From c2774739de942b750691e9a155dc003bae24afb8 Mon Sep 17 00:00:00 2001 From: root Date: Thu, 25 Sep 2008 07:48:37 +0000 Subject: [PATCH] pam: Add default pam common- files. --- etc/pam.d/common-account | 9 +++++++++ etc/pam.d/common-auth | 10 ++++++++++ etc/pam.d/common-password | 34 ++++++++++++++++++++++++++++++++++ etc/pam.d/common-session | 9 +++++++++ 4 files changed, 62 insertions(+) create mode 100644 etc/pam.d/common-account create mode 100644 etc/pam.d/common-auth create mode 100644 etc/pam.d/common-password create mode 100644 etc/pam.d/common-session diff --git a/etc/pam.d/common-account b/etc/pam.d/common-account new file mode 100644 index 0000000..6798301 --- /dev/null +++ b/etc/pam.d/common-account @@ -0,0 +1,9 @@ +# +# /etc/pam.d/common-account - authorization settings common to all services +# +# This file is included from other service-specific PAM config files, +# and should contain a list of the authorization modules that define +# the central access policy for use on the system. The default is to +# only deny service to users whose accounts are expired in /etc/shadow. +# +account required pam_unix.so diff --git a/etc/pam.d/common-auth b/etc/pam.d/common-auth new file mode 100644 index 0000000..63d129a --- /dev/null +++ b/etc/pam.d/common-auth @@ -0,0 +1,10 @@ +# +# /etc/pam.d/common-auth - authentication settings common to all services +# +# This file is included from other service-specific PAM config files, +# and should contain a list of the authentication modules that define +# the central authentication scheme for use on the system +# (e.g., /etc/shadow, LDAP, Kerberos, etc.). The default is to use the +# traditional Unix authentication mechanisms. +# +auth required pam_unix.so nullok_secure diff --git a/etc/pam.d/common-password b/etc/pam.d/common-password new file mode 100644 index 0000000..45959eb --- /dev/null +++ b/etc/pam.d/common-password @@ -0,0 +1,34 @@ +# +# /etc/pam.d/common-password - password-related modules common to all services +# +# This file is included from other service-specific PAM config files, +# and should contain a list of modules that define the services to be +# used to change user passwords. The default is pam_unix. + +# Explanation of pam_unix options: +# +# The "nullok" option allows users to change an empty password, else +# empty passwords are treated as locked accounts. +# +# The "md5" option enables MD5 passwords. Without this option, the +# default is Unix crypt. +# +# The "obscure" option replaces the old `OBSCURE_CHECKS_ENAB' option in +# login.defs. +# +# You can also use the "min" option to enforce the length of the new +# password. +# +# See the pam_unix manpage for other options. + +password required pam_unix.so nullok obscure md5 + +# Alternate strength checking for password. Note that this +# requires the libpam-cracklib package to be installed. +# You will need to comment out the password line above and +# uncomment the next two in order to use this. +# (Replaces the `OBSCURE_CHECKS_ENAB', `CRACKLIB_DICTPATH') +# +# password required pam_cracklib.so retry=3 minlen=6 difok=3 +# password required pam_unix.so use_authtok nullok md5 + diff --git a/etc/pam.d/common-session b/etc/pam.d/common-session new file mode 100644 index 0000000..dc11da6 --- /dev/null +++ b/etc/pam.d/common-session @@ -0,0 +1,9 @@ +# +# /etc/pam.d/common-session - session-related modules common to all services +# +# This file is included from other service-specific PAM config files, +# and should contain a list of modules that define tasks to be performed +# at the start and end of sessions of *any* kind (both interactive and +# non-interactive). The default is pam_unix. +# +session required pam_unix.so -- 2.30.2