diff options
| author |   Diego Elio 'Flameeyes' Pettenò <flameeyes@gmail.com> | 2010-03-10 01:29:35 +0100 |
|---|---|---|
| committer | Diego Elio 'Flameeyes' Pettenò <flameeyes@gmail.com> | 2010-03-10 01:29:35 +0100 |
| commit | 2cc5de847cec6868408550b2973faaf1381f7834 (patch) | |
| tree | 1e7844571c6407ea2f3182dfd07dc65abad33936 /system-auth.in | |
| parent | Don't change the default path of the tally module, since the two use differen... (diff) | |
| download | pambase-2cc5de847cec6868408550b2973faaf1381f7834.tar.gz pambase-2cc5de847cec6868408550b2973faaf1381f7834.tar.bz2 pambase-2cc5de847cec6868408550b2973faaf1381f7834.zip | |
Improve handling of services and the session chain.pambase-20100310
The system-services stack will now provide auth (always permitted) and
account (use system-auth stack) chains, so that services like fcron can use
it.
Session handling is instead split out of system-auth and system-services
into not a stack but an included file providing the session chain for both
of them, this allows to edit a single file in pambase and provide the two
session chains, that might very well be separated (indeed, services don't
use pam_ssh).
Diffstat (limited to 'system-auth.in')
| -rw-r--r-- | system-auth.in | 16 |
1 files changed, 2 insertions, 14 deletions
diff --git a/system-auth.in b/system-auth.in index d8f525f..941d925 100644 --- a/system-auth.in +++ b/system-auth.in @@ -15,20 +15,8 @@ password required pam_cracklib.so difok=2 minlen=8 dcredit=2 ocredit=2 retry=3 D password required pam_passwdqc.so min=8,8,8,8,8 retry=3 #endif password required pam_unix.so try_first_pass AUTHTOK nullok UNIX_EXTENDED_ENCRYPTION DEBUG - -#if HAVE_LIMITS -session required pam_limits.so DEBUG -#endif -#if HAVE_ENV -session required pam_env.so DEBUG -#endif -#if HAVE_MKTEMP -session optional pam_mktemp.so -#endif + #if HAVE_PAM_SSH session optional pam_ssh.so #endif -#if SUPPORT_UNIX_SESSION -session required pam_unix.so DEBUG -#endif -session optional pam_permit.so +#include "system-session.inc" |