sufficient pam_skey.so
|
|
|
|
sshd auth required pam_unix.so try_first_pass
|
|
|
|
sshd session required pam_permit.so
|
|
|
|
|
2000-01-04 06:08:58 +00:00
|
|
|
# Don't break startx
|
|
|
|
xserver auth required pam_permit.so
|
|
|
|
|
|
|
|
# XDM is difficult; it fails or moans unless there are modules for each
|
|
|
|
# of the four management groups; auth, account, session and password.
|
|
|
|
xdm auth required pam_unix.so
|
|
|
|
#xdm auth sufficient pam_kerberosIV.so try_first_pass
|
|
|
|
xdm account required pam_unix.so try_first_pass
|
|
|
|
xdm session required pam_deny.so
|
|
|
|
xdm password required pam_deny.so
|
|
|
|
|
2000-01-10 14:08:30 +00:00
|
|
|
# Mail services
|
|
|
|
imap auth required pam_unix.so try_first_pass
|
|
|
|
pop3 auth required pam_unix.so try_first_pass
|
|
|
|
|
1999-12-21 08:36:10 +00:00
|
|
|
# If we don't match anything else, default to using getpwnam().
|
1999-12-21 08:39:26 +00:00
|
|
|
other auth required pam_unix.so try_first_pass
|
|
|
|
other account required pam_unix.so try_first_pass
|