aboutsummaryrefslogtreecommitdiff
blob: c729004b9c1e3f3f7df932f3e67c9186138308a2 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
#if HAVE_ENV
auth		required	pam_env.so DEBUG
#endif
#if HAVE_PAM_SSH
auth		sufficient	pam_ssh.so
#endif
#if HAVE_KRB5
auth		KRB5_CONTROL	pam_krb5.so KRB5_PARAMS
#endif
auth		required	pam_unix.so try_first_pass LIKEAUTH NULLOK DEBUG
/* This is needed to make sure that the Kerberos skip-on-success won't cause a bad jump. */
auth		optional	pam_permit.so

#if HAVE_KRB5
account		KRB5_CONTROL	pam_krb5.so KRB5_PARAMS
#endif
account		required	pam_unix.so DEBUG
/* This is needed to make sure that the Kerberos skip-on-success won't cause a bad jump. */
account		optional	pam_permit.so

#if HAVE_CRACKLIB
password	required	pam_cracklib.so difok=2 minlen=8 dcredit=2 ocredit=2 retry=3 DEBUG
#endif
#if HAVE_PASSWDQC
password	required	pam_passwdqc.so min=8,8,8,8,8 retry=3
#endif
#if HAVE_KRB5
password	KRB5_CONTROL	pam_krb5.so KRB5_PARAMS
#endif
password	required	pam_unix.so try_first_pass UNIX_AUTHTOK NULLOK UNIX_EXTENDED_ENCRYPTION DEBUG
/* This is needed to make sure that the Kerberos skip-on-success won't cause a bad jump. */
password	optional	pam_permit.so

#if HAVE_PAM_SSH
session		optional	pam_ssh.so
#endif
#include "system-session.inc"

#if HAVE_SYSTEMD
-session        optional        pam_systemd.so
#endif