diff options
author | Colin Watson <cjwatson@debian.org> | 2003-11-15 15:55:19 +0000 |
---|---|---|
committer | Colin Watson <cjwatson@debian.org> | 2003-11-15 15:55:19 +0000 |
commit | ac444049e27aa772e57d38b889ceee46e7331a50 (patch) | |
tree | 6f21f16b19de3ef8ba1812eb77c657b28c4b6a4e /debian/ssh.pam | |
parent | 72db1a31fddd41571369eecb058e78e9ac3f6c78 (diff) |
Implement New World Order for PAM configuration, including
/etc/pam.d/common-* from /etc/pam.d/ssh (closes: #212959).
Add more commentary to /etc/pam.d/ssh.
Diffstat (limited to 'debian/ssh.pam')
-rw-r--r-- | debian/ssh.pam | 34 |
1 files changed, 21 insertions, 13 deletions
diff --git a/debian/ssh.pam b/debian/ssh.pam index f6fbd3ebc..8882053df 100644 --- a/debian/ssh.pam +++ b/debian/ssh.pam | |||
@@ -1,21 +1,29 @@ | |||
1 | #%PAM-1.0 | 1 | # PAM configuration for the Secure Shell service |
2 | |||
3 | # Disallow non-root logins when /etc/nologin exists. | ||
2 | auth required pam_nologin.so | 4 | auth required pam_nologin.so |
3 | auth required pam_unix.so | 5 | |
6 | # Read environment variables from /etc/environment and | ||
7 | # /etc/security/pam_env.conf. | ||
4 | auth required pam_env.so # [1] | 8 | auth required pam_env.so # [1] |
5 | 9 | ||
6 | account required pam_unix.so | 10 | # Standard Un*x authentication. |
11 | @include common-auth | ||
12 | |||
13 | # Standard Un*x authorization. | ||
14 | @include common-account | ||
15 | |||
16 | # Standard Un*x session setup and teardown. | ||
17 | @include common-session | ||
7 | 18 | ||
8 | session required pam_unix.so | 19 | # Print the message of the day upon successful login. |
9 | session optional pam_motd.so # [1] | 20 | session optional pam_motd.so # [1] |
21 | |||
22 | # Print the status of the user's mailbox upon successful login. | ||
10 | session optional pam_mail.so standard noenv # [1] | 23 | session optional pam_mail.so standard noenv # [1] |
11 | session required pam_limits.so | ||
12 | 24 | ||
13 | password required pam_unix.so | 25 | # Set up user limits from /etc/security/limits.conf. |
26 | session required pam_limits.so | ||
14 | 27 | ||
15 | # Alternate strength checking for password. Note that this | 28 | # Standard Un*x password updating. |
16 | # requires the libpam-cracklib package to be installed. | 29 | @include common-password |
17 | # You will need to comment out the password line above and | ||
18 | # uncomment the next two in order to use this. | ||
19 | # | ||
20 | # password required pam_cracklib.so retry=3 minlen=6 difok=3 | ||
21 | # password required pam_unix.so use_authtok nullok md5 | ||