source: trunk/server/fedora/config/etc/pam.d/sshd @ 2186

Last change on this file since 2186 was 1068, checked in by quentin, 16 years ago
Disallow root keyboard-interactive logins
File size: 897 bytes
Line 
1#%PAM-1.0
2# Authentication modules
3
4# If their user exists (success),
5auth    [success=ignore ignore=ignore default=1]        pam_succeed_if.so uid >= 0
6# print the "You don't have tickets" error:
7auth    [success=die ignore=reset default=die]  pam_echo.so file=/etc/issue.net.no_tkt
8# else print the "your account doesn't exist" error:
9auth    [success=die ignore=reset default=die]  pam_echo.so file=/etc/issue.net.no_user
10
11# Set environment variables:
12auth       required     pam_env.so
13# Use Unix authentication and succeed immediately (sufficient):
14auth       sufficient   pam_unix.so try_first_pass
15# If they somehow slipped through, deny:
16auth       required     pam_deny.so
17
18account    required     pam_nologin.so
19account    include      system-auth
20password   include      system-auth
21session    optional     pam_keyinit.so force revoke
22session    include      system-auth
23session    required     pam_loginuid.so
Note: See TracBrowser for help on using the repository browser.