Awright, egg on my face. I should have taken more time with this. The
conversion script generated the wrong format, so the configuration files didn't actually work. Good thing I hadn't thrown the switch yet... Sponsored by: DARPA, NAI Labs (but the f***ups are all mine)
This commit is contained in:
Dag-Erling Smørgrav
parent
722b228aba
commit
426ae370f4
@ -14,12 +14,12 @@ is a summary of the format for the pam.conf and /etc/pam.d/* files.
|
||||
|
||||
Configuration lines take the following form:
|
||||
|
||||
service-name module-type control-flag module-path arguments
|
||||
module-type control-flag module-path arguments
|
||||
|
||||
Comments are introduced with a hash mark ('#'). Blank lines and lines
|
||||
consisting entirely of comments are ignored.
|
||||
|
||||
The meanings of the various fields are as follows:
|
||||
The meanings of the different fields are as follows:
|
||||
|
||||
module-type:
|
||||
auth: prompt for a password to authenticate that the user is
|
||||
|
||||
@ -40,6 +40,7 @@ use Fcntl;
|
||||
use vars qw(%SERVICES);
|
||||
|
||||
MAIN:{
|
||||
my $line;
|
||||
my $service;
|
||||
my $type;
|
||||
local *FILE;
|
||||
@ -47,8 +48,11 @@ MAIN:{
|
||||
while (<>) {
|
||||
chomp();
|
||||
s/\s*$//;
|
||||
next unless m/^\#*(\w+)\s+(auth|account|session|password)\s+(\S.*)$/;
|
||||
push(@{$SERVICES{$1}->{$2}}, $_);
|
||||
next unless m/^(\#*)(\w+)\s+(auth|account|session|password)\s+(\S.*)$/;
|
||||
$line = $1.$3;
|
||||
$line .= "\t" x ((16 - length($line) + 7) / 8);
|
||||
$line .= $4;
|
||||
push(@{$SERVICES{$2}->{$3}}, $line);
|
||||
}
|
||||
|
||||
foreach $service (keys(%SERVICES)) {
|
||||
|
||||
@ -5,4 +5,4 @@
|
||||
#
|
||||
|
||||
# auth
|
||||
csshd auth required pam_opie.so no_warn
|
||||
auth required pam_opie.so no_warn
|
||||
|
||||
@ -5,20 +5,20 @@
|
||||
#
|
||||
|
||||
# auth
|
||||
ftp auth required pam_nologin.so no_warn
|
||||
#ftp auth sufficient pam_kerberosIV.so no_warn
|
||||
#ftp auth sufficient pam_krb5.so no_warn
|
||||
#ftp auth required pam_opie.so no_warn
|
||||
#ftp auth required pam_ssh.so no_warn try_first_pass
|
||||
ftp auth required pam_unix.so no_warn try_first_pass
|
||||
auth required pam_nologin.so no_warn
|
||||
#auth sufficient pam_kerberosIV.so no_warn
|
||||
#auth sufficient pam_krb5.so no_warn
|
||||
#auth required pam_opie.so no_warn
|
||||
#auth required pam_ssh.so no_warn try_first_pass
|
||||
auth required pam_unix.so no_warn try_first_pass
|
||||
|
||||
# account
|
||||
#ftp account required pam_kerberosIV.so
|
||||
#ftp account required pam_krb5.so
|
||||
ftp account required pam_unix.so
|
||||
#account required pam_kerberosIV.so
|
||||
#account required pam_krb5.so
|
||||
account required pam_unix.so
|
||||
|
||||
# session
|
||||
#ftp session required pam_kerberosIV.so
|
||||
#ftp session required pam_krb5.so
|
||||
#ftp session required pam_ssh.so
|
||||
ftp session required pam_unix.so
|
||||
#session required pam_kerberosIV.so
|
||||
#session required pam_krb5.so
|
||||
#session required pam_ssh.so
|
||||
session required pam_unix.so
|
||||
|
||||
@ -5,20 +5,20 @@
|
||||
#
|
||||
|
||||
# auth
|
||||
ftpd auth required pam_nologin.so no_warn
|
||||
#ftpd auth sufficient pam_kerberosIV.so no_warn
|
||||
#ftpd auth sufficient pam_krb5.so no_warn
|
||||
#ftpd auth required pam_opie.so no_warn
|
||||
#ftpd auth required pam_ssh.so no_warn try_first_pass
|
||||
ftpd auth required pam_unix.so no_warn try_first_pass
|
||||
auth required pam_nologin.so no_warn
|
||||
#auth sufficient pam_kerberosIV.so no_warn
|
||||
#auth sufficient pam_krb5.so no_warn
|
||||
#auth required pam_opie.so no_warn
|
||||
#auth required pam_ssh.so no_warn try_first_pass
|
||||
auth required pam_unix.so no_warn try_first_pass
|
||||
|
||||
# account
|
||||
#ftpd account required pam_kerberosIV.so
|
||||
#ftpd account required pam_krb5.so
|
||||
ftpd account required pam_unix.so
|
||||
#account required pam_kerberosIV.so
|
||||
#account required pam_krb5.so
|
||||
account required pam_unix.so
|
||||
|
||||
# session
|
||||
#ftpd session required pam_kerberosIV.so
|
||||
#ftpd session required pam_krb5.so
|
||||
#ftpd session required pam_ssh.so
|
||||
ftpd session required pam_unix.so
|
||||
#session required pam_kerberosIV.so
|
||||
#session required pam_krb5.so
|
||||
#session required pam_ssh.so
|
||||
session required pam_unix.so
|
||||
|
||||
@ -5,22 +5,22 @@
|
||||
#
|
||||
|
||||
# auth
|
||||
gdm auth required pam_nologin.so no_warn
|
||||
#gdm auth sufficient pam_kerberosIV.so no_warn try_first_pass
|
||||
#gdm auth sufficient pam_krb5.so no_warn try_first_pass
|
||||
#gdm auth sufficient pam_ssh.so no_warn try_first_pass
|
||||
gdm auth required pam_unix.so no_warn try_first_pass
|
||||
auth required pam_nologin.so no_warn
|
||||
#auth sufficient pam_kerberosIV.so no_warn try_first_pass
|
||||
#auth sufficient pam_krb5.so no_warn try_first_pass
|
||||
#auth sufficient pam_ssh.so no_warn try_first_pass
|
||||
auth required pam_unix.so no_warn try_first_pass
|
||||
|
||||
# account
|
||||
#gdm account required pam_kerberosIV.so
|
||||
#gdm account required pam_krb5.so
|
||||
gdm account required pam_unix.so
|
||||
#account required pam_kerberosIV.so
|
||||
#account required pam_krb5.so
|
||||
account required pam_unix.so
|
||||
|
||||
# session
|
||||
#gdm session required pam_kerberosIV.so
|
||||
#gdm session required pam_krb5.so
|
||||
#gdm session required pam_ssh.so
|
||||
gdm session required pam_unix.so
|
||||
#session required pam_kerberosIV.so
|
||||
#session required pam_krb5.so
|
||||
#session required pam_ssh.so
|
||||
session required pam_unix.so
|
||||
|
||||
# password
|
||||
gdm password required pam_deny.so
|
||||
password required pam_deny.so
|
||||
|
||||
@ -5,7 +5,7 @@
|
||||
#
|
||||
|
||||
# auth
|
||||
#imap auth required pam_nologin.so no_warn
|
||||
#imap auth required pam_opie.so no_warn
|
||||
#imap auth required pam_ssh.so no_warn try_first_pass
|
||||
#imap auth required pam_unix.so no_warn try_first_pass
|
||||
#auth required pam_nologin.so no_warn
|
||||
#auth required pam_opie.so no_warn
|
||||
#auth required pam_ssh.so no_warn try_first_pass
|
||||
#auth required pam_unix.so no_warn try_first_pass
|
||||
|
||||
@ -5,9 +5,9 @@
|
||||
#
|
||||
|
||||
# auth
|
||||
kde auth required pam_nologin.so no_warn
|
||||
#kde auth sufficient pam_opie.so no_warn
|
||||
#kde auth sufficient pam_kerberosIV.so no_warn try_first_pass
|
||||
#kde auth sufficient pam_krb5.so no_warn try_first_pass
|
||||
#kde auth required pam_ssh.so no_warn try_first_pass
|
||||
kde auth required pam_unix.so no_warn try_first_pass
|
||||
auth required pam_nologin.so no_warn
|
||||
#auth sufficient pam_opie.so no_warn
|
||||
#auth sufficient pam_kerberosIV.so no_warn try_first_pass
|
||||
#auth sufficient pam_krb5.so no_warn try_first_pass
|
||||
#auth required pam_ssh.so no_warn try_first_pass
|
||||
auth required pam_unix.so no_warn try_first_pass
|
||||
|
||||
@ -5,26 +5,26 @@
|
||||
#
|
||||
|
||||
# auth
|
||||
login auth required pam_nologin.so no_warn
|
||||
#login auth sufficient pam_opie.so no_warn
|
||||
#login auth sufficient pam_kerberosIV.so no_warn try_first_pass
|
||||
#login auth sufficient pam_krb5.so no_warn try_first_pass
|
||||
#login auth required pam_ssh.so no_warn try_first_pass
|
||||
login auth required pam_unix.so no_warn try_first_pass
|
||||
auth required pam_nologin.so no_warn
|
||||
#auth sufficient pam_opie.so no_warn
|
||||
#auth sufficient pam_kerberosIV.so no_warn try_first_pass
|
||||
#auth sufficient pam_krb5.so no_warn try_first_pass
|
||||
#auth required pam_ssh.so no_warn try_first_pass
|
||||
auth required pam_unix.so no_warn try_first_pass
|
||||
|
||||
# account
|
||||
#login account required pam_kerberosIV.so
|
||||
#login account required pam_krb5.so
|
||||
login account required pam_unix.so
|
||||
#account required pam_kerberosIV.so
|
||||
#account required pam_krb5.so
|
||||
account required pam_unix.so
|
||||
|
||||
# session
|
||||
#login session required pam_kerberosIV.so
|
||||
#login session required pam_krb5.so
|
||||
#login session required pam_ssh.so
|
||||
login session required pam_unix.so
|
||||
#session required pam_kerberosIV.so
|
||||
#session required pam_krb5.so
|
||||
#session required pam_ssh.so
|
||||
session required pam_unix.so
|
||||
|
||||
# password
|
||||
#login password sufficient pam_opie.so no_warn
|
||||
#login password sufficient pam_kerberosIV.so no_warn try_first_pass
|
||||
#login password sufficient pam_krb5.so no_warn try_first_pass
|
||||
login password required pam_unix.so no_warn try_first_pass
|
||||
#password sufficient pam_opie.so no_warn
|
||||
#password sufficient pam_kerberosIV.so no_warn try_first_pass
|
||||
#password sufficient pam_krb5.so no_warn try_first_pass
|
||||
password required pam_unix.so no_warn try_first_pass
|
||||
|
||||
@ -5,15 +5,15 @@
|
||||
#
|
||||
|
||||
# auth
|
||||
other auth required pam_nologin.so no_warn
|
||||
#other auth required pam_opie.so no_warn
|
||||
other auth required pam_unix.so no_warn try_first_pass
|
||||
auth required pam_nologin.so no_warn
|
||||
#auth required pam_opie.so no_warn
|
||||
auth required pam_unix.so no_warn try_first_pass
|
||||
|
||||
# account
|
||||
other account required pam_unix.so
|
||||
account required pam_unix.so
|
||||
|
||||
# session
|
||||
other session required pam_unix.so
|
||||
session required pam_unix.so
|
||||
|
||||
# password
|
||||
other password required pam_deny.so
|
||||
password required pam_deny.so
|
||||
|
||||
@ -5,7 +5,7 @@
|
||||
#
|
||||
|
||||
# auth
|
||||
#pop3 auth required pam_nologin.so no_warn
|
||||
#pop3 auth required pam_opie.so no_warn
|
||||
#pop3 auth required pam_ssh.so no_warn try_first_pass
|
||||
#pop3 auth required pam_unix.so no_warn try_first_pass
|
||||
#auth required pam_nologin.so no_warn
|
||||
#auth required pam_opie.so no_warn
|
||||
#auth required pam_ssh.so no_warn try_first_pass
|
||||
#auth required pam_unix.so no_warn try_first_pass
|
||||
|
||||
@ -5,11 +5,11 @@
|
||||
#
|
||||
|
||||
# auth
|
||||
rsh auth required pam_nologin.so no_warn
|
||||
rsh auth required pam_deny.so no_warn
|
||||
auth required pam_nologin.so no_warn
|
||||
auth required pam_deny.so no_warn
|
||||
|
||||
# account
|
||||
rsh account required pam_unix.so
|
||||
account required pam_unix.so
|
||||
|
||||
# session
|
||||
rsh session required pam_permit.so
|
||||
session required pam_permit.so
|
||||
|
||||
@ -5,14 +5,14 @@
|
||||
#
|
||||
|
||||
# auth
|
||||
sshd auth required pam_nologin.so no_warn
|
||||
sshd auth required pam_unix.so no_warn try_first_pass
|
||||
auth required pam_nologin.so no_warn
|
||||
auth required pam_unix.so no_warn try_first_pass
|
||||
|
||||
# account
|
||||
sshd account required pam_unix.so
|
||||
account required pam_unix.so
|
||||
|
||||
# session
|
||||
sshd session required pam_permit.so
|
||||
session required pam_permit.so
|
||||
|
||||
# password
|
||||
sshd password required pam_permit.so
|
||||
password required pam_permit.so
|
||||
|
||||
56
etc/pam.d/su
56
etc/pam.d/su
@ -5,37 +5,37 @@
|
||||
#
|
||||
|
||||
# auth
|
||||
su auth sufficient pam_rootok.so no_warn
|
||||
su auth requisite pam_wheel.so no_warn auth_as_self noroot_ok
|
||||
#su auth sufficient pam_kerberosIV.so no_warn
|
||||
#su auth sufficient pam_krb5.so no_warn try_first_pass auth_as_self
|
||||
#su auth required pam_opie.so no_warn
|
||||
#su auth required pam_ssh.so no_warn try_first_pass
|
||||
su auth required pam_unix.so no_warn try_first_pass nullok
|
||||
#su auth sufficient pam_rootok.so no_warn
|
||||
##su auth sufficient pam_kerberosIV.so no_warn
|
||||
##su auth sufficient pam_krb5.so no_warn
|
||||
#su auth required pam_opie.so no_warn auth_as_self
|
||||
#su auth required pam_unix.so no_warn try_first_pass auth_as_self
|
||||
auth sufficient pam_rootok.so no_warn
|
||||
auth requisite pam_wheel.so no_warn auth_as_self noroot_ok
|
||||
#auth sufficient pam_kerberosIV.so no_warn
|
||||
#auth sufficient pam_krb5.so no_warn try_first_pass auth_as_self
|
||||
#auth required pam_opie.so no_warn
|
||||
#auth required pam_ssh.so no_warn try_first_pass
|
||||
auth required pam_unix.so no_warn try_first_pass nullok
|
||||
#auth sufficient pam_rootok.so no_warn
|
||||
##auth sufficient pam_kerberosIV.so no_warn
|
||||
##auth sufficient pam_krb5.so no_warn
|
||||
#auth required pam_opie.so no_warn auth_as_self
|
||||
#auth required pam_unix.so no_warn try_first_pass auth_as_self
|
||||
|
||||
# account
|
||||
#su account required pam_kerberosIV.so
|
||||
#su account required pam_krb5.so
|
||||
su account required pam_unix.so
|
||||
##su account required pam_kerberosIV.so
|
||||
##su account required pam_krb5.so
|
||||
#su account required pam_unix.so
|
||||
#account required pam_kerberosIV.so
|
||||
#account required pam_krb5.so
|
||||
account required pam_unix.so
|
||||
##account required pam_kerberosIV.so
|
||||
##account required pam_krb5.so
|
||||
#account required pam_unix.so
|
||||
|
||||
# session
|
||||
#su session required pam_kerberosIV.so
|
||||
#su session required pam_krb5.so
|
||||
#su session required pam_ssh.so
|
||||
su session required pam_unix.so
|
||||
##su session required pam_kerberosIV.so
|
||||
##su session required pam_krb5.so
|
||||
##su session required pam_ssh.so
|
||||
#su session required pam_unix.so
|
||||
#session required pam_kerberosIV.so
|
||||
#session required pam_krb5.so
|
||||
#session required pam_ssh.so
|
||||
session required pam_unix.so
|
||||
##session required pam_kerberosIV.so
|
||||
##session required pam_krb5.so
|
||||
##session required pam_ssh.so
|
||||
#session required pam_unix.so
|
||||
|
||||
# password
|
||||
su password required pam_permit.so
|
||||
#su password required pam_permit.so
|
||||
password required pam_permit.so
|
||||
#password required pam_permit.so
|
||||
|
||||
@ -5,8 +5,8 @@
|
||||
#
|
||||
|
||||
# auth
|
||||
telnetd auth required pam_nologin.so no_warn
|
||||
telnetd auth required pam_unix.so no_warn try_first_pass
|
||||
auth required pam_nologin.so no_warn
|
||||
auth required pam_unix.so no_warn try_first_pass
|
||||
|
||||
# account
|
||||
telnetd account required pam_unix.so
|
||||
account required pam_unix.so
|
||||
|
||||
@ -5,22 +5,22 @@
|
||||
#
|
||||
|
||||
# auth
|
||||
xdm auth required pam_nologin.so no_warn
|
||||
#xdm auth sufficient pam_kerberosIV.so no_warn try_first_pass
|
||||
#xdm auth sufficient pam_krb5.so no_warn try_first_pass
|
||||
#xdm auth sufficient pam_ssh.so no_warn try_first_pass
|
||||
xdm auth required pam_unix.so no_warn try_first_pass
|
||||
auth required pam_nologin.so no_warn
|
||||
#auth sufficient pam_kerberosIV.so no_warn try_first_pass
|
||||
#auth sufficient pam_krb5.so no_warn try_first_pass
|
||||
#auth sufficient pam_ssh.so no_warn try_first_pass
|
||||
auth required pam_unix.so no_warn try_first_pass
|
||||
|
||||
# account
|
||||
#xdm account required pam_kerberosIV.so
|
||||
#xdm account required pam_krb5.so
|
||||
xdm account required pam_unix.so
|
||||
#account required pam_kerberosIV.so
|
||||
#account required pam_krb5.so
|
||||
account required pam_unix.so
|
||||
|
||||
# session
|
||||
#xdm session required pam_kerberosIV.so
|
||||
#xdm session required pam_krb5.so
|
||||
#xdm session required pam_ssh.so
|
||||
xdm session required pam_unix.so
|
||||
#session required pam_kerberosIV.so
|
||||
#session required pam_krb5.so
|
||||
#session required pam_ssh.so
|
||||
session required pam_unix.so
|
||||
|
||||
# password
|
||||
xdm password required pam_deny.so
|
||||
password required pam_deny.so
|
||||
|
||||
@ -5,4 +5,4 @@
|
||||
#
|
||||
|
||||
# auth
|
||||
xserver auth required pam_permit.so no_warn
|
||||
auth required pam_permit.so no_warn
|
||||
|
||||
Loading…
Reference in New Issue
Block a user