From ac444049e27aa772e57d38b889ceee46e7331a50 Mon Sep 17 00:00:00 2001 From: Colin Watson Date: Sat, 15 Nov 2003 15:55:19 +0000 Subject: Implement New World Order for PAM configuration, including /etc/pam.d/common-* from /etc/pam.d/ssh (closes: #212959). Add more commentary to /etc/pam.d/ssh. --- debian/ssh.pam | 34 +++++++++++++++++++++------------- 1 file changed, 21 insertions(+), 13 deletions(-) (limited to 'debian/ssh.pam') diff --git a/debian/ssh.pam b/debian/ssh.pam index f6fbd3ebc..8882053df 100644 --- a/debian/ssh.pam +++ b/debian/ssh.pam @@ -1,21 +1,29 @@ -#%PAM-1.0 +# PAM configuration for the Secure Shell service + +# Disallow non-root logins when /etc/nologin exists. auth required pam_nologin.so -auth required pam_unix.so + +# Read environment variables from /etc/environment and +# /etc/security/pam_env.conf. auth required pam_env.so # [1] -account required pam_unix.so +# Standard Un*x authentication. +@include common-auth + +# Standard Un*x authorization. +@include common-account + +# Standard Un*x session setup and teardown. +@include common-session -session required pam_unix.so +# Print the message of the day upon successful login. session optional pam_motd.so # [1] + +# Print the status of the user's mailbox upon successful login. session optional pam_mail.so standard noenv # [1] -session required pam_limits.so -password required pam_unix.so +# Set up user limits from /etc/security/limits.conf. +session required pam_limits.so -# Alternate strength checking for password. Note that this -# requires the libpam-cracklib package to be installed. -# You will need to comment out the password line above and -# uncomment the next two in order to use this. -# -# password required pam_cracklib.so retry=3 minlen=6 difok=3 -# password required pam_unix.so use_authtok nullok md5 +# Standard Un*x password updating. +@include common-password -- cgit v1.2.3