Last change
on this file since 1707 was
1068,
checked in by quentin, 16 years ago
|
Disallow root keyboard-interactive logins
|
File size:
897 bytes
|
Line | |
---|
1 | #%PAM-1.0 |
---|
2 | # Authentication modules |
---|
3 | |
---|
4 | # If their user exists (success), |
---|
5 | auth [success=ignore ignore=ignore default=1] pam_succeed_if.so uid >= 0 |
---|
6 | # print the "You don't have tickets" error: |
---|
7 | auth [success=die ignore=reset default=die] pam_echo.so file=/etc/issue.net.no_tkt |
---|
8 | # else print the "your account doesn't exist" error: |
---|
9 | auth [success=die ignore=reset default=die] pam_echo.so file=/etc/issue.net.no_user |
---|
10 | |
---|
11 | # Set environment variables: |
---|
12 | auth required pam_env.so |
---|
13 | # Use Unix authentication and succeed immediately (sufficient): |
---|
14 | auth sufficient pam_unix.so try_first_pass |
---|
15 | # If they somehow slipped through, deny: |
---|
16 | auth required pam_deny.so |
---|
17 | |
---|
18 | account required pam_nologin.so |
---|
19 | account include system-auth |
---|
20 | password include system-auth |
---|
21 | session optional pam_keyinit.so force revoke |
---|
22 | session include system-auth |
---|
23 | session required pam_loginuid.so |
---|
Note: See
TracBrowser
for help on using the repository browser.