Last change
on this file since 1101 was
1068,
checked in by quentin, 15 years ago
|
Disallow root keyboard-interactive logins
|
File size:
897 bytes
|
Rev | Line | |
---|
[423] | 1 | #%PAM-1.0 |
---|
| 2 | # Authentication modules |
---|
| 3 | |
---|
[1068] | 4 | # If their user exists (success), |
---|
| 5 | auth [success=ignore ignore=ignore default=1] pam_succeed_if.so uid >= 0 |
---|
[423] | 6 | # print the "You don't have tickets" error: |
---|
| 7 | auth [success=die ignore=reset default=die] pam_echo.so file=/etc/issue.net.no_tkt |
---|
[1068] | 8 | # else print the "your account doesn't exist" error: |
---|
[423] | 9 | auth [success=die ignore=reset default=die] pam_echo.so file=/etc/issue.net.no_user |
---|
| 10 | |
---|
| 11 | # Set environment variables: |
---|
| 12 | auth required pam_env.so |
---|
| 13 | # Use Unix authentication and succeed immediately (sufficient): |
---|
| 14 | auth sufficient pam_unix.so try_first_pass |
---|
| 15 | # If they somehow slipped through, deny: |
---|
| 16 | auth required pam_deny.so |
---|
| 17 | |
---|
| 18 | account required pam_nologin.so |
---|
| 19 | account include system-auth |
---|
| 20 | password include system-auth |
---|
| 21 | session optional pam_keyinit.so force revoke |
---|
| 22 | session include system-auth |
---|
| 23 | session required pam_loginuid.so |
---|
Note: See
TracBrowser
for help on using the repository browser.