projects
/
matthijs
/
servers
/
drsnuggles.git
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
|
inline
| side by side (parent:
23cc9f1
)
pam: Deny everything in pam.d/other.
author
Matthijs Kooijman
<matthijs@stdin.nl>
Tue, 30 Dec 2008 16:04:28 +0000
(17:04 +0100)
committer
Matthijs Kooijman
<matthijs@stdin.nl>
Tue, 30 Dec 2008 16:04:28 +0000
(17:04 +0100)
etc/pam.d/other
patch
|
blob
|
history
diff --git
a/etc/pam.d/other
b/etc/pam.d/other
index 59d776c9cb2be4b5f22e1ecfc8bfe21b8b5e5aad..867cf9172956768ea8ab3ccc44445c3f6d30f35a 100644
(file)
--- a/
etc/pam.d/other
+++ b/
etc/pam.d/other
@@
-4,13
+4,11
@@
# Note that this file is used for any unspecified service; for example
#if /etc/pam.d/cron specifies no session modules but cron calls
#pam_open_session, the session module out of /etc/pam.d/other is
# Note that this file is used for any unspecified service; for example
#if /etc/pam.d/cron specifies no session modules but cron calls
#pam_open_session, the session module out of /etc/pam.d/other is
-#used. If you really want nothing to happen then use pam_permit.so or
-#pam_deny.so as appropriate.
-
-# We fall back to the system default in /etc/pam.d/common-*
-#
+#used.
+#
+# We deny any pam calls not explicitely allowed elsewhere.
-@include common-auth
-@include common-account
-@include common-password
-@include common-session
+auth required pam_deny
+account required pam_deny
+session required pam_deny
+password required pam_deny