Implement New World Order for PAM configuration, including

/etc/pam.d/common-* from /etc/pam.d/ssh (closes: #212959).
Add more commentary to /etc/pam.d/ssh.

1 files changed, 21 insertions, 13 deletions

diff --git a/debian/ssh.pam b/debian/ssh.pam
index f6fbd3ebc..8882053df 100644
--- a/debian/ssh.pam
+++ b/debian/ssh.pam
@@ -1,21 +1,29 @@
-#%PAM-1.0
+# PAM configuration for the Secure Shell service
+
+# Disallow non-root logins when /etc/nologin exists.
 auth       required     pam_nologin.so
-auth       required     pam_unix.so
+
+# Read environment variables from /etc/environment and
+# /etc/security/pam_env.conf.
 auth       required     pam_env.so # [1]
 
-account    required     pam_unix.so
+# Standard Un*x authentication.
+@include common-auth
+
+# Standard Un*x authorization.
+@include common-account
+
+# Standard Un*x session setup and teardown.
+@include common-session
 
-session    required     pam_unix.so
+# Print the message of the day upon successful login.
 session    optional     pam_motd.so # [1]
+
+# Print the status of the user's mailbox upon successful login.
 session    optional     pam_mail.so standard noenv # [1]
-session    required     pam_limits.so
 
-password   required     pam_unix.so
+# Set up user limits from /etc/security/limits.conf.
+session    required     pam_limits.so
 
-# Alternate strength checking for password. Note that this
-# requires the libpam-cracklib package to be installed.
-# You will need to comment out the password line above and
-# uncomment the next two in order to use this.
-#
-# password required       pam_cracklib.so retry=3 minlen=6 difok=3
-# password required       pam_unix.so use_authtok nullok md5
+# Standard Un*x password updating.
+@include common-password