Print this page
2947 split up and ship pam.d/*, adjust Makefiles
| Split |
Close |
| Expand all |
| Collapse all |
--- old/usr/src/lib/libpam/pam.conf
+++ new/usr/src/lib/libpam/pam.conf
1 1 #
2 -# CDDL HEADER START
2 +# Legacy PAM configuration
3 3 #
4 -# The contents of this file are subject to the terms of the
5 -# Common Development and Distribution License (the "License").
6 -# You may not use this file except in compliance with the License.
7 -#
8 -# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 -# or http://www.opensolaris.org/os/licensing.
10 -# See the License for the specific language governing permissions
11 -# and limitations under the License.
12 -#
13 -# When distributing Covered Code, include this CDDL HEADER in each
14 -# file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 -# If applicable, add the following below this CDDL HEADER, with the
16 -# fields enclosed by brackets "[]" replaced with your own identifying
17 -# information: Portions Copyright [yyyy] [name of copyright owner]
18 -#
19 -# CDDL HEADER END
20 -#
21 -#
22 -# Copyright 2010 Sun Microsystems, Inc. All rights reserved.
23 -# Use is subject to license terms.
24 -#
25 -# PAM configuration
26 -#
27 -# Unless explicitly defined, all services use the modules
28 -# defined in the "other" section.
29 -#
30 -# Modules are defined with relative pathnames, i.e., they are
31 -# relative to /usr/lib/security/$ISA. Absolute path names, as
32 -# present in this file in previous releases are still acceptable.
33 -#
34 -# Authentication management
35 -#
36 -# login service (explicit because of pam_dial_auth)
37 -#
38 -login auth requisite pam_authtok_get.so.1
39 -login auth required pam_dhkeys.so.1
40 -login auth required pam_unix_cred.so.1
41 -login auth required pam_unix_auth.so.1
42 -login auth required pam_dial_auth.so.1
43 -#
44 -# rlogin service (explicit because of pam_rhost_auth)
45 -#
46 -rlogin auth sufficient pam_rhosts_auth.so.1
47 -rlogin auth requisite pam_authtok_get.so.1
48 -rlogin auth required pam_dhkeys.so.1
49 -rlogin auth required pam_unix_cred.so.1
50 -rlogin auth required pam_unix_auth.so.1
51 -#
52 -# Kerberized rlogin service
53 -#
54 -krlogin auth required pam_unix_cred.so.1
55 -krlogin auth required pam_krb5.so.1
56 -#
57 -# rsh service (explicit because of pam_rhost_auth,
58 -# and pam_unix_auth for meaningful pam_setcred)
59 -#
60 -rsh auth sufficient pam_rhosts_auth.so.1
61 -rsh auth required pam_unix_cred.so.1
62 -#
63 -# Kerberized rsh service
64 -#
65 -krsh auth required pam_unix_cred.so.1
66 -krsh auth required pam_krb5.so.1
67 -#
68 -# Kerberized telnet service
69 -#
70 -ktelnet auth required pam_unix_cred.so.1
71 -ktelnet auth required pam_krb5.so.1
72 -#
73 -# PPP service (explicit because of pam_dial_auth)
74 -#
75 -ppp auth requisite pam_authtok_get.so.1
76 -ppp auth required pam_dhkeys.so.1
77 -ppp auth required pam_unix_cred.so.1
78 -ppp auth required pam_unix_auth.so.1
79 -ppp auth required pam_dial_auth.so.1
80 -#
81 -# GDM Autologin (explicit because of pam_allow). These need to be
82 -# here as there is no mechanism for packages to amend pam.conf as
83 -# they are installed.
84 -#
85 -gdm-autologin auth required pam_unix_cred.so.1
86 -gdm-autologin auth sufficient pam_allow.so.1
87 -#
88 -# Default definitions for Authentication management
89 -# Used when service name is not explicitly mentioned for authentication
90 -#
91 -other auth requisite pam_authtok_get.so.1
92 -other auth required pam_dhkeys.so.1
93 -other auth required pam_unix_cred.so.1
94 -other auth required pam_unix_auth.so.1
95 -#
96 -# passwd command (explicit because of a different authentication module)
97 -#
98 -passwd auth required pam_passwd_auth.so.1
99 -#
100 -# cron service (explicit because of non-usage of pam_roles.so.1)
101 -#
102 -cron account required pam_unix_account.so.1
103 -#
104 -# cups service (explicit because of non-usage of pam_roles.so.1)
105 -#
106 -cups account required pam_unix_account.so.1
107 -#
108 -# GDM Autologin (explicit because of pam_allow) This needs to be here
109 -# as there is no mechanism for packages to amend pam.conf as they are
110 -# installed.
111 -#
112 -gdm-autologin account sufficient pam_allow.so.1
113 -#
114 -# Default definition for Account management
115 -# Used when service name is not explicitly mentioned for account management
116 -#
117 -other account requisite pam_roles.so.1
118 -other account required pam_unix_account.so.1
119 -#
120 -# Default definition for Session management
121 -# Used when service name is not explicitly mentioned for session management
122 -#
123 -other session required pam_unix_session.so.1
124 -#
125 -# Default definition for Password management
126 -# Used when service name is not explicitly mentioned for password management
127 -#
128 -other password required pam_dhkeys.so.1
129 -other password requisite pam_authtok_get.so.1
130 -other password requisite pam_authtok_check.so.1
131 -other password required pam_authtok_store.so.1
132 -#
133 -# Support for Kerberos V5 authentication and example configurations can
134 -# be found in the pam_krb5(5) man page under the "EXAMPLES" section.
135 -#
4 +# The shipped PAM configuration has moved from the legacy /etc/pam.conf
5 +# to the new /etc/pam.d model. See pam.conf(4) for more information.
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX