pam: Deny everything in pam.d/other.

author Matthijs Kooijman <matthijs@stdin.nl>

Tue, 30 Dec 2008 16:04:28 +0000 (17:04 +0100)

committer Matthijs Kooijman <matthijs@stdin.nl>

Tue, 30 Dec 2008 16:04:28 +0000 (17:04 +0100)
author Matthijs Kooijman <matthijs@stdin.nl>
Tue, 30 Dec 2008 16:04:28 +0000 (17:04 +0100)
committer Matthijs Kooijman <matthijs@stdin.nl>
Tue, 30 Dec 2008 16:04:28 +0000 (17:04 +0100)
diff --git a/etc/pam.d/other b/etc/pam.d/other

index 59d776c9cb2be4b5f22e1ecfc8bfe21b8b5e5aad..867cf9172956768ea8ab3ccc44445c3f6d30f35a 100644 (file)
--- a/etc/pam.d/other
+++ b/etc/pam.d/other
@@ -4,13 +4,11 @@
  # Note that this file is used for any unspecified service; for example
  #if /etc/pam.d/cron  specifies no session modules but cron calls
  #pam_open_session, the session module out of /etc/pam.d/other is
-#used.  If you really want nothing to happen then use pam_permit.so or
-#pam_deny.so as appropriate.
-
-# We fall back to the system default in /etc/pam.d/common-*
-# 
+#used.  
+#
+# We deny any pam calls not explicitely allowed elsewhere.
  
-@include common-auth
-@include common-account
-@include common-password
-@include common-session
+auth        required pam_deny
+account     required pam_deny
+session     required pam_deny
+password    required pam_deny
author	Matthijs Kooijman <matthijs@stdin.nl>
	Tue, 30 Dec 2008 16:04:28 +0000 (17:04 +0100)
committer	Matthijs Kooijman <matthijs@stdin.nl>
	Tue, 30 Dec 2008 16:04:28 +0000 (17:04 +0100)