Created
August 5, 2016 17:09
-
-
Save ganeshragnarayanan/9bf228fc06e2f0426afb028487616cd6 to your computer and use it in GitHub Desktop.
PAM sshd configs
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| bash-4.3# cat sshd | |
| #%PAM-1.0 | |
| auth include common-auth-access | |
| account optional pam_permit.so | |
| #account required pam_nologin.so | |
| #account include common-account-access | |
| password include common-password-access | |
| session optional pam_keyinit.so force revoke | |
| session include common-session-access | |
| #session required pam_loginuid.so | |
| bash-4.3# cat common-auth-access | |
| # | |
| # /etc/pam.d/common-auth - authentication settings common to all services | |
| # | |
| # This file is included from other service-specific PAM config files, | |
| # and should contain a list of the authentication modules that define | |
| # the central authentication scheme for use on the system | |
| # (e.g., /etc/shadow, LDAP, Kerberos, etc.). The default is to use the | |
| # traditional Unix authentication mechanisms. | |
| # here are the per-package modules (the "Primary" block) | |
| auth [success=2 default=ignore] /usr/lib/security/pam_tacplus.so debug server=192.168.9.131 secret=tac_test | |
| auth [success=1 default=ignore] pam_unix.so nullok | |
| # here's the fallback if no module succeeds | |
| auth requisite pam_deny.so | |
| # prime the stack with a positive return value if there isn't one already; | |
| # this avoids us returning an error just because nothing sets a success code | |
| # since the modules above will each just jump around | |
| auth required pam_permit.so | |
| # and here are more per-package modules (the "Additional" block) | |
| bash-4.3# |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment