illumos-gate Udiff usr/src/lib/libpam/pam.conf

Print this page

2947 split up and ship pam.d/*, adjust Makefiles

@@ -1,135 +1,5 @@
 #
-# CDDL HEADER START
+# Legacy PAM configuration
 #
-# The contents of this file are subject to the terms of the
-# Common Development and Distribution License (the "License").
-# You may not use this file except in compliance with the License.
-#
-# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
-# or http://www.opensolaris.org/os/licensing.
-# See the License for the specific language governing permissions
-# and limitations under the License.
-#
-# When distributing Covered Code, include this CDDL HEADER in each
-# file and include the License file at usr/src/OPENSOLARIS.LICENSE.
-# If applicable, add the following below this CDDL HEADER, with the
-# fields enclosed by brackets "[]" replaced with your own identifying
-# information: Portions Copyright [yyyy] [name of copyright owner]
-#
-# CDDL HEADER END
-#
-#
-# Copyright 2010 Sun Microsystems, Inc.  All rights reserved.
-# Use is subject to license terms.
-#
-# PAM configuration
-#
-# Unless explicitly defined, all services use the modules
-# defined in the "other" section.
-#
-# Modules are defined with relative pathnames, i.e., they are
-# relative to /usr/lib/security/$ISA. Absolute path names, as
-# present in this file in previous releases are still acceptable.
-#
-# Authentication management
-#
-# login service (explicit because of pam_dial_auth)
-#
-login   auth requisite          pam_authtok_get.so.1
-login   auth required           pam_dhkeys.so.1
-login   auth required           pam_unix_cred.so.1
-login   auth required           pam_unix_auth.so.1
-login   auth required           pam_dial_auth.so.1
-#
-# rlogin service (explicit because of pam_rhost_auth)
-#
-rlogin  auth sufficient         pam_rhosts_auth.so.1
-rlogin  auth requisite          pam_authtok_get.so.1
-rlogin  auth required           pam_dhkeys.so.1
-rlogin  auth required           pam_unix_cred.so.1
-rlogin  auth required           pam_unix_auth.so.1
-#
-# Kerberized rlogin service
-#
-krlogin auth required           pam_unix_cred.so.1
-krlogin auth required           pam_krb5.so.1
-#
-# rsh service (explicit because of pam_rhost_auth,
-# and pam_unix_auth for meaningful pam_setcred)
-#
-rsh     auth sufficient         pam_rhosts_auth.so.1
-rsh     auth required           pam_unix_cred.so.1
-#
-# Kerberized rsh service
-#
-krsh    auth required           pam_unix_cred.so.1
-krsh    auth required           pam_krb5.so.1
-#
-# Kerberized telnet service
-#
-ktelnet auth required           pam_unix_cred.so.1
-ktelnet auth required           pam_krb5.so.1
-#
-# PPP service (explicit because of pam_dial_auth)
-#
-ppp     auth requisite          pam_authtok_get.so.1
-ppp     auth required           pam_dhkeys.so.1
-ppp     auth required           pam_unix_cred.so.1
-ppp     auth required           pam_unix_auth.so.1
-ppp     auth required           pam_dial_auth.so.1
-#
-# GDM Autologin (explicit because of pam_allow).  These need to be
-# here as there is no mechanism for packages to amend pam.conf as
-# they are installed.
-#
-gdm-autologin auth  required    pam_unix_cred.so.1
-gdm-autologin auth  sufficient  pam_allow.so.1
-#
-# Default definitions for Authentication management
-# Used when service name is not explicitly mentioned for authentication
-#
-other   auth requisite          pam_authtok_get.so.1
-other   auth required           pam_dhkeys.so.1
-other   auth required           pam_unix_cred.so.1
-other   auth required           pam_unix_auth.so.1
-#
-# passwd command (explicit because of a different authentication module)
-#
-passwd  auth required           pam_passwd_auth.so.1
-#
-# cron service (explicit because of non-usage of pam_roles.so.1)
-#
-cron    account required        pam_unix_account.so.1
-#
-# cups service (explicit because of non-usage of pam_roles.so.1)
-#
-cups    account required        pam_unix_account.so.1
-#
-# GDM Autologin (explicit because of pam_allow) This needs to be here
-# as there is no mechanism for packages to amend pam.conf as they are
-# installed.
-#
-gdm-autologin account  sufficient  pam_allow.so.1
-#
-# Default definition for Account management
-# Used when service name is not explicitly mentioned for account management
-#
-other   account requisite       pam_roles.so.1
-other   account required        pam_unix_account.so.1
-#
-# Default definition for Session management
-# Used when service name is not explicitly mentioned for session management
-#
-other   session required        pam_unix_session.so.1
-#
-# Default definition for Password management
-# Used when service name is not explicitly mentioned for password management
-#
-other   password required       pam_dhkeys.so.1
-other   password requisite      pam_authtok_get.so.1
-other   password requisite      pam_authtok_check.so.1
-other   password required       pam_authtok_store.so.1
-#
-# Support for Kerberos V5 authentication and example configurations can
-# be found in the pam_krb5(5) man page under the "EXAMPLES" section.
-#
+# The shipped PAM configuration has moved from the legacy /etc/pam.conf
+# to the new /etc/pam.d model.  See pam.conf(4) for more information.