From dc84e38a62813df639ae0478fe47441f732044a4 Mon Sep 17 00:00:00 2001
From: Matthijs Kooijman <matthijs@stdin.nl>
Date: Tue, 30 Dec 2008 17:04:28 +0100
Subject: [PATCH] pam: Deny everything in pam.d/other.

---
 etc/pam.d/other | 16 +++++++---------
 1 file changed, 7 insertions(+), 9 deletions(-)

diff --git a/etc/pam.d/other b/etc/pam.d/other
index 59d776c..867cf91 100644
--- a/etc/pam.d/other
+++ b/etc/pam.d/other
@@ -4,13 +4,11 @@
 # Note that this file is used for any unspecified service; for example
 #if /etc/pam.d/cron  specifies no session modules but cron calls
 #pam_open_session, the session module out of /etc/pam.d/other is
-#used.  If you really want nothing to happen then use pam_permit.so or
-#pam_deny.so as appropriate.
-
-# We fall back to the system default in /etc/pam.d/common-*
-# 
+#used.  
+#
+# We deny any pam calls not explicitely allowed elsewhere.
 
-@include common-auth
-@include common-account
-@include common-password
-@include common-session
+auth        required pam_deny
+account     required pam_deny
+session     required pam_deny
+password    required pam_deny
-- 
2.30.2