Add a sample "/etc/pam.conf" file that configures the authentication
methods used by login. Changes to "/usr/bin/login" to use it will be committed later today. The format of the file is described in pam(8). This sample file makes login behave in the traditional way. To wit, it enables authentication via S/Key and passwd/NIS lookups. KerberosIV authentication is present in the sample file but commented out. As a safety net and a transition aid, login will fall back on built-in passwd/NIS authentication if this configuration file is missing or if some other fatal PAM error occurs. This file will eventually replace "/etc/auth.conf", but not until I've finished converting the other utilities, such as passwd and su.
This commit is contained in:
John Polstra
parent
36c84dd2b3
commit
d08484e099
Notes:
svn2git
2020-12-20 02:59:44 +00:00
svn path=/head/; revision=41274
@ -1,12 +1,13 @@
|
||||
# from: @(#)Makefile 5.11 (Berkeley) 5/21/91
|
||||
# $Id: Makefile,v 1.178 1998/10/06 19:24:14 phk Exp $
|
||||
# $Id: Makefile,v 1.179 1998/10/08 06:12:04 markm Exp $
|
||||
|
||||
SUBDIR= sendmail
|
||||
|
||||
BIN1= aliases amd.map crontab csh.cshrc csh.login csh.logout dm.conf \
|
||||
fbtab ftpusers gettytab group hosts host.conf hosts.equiv hosts.lpd \
|
||||
inetd.conf auth.conf login.conf login.access motd modems networks \
|
||||
newsyslog.conf phones pccard.conf.sample printcap profile protocols \
|
||||
newsyslog.conf pam.conf phones pccard.conf.sample \
|
||||
printcap profile protocols \
|
||||
rc rc.atm rc.conf rc.devfs rc.firewall rc.local rc.network rc.pccard \
|
||||
rc.serial rc.shutdown etc.${MACHINE_ARCH}/rc.${MACHINE_ARCH} \
|
||||
remote security services shells syslog.conf \
|
||||
|
||||
23
etc/pam.conf
Normal file
23
etc/pam.conf
Normal file
@ -0,0 +1,23 @@
|
||||
# Configuration file for Pluggable Authentication Modules (PAM).
|
||||
#
|
||||
# This file controls the authentication methods that login and other
|
||||
# utilities use. See pam(8) for a description of its format.
|
||||
#
|
||||
# Note: the final entry must say "required" -- otherwise, things don't
|
||||
# work quite right. If you delete the final entry, be sure to change
|
||||
# "sufficient" to "required" in the entry before it.
|
||||
#
|
||||
# $FreeBSD$
|
||||
|
||||
# If the user can authenticate with S/Key, that's sufficient.
|
||||
login auth sufficient pam_skey.so
|
||||
|
||||
# Check skey.access to make sure it is OK to let the user type in
|
||||
# a cleartext password. If not, then fail right here.
|
||||
login auth requisite pam_cleartext_pass_ok.so
|
||||
|
||||
# If you want KerberosIV authentication, uncomment the next line:
|
||||
#login auth sufficient pam_kerberosIV.so try_first_pass
|
||||
|
||||
# Traditional getpwnam() authentication.
|
||||
login auth required pam_unix.so try_first_pass
|
||||
Loading…
Reference in New Issue
Block a user