illumos-gate Cdiff usr/src/lib/libpam/pam.conf

Print this page

2947 split up and ship pam.d/*, adjust Makefiles


*** 1,135 ****
  #
! # CDDL HEADER START
  #
! # The contents of this file are subject to the terms of the
! # Common Development and Distribution License (the "License").
! # You may not use this file except in compliance with the License.
! #
! # You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
! # or http://www.opensolaris.org/os/licensing.
! # See the License for the specific language governing permissions
! # and limitations under the License.
! #
! # When distributing Covered Code, include this CDDL HEADER in each
! # file and include the License file at usr/src/OPENSOLARIS.LICENSE.
! # If applicable, add the following below this CDDL HEADER, with the
! # fields enclosed by brackets "[]" replaced with your own identifying
! # information: Portions Copyright [yyyy] [name of copyright owner]
! #
! # CDDL HEADER END
! #
! #
! # Copyright 2010 Sun Microsystems, Inc.  All rights reserved.
! # Use is subject to license terms.
! #
! # PAM configuration
! #
! # Unless explicitly defined, all services use the modules
! # defined in the "other" section.
! #
! # Modules are defined with relative pathnames, i.e., they are
! # relative to /usr/lib/security/$ISA. Absolute path names, as
! # present in this file in previous releases are still acceptable.
! #
! # Authentication management
! #
! # login service (explicit because of pam_dial_auth)
! #
! login   auth requisite          pam_authtok_get.so.1
! login   auth required           pam_dhkeys.so.1
! login   auth required           pam_unix_cred.so.1
! login   auth required           pam_unix_auth.so.1
! login   auth required           pam_dial_auth.so.1
! #
! # rlogin service (explicit because of pam_rhost_auth)
! #
! rlogin  auth sufficient         pam_rhosts_auth.so.1
! rlogin  auth requisite          pam_authtok_get.so.1
! rlogin  auth required           pam_dhkeys.so.1
! rlogin  auth required           pam_unix_cred.so.1
! rlogin  auth required           pam_unix_auth.so.1
! #
! # Kerberized rlogin service
! #
! krlogin auth required           pam_unix_cred.so.1
! krlogin auth required           pam_krb5.so.1
! #
! # rsh service (explicit because of pam_rhost_auth,
! # and pam_unix_auth for meaningful pam_setcred)
! #
! rsh     auth sufficient         pam_rhosts_auth.so.1
! rsh     auth required           pam_unix_cred.so.1
! #
! # Kerberized rsh service
! #
! krsh    auth required           pam_unix_cred.so.1
! krsh    auth required           pam_krb5.so.1
! #
! # Kerberized telnet service
! #
! ktelnet auth required           pam_unix_cred.so.1
! ktelnet auth required           pam_krb5.so.1
! #
! # PPP service (explicit because of pam_dial_auth)
! #
! ppp     auth requisite          pam_authtok_get.so.1
! ppp     auth required           pam_dhkeys.so.1
! ppp     auth required           pam_unix_cred.so.1
! ppp     auth required           pam_unix_auth.so.1
! ppp     auth required           pam_dial_auth.so.1
! #
! # GDM Autologin (explicit because of pam_allow).  These need to be
! # here as there is no mechanism for packages to amend pam.conf as
! # they are installed.
! #
! gdm-autologin auth  required    pam_unix_cred.so.1
! gdm-autologin auth  sufficient  pam_allow.so.1
! #
! # Default definitions for Authentication management
! # Used when service name is not explicitly mentioned for authentication
! #
! other   auth requisite          pam_authtok_get.so.1
! other   auth required           pam_dhkeys.so.1
! other   auth required           pam_unix_cred.so.1
! other   auth required           pam_unix_auth.so.1
! #
! # passwd command (explicit because of a different authentication module)
! #
! passwd  auth required           pam_passwd_auth.so.1
! #
! # cron service (explicit because of non-usage of pam_roles.so.1)
! #
! cron    account required        pam_unix_account.so.1
! #
! # cups service (explicit because of non-usage of pam_roles.so.1)
! #
! cups    account required        pam_unix_account.so.1
! #
! # GDM Autologin (explicit because of pam_allow) This needs to be here
! # as there is no mechanism for packages to amend pam.conf as they are
! # installed.
! #
! gdm-autologin account  sufficient  pam_allow.so.1
! #
! # Default definition for Account management
! # Used when service name is not explicitly mentioned for account management
! #
! other   account requisite       pam_roles.so.1
! other   account required        pam_unix_account.so.1
! #
! # Default definition for Session management
! # Used when service name is not explicitly mentioned for session management
! #
! other   session required        pam_unix_session.so.1
! #
! # Default definition for Password management
! # Used when service name is not explicitly mentioned for password management
! #
! other   password required       pam_dhkeys.so.1
! other   password requisite      pam_authtok_get.so.1
! other   password requisite      pam_authtok_check.so.1
! other   password required       pam_authtok_store.so.1
! #
! # Support for Kerberos V5 authentication and example configurations can
! # be found in the pam_krb5(5) man page under the "EXAMPLES" section.
! #
--- 1,5 ----
  #
! # Legacy PAM configuration
  #
! # The shipped PAM configuration has moved from the legacy /etc/pam.conf
! # to the new /etc/pam.d model.  See pam.conf(4) for more information.