diff options
Diffstat (limited to 'debian/openssh-server.sshd.pam')
-rw-r--r-- | debian/openssh-server.sshd.pam | 52 |
1 files changed, 52 insertions, 0 deletions
diff --git a/debian/openssh-server.sshd.pam b/debian/openssh-server.sshd.pam new file mode 100644 index 000000000..5f7ab2f60 --- /dev/null +++ b/debian/openssh-server.sshd.pam | |||
@@ -0,0 +1,52 @@ | |||
1 | # PAM configuration for the Secure Shell service | ||
2 | |||
3 | # Standard Un*x authentication. | ||
4 | @include common-auth | ||
5 | |||
6 | # Disallow non-root logins when /etc/nologin exists. | ||
7 | account required pam_nologin.so | ||
8 | |||
9 | # Uncomment and edit /etc/security/access.conf if you need to set complex | ||
10 | # access limits that are hard to express in sshd_config. | ||
11 | # account required pam_access.so | ||
12 | |||
13 | # Standard Un*x authorization. | ||
14 | @include common-account | ||
15 | |||
16 | # SELinux needs to be the first session rule. This ensures that any | ||
17 | # lingering context has been cleared. Without this it is possible that a | ||
18 | # module could execute code in the wrong domain. | ||
19 | session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so close | ||
20 | |||
21 | # Set the loginuid process attribute. | ||
22 | session required pam_loginuid.so | ||
23 | |||
24 | # Standard Un*x session setup and teardown. | ||
25 | @include common-session | ||
26 | |||
27 | # Print the message of the day upon successful login. | ||
28 | # This includes a dynamically generated part from /run/motd.dynamic | ||
29 | # and a static (admin-editable) part from /etc/motd. | ||
30 | session optional pam_motd.so motd=/run/motd.dynamic noupdate | ||
31 | session optional pam_motd.so # [1] | ||
32 | |||
33 | # Print the status of the user's mailbox upon successful login. | ||
34 | session optional pam_mail.so standard noenv # [1] | ||
35 | |||
36 | # Set up user limits from /etc/security/limits.conf. | ||
37 | session required pam_limits.so | ||
38 | |||
39 | # Read environment variables from /etc/environment and | ||
40 | # /etc/security/pam_env.conf. | ||
41 | session required pam_env.so # [1] | ||
42 | # In Debian 4.0 (etch), locale-related environment variables were moved to | ||
43 | # /etc/default/locale, so read that as well. | ||
44 | session required pam_env.so user_readenv=1 envfile=/etc/default/locale | ||
45 | |||
46 | # SELinux needs to intervene at login time to ensure that the process starts | ||
47 | # in the proper default security context. Only sessions which are intended | ||
48 | # to run in the user's context should be run after this. | ||
49 | session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so open | ||
50 | |||
51 | # Standard Un*x password updating. | ||
52 | @include common-password | ||