pam: Add default pam common- files.

diff --git a/etc/pam.d/common-account b/etc/pam.d/common-account
new file mode 100644 (file)
index 0000000..6798301
--- /dev/null
+++ b/etc/pam.d/common-account
@@ -0,0 +1,9 @@
+#
+# /etc/pam.d/common-account - authorization settings common to all services
+#
+# This file is included from other service-specific PAM config files,
+# and should contain a list of the authorization modules that define
+# the central access policy for use on the system.  The default is to
+# only deny service to users whose accounts are expired in /etc/shadow.
+#
+account        required        pam_unix.so

diff --git a/etc/pam.d/common-auth b/etc/pam.d/common-auth
new file mode 100644 (file)
index 0000000..63d129a
--- /dev/null
+++ b/etc/pam.d/common-auth
@@ -0,0 +1,10 @@
+#
+# /etc/pam.d/common-auth - authentication settings common to all services
+#
+# This file is included from other service-specific PAM config files,
+# and should contain a list of the authentication modules that define
+# the central authentication scheme for use on the system
+# (e.g., /etc/shadow, LDAP, Kerberos, etc.).  The default is to use the
+# traditional Unix authentication mechanisms.
+#
+auth   required        pam_unix.so nullok_secure

diff --git a/etc/pam.d/common-password b/etc/pam.d/common-password
new file mode 100644 (file)
index 0000000..45959eb
--- /dev/null
+++ b/etc/pam.d/common-password
@@ -0,0 +1,34 @@
+#
+# /etc/pam.d/common-password - password-related modules common to all services
+#
+# This file is included from other service-specific PAM config files,
+# and should contain a list of modules that define the services to be
+# used to change user passwords.  The default is pam_unix.
+
+# Explanation of pam_unix options:
+#
+# The "nullok" option allows users to change an empty password, else
+# empty passwords are treated as locked accounts.
+#
+# The "md5" option enables MD5 passwords.  Without this option, the
+# default is Unix crypt.
+#
+# The "obscure" option replaces the old `OBSCURE_CHECKS_ENAB' option in
+# login.defs.
+#
+# You can also use the "min" option to enforce the length of the new
+# password.
+#
+# See the pam_unix manpage for other options.
+
+password   required   pam_unix.so nullok obscure md5
+
+# Alternate strength checking for password. Note that this
+# requires the libpam-cracklib package to be installed.
+# You will need to comment out the password line above and
+# uncomment the next two in order to use this.
+# (Replaces the `OBSCURE_CHECKS_ENAB', `CRACKLIB_DICTPATH')
+#
+# password required      pam_cracklib.so retry=3 minlen=6 difok=3
+# password required      pam_unix.so use_authtok nullok md5
+

diff --git a/etc/pam.d/common-session b/etc/pam.d/common-session
new file mode 100644 (file)
index 0000000..dc11da6
--- /dev/null
+++ b/etc/pam.d/common-session
@@ -0,0 +1,9 @@
+#
+# /etc/pam.d/common-session - session-related modules common to all services
+#
+# This file is included from other service-specific PAM config files,
+# and should contain a list of modules that define tasks to be performed
+# at the start and end of sessions of *any* kind (both interactive and
+# non-interactive).  The default is pam_unix.
+#
+session        required        pam_unix.so