pam: Deny everything in pam.d/other.

[matthijs/servers/drsnuggles.git] / etc / pam.d / other

diff --git a/etc/pam.d/other b/etc/pam.d/other
index 59d776c9cb2be4b5f22e1ecfc8bfe21b8b5e5aad..867cf9172956768ea8ab3ccc44445c3f6d30f35a 100644 (file)
--- a/etc/pam.d/other
+++ b/etc/pam.d/other
@@ -4,13 +4,11 @@
 # Note that this file is used for any unspecified service; for example
 #if /etc/pam.d/cron  specifies no session modules but cron calls
 #pam_open_session, the session module out of /etc/pam.d/other is
-#used.  If you really want nothing to happen then use pam_permit.so or
-#pam_deny.so as appropriate.
-
-# We fall back to the system default in /etc/pam.d/common-*
-# 
+#used.  
+#
+# We deny any pam calls not explicitely allowed elsewhere.
 
-@include common-auth
-@include common-account
-@include common-password
-@include common-session
+auth        required pam_deny
+account     required pam_deny
+session     required pam_deny
+password    required pam_deny