Created
December 22, 2014 01:25
-
-
Save scottslowe/2f3bb6cd609cc2926178 to your computer and use it in GitHub Desktop.
These PAM configuration files were taken from a SLED 10 workstation configured to integrate with Active Directory.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ############### | |
| # /etc/pam.d/common-account - authorization settings common to all services | |
| ############### | |
| # This file is included from other service-specific PAM config | |
| # files, and should contain a list of the authorization modules | |
| # that define the central access policy for use on the system. | |
| # The default is to only deny service to users whose accounts | |
| # are expired. | |
| # | |
| account sufficient pam_krb5.so | |
| account required pam_unix2.so | |
| ############### | |
| # /etc/pam.d/common-auth - authentication settings common to all services | |
| ############### | |
| # This file is included from other service-specific PAM config | |
| # files, and should contain a list of the authentication modules | |
| # that define the central authentication scheme for use on the | |
| # system (e.g., /etc/shadow, LDAP, Kerberos, etc.). The default | |
| # is to use the traditional Unix authentication mechanisms. | |
| # | |
| auth required pam_env.so | |
| auth sufficient pam_krb5.so | |
| auth required pam_unix2.so | |
| ############### | |
| # /etc/pam.d/common-password - password-related modules common to all services | |
| ############### | |
| # This file is included from other service-specific PAM config | |
| # files, and should contain a list of modules that define the | |
| # services to be used to change user passwords. The default is | |
| # pam_unix2 in combination with pam_pwcheck. | |
| # The "nullok" option allows users to change an empty password, else | |
| # empty passwords are treated as locked accounts. | |
| # | |
| # To enable Blowfish or MD5 passwords, you should edit | |
| # /etc/default/passwd. | |
| # | |
| # Alternate strength checking for passwords should be configured | |
| # in /etc/security/pam_pwcheck.conf. | |
| # | |
| # pam_make can be used to rebuild NIS maps after password change. | |
| # | |
| password required pam_pwcheck.so nullok | |
| password required pam_unix2.so nullok use_first_pass use_authtok | |
| #password required pam_make.so /var/yp | |
| ############### | |
| # /etc/pam.d/common-session - session-related modules common to all services | |
| ############### | |
| # This file is included from other service-specific PAM config | |
| # files, and should contain a list of modules that define tasks | |
| # to be performed at the start and end of sessions of *any* | |
| # kind (both interactive and non-interactive). The default is | |
| # pam_unix2. | |
| # | |
| session required pam_limits.so | |
| session required pam_unix2.so | |
| session required pam_mkhomedir.so umask=0077 skel=/etc/skel |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment