1 files changed, 55 insertions, 0 deletions
diff --git a/debian/openssh-server.sshd.pam.in b/debian/openssh-server.sshd.pam.in
new file mode 100644
index 000000000..2cad67da6
--- /dev/null
+++ b/debian/openssh-server.sshd.pam.in
@@ -0,0 +1,55 @@
+# PAM configuration for the Secure Shell service
+# Standard Un*x authentication.
+@include common-auth
+# Disallow non-root logins when /etc/nologin exists.
+account    required     pam_nologin.so
+# Uncomment and edit /etc/security/access.conf if you need to set complex
+# access limits that are hard to express in sshd_config.
+# account  required     pam_access.so
+# Standard Un*x authorization.
+@include common-account
+# SELinux needs to be the first session rule.  This ensures that any
+# lingering context has been cleared.  Without this it is possible that a
+# module could execute code in the wrong domain.
+session [success=ok ignore=ignore module_unknown=ignore default=bad]        pam_selinux.so close
+# Set the loginuid process attribute.
+session    required     pam_loginuid.so
+@IF_KEYINIT@# Create a new session keyring.
+@IF_KEYINIT@session    optional     pam_keyinit.so force revoke
+# Standard Un*x session setup and teardown.
+@include common-session
+# Print the message of the day upon successful login.
+# This includes a dynamically generated part from /run/motd.dynamic
+# and a static (admin-editable) part from /etc/motd.
+session    optional     pam_motd.so  motd=/run/motd.dynamic
+session    optional     pam_motd.so noupdate
+# Print the status of the user's mailbox upon successful login.
+session    optional     pam_mail.so standard noenv # [1]
+# Set up user limits from /etc/security/limits.conf.
+session    required     pam_limits.so
+# Read environment variables from /etc/environment and
+# /etc/security/pam_env.conf.
+session    required     pam_env.so # [1]
+# In Debian 4.0 (etch), locale-related environment variables were moved to
+# /etc/default/locale, so read that as well.
+session    required     pam_env.so user_readenv=1 envfile=/etc/default/locale
+# SELinux needs to intervene at login time to ensure that the process starts
+# in the proper default security context.  Only sessions which are intended
+# to run in the user's context should be run after this.
+session [success=ok ignore=ignore module_unknown=ignore default=bad]        pam_selinux.so open
+# Standard Un*x password updating.
+@include common-password

diff --git a/debian/openssh-server.sshd.pam.in b/debian/openssh-server.sshd.pam.in new file mode 100644 index 000000000..2cad67da6 --- /dev/null +++ b/debian/openssh-server.sshd.pam.in
@@ -0,0 +1,55 @@
	1	# PAM configuration for the Secure Shell service
	2
	3	# Standard Un*x authentication.
	4	@include common-auth
	5
	6	# Disallow non-root logins when /etc/nologin exists.
	7	account required pam_nologin.so
	8
	9	# Uncomment and edit /etc/security/access.conf if you need to set complex
	10	# access limits that are hard to express in sshd_config.
	11	# account required pam_access.so
	12
	13	# Standard Un*x authorization.
	14	@include common-account
	15
	16	# SELinux needs to be the first session rule. This ensures that any
	17	# lingering context has been cleared. Without this it is possible that a
	18	# module could execute code in the wrong domain.
	19	session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so close
	20
	21	# Set the loginuid process attribute.
	22	session required pam_loginuid.so
	23
	24	@IF_KEYINIT@# Create a new session keyring.
	25	@IF_KEYINIT@session optional pam_keyinit.so force revoke
	26
	27	# Standard Un*x session setup and teardown.
	28	@include common-session
	29
	30	# Print the message of the day upon successful login.
	31	# This includes a dynamically generated part from /run/motd.dynamic
	32	# and a static (admin-editable) part from /etc/motd.
	33	session optional pam_motd.so motd=/run/motd.dynamic
	34	session optional pam_motd.so noupdate
	35
	36	# Print the status of the user's mailbox upon successful login.
	37	session optional pam_mail.so standard noenv # [1]
	38
	39	# Set up user limits from /etc/security/limits.conf.
	40	session required pam_limits.so
	41
	42	# Read environment variables from /etc/environment and
	43	# /etc/security/pam_env.conf.
	44	session required pam_env.so # [1]
	45	# In Debian 4.0 (etch), locale-related environment variables were moved to
	46	# /etc/default/locale, so read that as well.
	47	session required pam_env.so user_readenv=1 envfile=/etc/default/locale
	48
	49	# SELinux needs to intervene at login time to ensure that the process starts
	50	# in the proper default security context. Only sessions which are intended
	51	# to run in the user's context should be run after this.
	52	session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so open
	53
	54	# Standard Un*x password updating.
	55	@include common-password