|
|
Riga 1 658: |
Riga 1 658: |
| '''/etc/pam.d/common-account'''<br/> | | '''/etc/pam.d/common-account'''<br/> |
| <pre> | | <pre> |
| #
| | account sufficient pam_unix.so |
| #/etc/pam.d/common-account - authorization settings common to all services
| | account sufficient pam_ldap.so |
| ##
| | account sufficient pam_krb5.so |
| This file is included from other service-specific PAM config files,
| | account required pam_deny.so |
| # and should contain a list of the authorization modules that define
| |
| # the central access policy for use on the system. The default is to
| |
| # only deny service to users whose accounts are expired in /etc/shadow.
| |
| #
| |
| #account required pam_unix.so
| |
| account sufficient pam_ldap.so | |
| account required pam_unix.so try_first_pass | |
| </pre> | | </pre> |
| <br/> | | <br/> |
| '''/etc/pam.d/common-auth'''<br/> | | '''/etc/pam.d/common-auth'''<br/> |
| <pre> | | <pre> |
| #
| | auth sufficient pam_unix.so nullok_secure |
| # /etc/pam.d/common-auth - authentication settings common to all services
| | auth sufficient pam_ldap.so |
| #
| | auth sufficient pam_krb5.so use_first_pass |
| # This file is included from other service-specific PAM config files,
| | auth required pam_deny.so |
| # and should contain a list of the authentication modules that define
| |
| # the central authentication scheme for use on the system
| |
| # (e.g., /etc/shadow, LDAP, Kerberos, etc.). The default is to use the
| |
| # traditional Unix authentication mechanisms.
| |
| #
| |
| #auth required pam_unix.so nullok_secure
| |
| #auth [success=1 default=ignore] pam_unix.so
| |
| #auth required pam_ldap.so use_first_pass
| |
| auth sufficient pam_ldap.so | |
| auth required pam_unix.so nullok_secure use_first_pass | |
| </pre> | | </pre> |
| <br/> | | <br/> |
| '''/etc/pam.d/common-password'''<br/> | | '''/etc/pam.d/common-password'''<br/> |
| <pre> | | <pre> |
| # /etc/pam.d/common-password - password-related modules common to all services
| | password sufficient pam_unix.so nullok obscure md5 |
| ##
| | password required pam_winbind.so |
| This file is included from other service-specific PAM config files,
| | password sufficient pam_ldap.so |
| # and should contain a list of modules that define the services to be
| |
| #used to change user passwords. The default is pam_unix
| |
| # The "nullok" option allows users to change an empty password, else
| |
| # empty passwords are treated as locked accounts.
| |
| #
| |
| # (Add `md5' after the module name to enable MD5 passwords)
| |
| #
| |
| # The "obscure" option replaces the old `OBSCURE_CHECKS_ENAB' option in
| |
| # login.defs. Also the "min" and "max" options enforce the length of the
| |
| # new password.
| |
| #password required pam_unix.so nullok obscure min=4 max=8 md5
| |
| # Alternate strength checking for password. Note that this
| |
| # requires the libpam-cracklib package to be installed.
| |
| # You will need to comment out the password line above and
| |
| # uncomment the next two in order to use this.
| |
| # (Replaces the `OBSCURE_CHECKS_ENAB', `CRACKLIB_DICTPATH')
| |
| #
| |
| # password required pam_cracklib.so retry=3 minlen=6 difok=3
| |
| # password required pam_unix.so use_authtok nullok md5
| |
| password sufficient pam_ldap.so | |
| password required pam_unix.so nullok obscure md5 use_first_pass
| |
| </pre> | | </pre> |
| <br/> | | <br/> |
| '''/etc/pam.d/common-session'''<br/> | | '''/etc/pam.d/common-session'''<br/> |
| <pre> | | <pre> |
| session sufficient pam_ldap.so | | session optional pam_unix.so |
| session required pam_unix.so | | session optional pam_krb5.so |
| | session optional pam_mkhomedir.so skel=/etc/skel/ umask=077 |
| | session sufficient pam_ldap.so |
| </pre> | | </pre> |
|
| |
|