# # Copyright (c) 2008, 2012, Oracle and/or its affiliates. All rights reserved. # # PAM configuration file for authenticating users through Kerberos # optionally using Unix password-based login. Users are authenticated # through Kerberos if they exist in the Kerberos database. # # Authentication management # # login service (explicit because of pam_dial_auth) # login auth requisite pam_authtok_get.so.1 login auth required pam_dhkeys.so.1 login auth required pam_unix_auth.so.1 login auth required pam_unix_cred.so.1 login auth required pam_dial_auth.so.1 login auth optional pam_krb5.so.1 # # rlogin service (explicit because of pam_rhost_auth) # rlogin auth sufficient pam_rhosts_auth.so.1 rlogin auth requisite pam_authtok_get.so.1 rlogin auth required pam_dhkeys.so.1 rlogin auth required pam_unix_auth.so.1 rlogin auth required pam_unix_cred.so.1 rlogin auth optional pam_krb5.so.1 # # Kerberized rlogin service # krlogin auth required pam_unix_cred.so.1 krlogin auth required pam_krb5.so.1 # # rsh service (explicit because of pam_rhost_auth) # rsh auth sufficient pam_rhosts_auth.so.1 rsh auth required pam_unix_cred.so.1 # # Kerberized rsh service # krsh auth required pam_unix_cred.so.1 krsh auth required pam_krb5.so.1 # # Kerberized telnet service # ktelnet auth required pam_unix_cred.so.1 ktelnet auth required pam_krb5.so.1 # # PPP service (explicit because of pam_dial_auth) # ppp auth requisite pam_authtok_get.so.1 ppp auth required pam_dhkeys.so.1 ppp auth required pam_unix_auth.so.1 ppp auth required pam_unix_cred.so.1 ppp auth required pam_dial_auth.so.1 ppp auth optional pam_krb5.so.1 # # GDM Autologin (explicit because of pam_allow). These need to be # here as there is no mechanism for packages to amend pam.conf as # they are installed. # gdm-autologin auth required pam_unix_cred.so.1 gdm-autologin auth sufficient pam_allow.so.1 # # Default definitions for Authentication management # Used when service name is not explicitly mentioned for authentication # OTHER auth requisite pam_authtok_get.so.1 OTHER auth required pam_dhkeys.so.1 OTHER auth required pam_unix_auth.so.1 OTHER auth required pam_unix_cred.so.1 OTHER auth optional pam_krb5.so.1 # # passwd command (explicit because of a different authentication module) # passwd auth required pam_passwd_auth.so.1 # # cron service (explicit because of non-usage of pam_roles.so.1) # cron account required pam_unix_account.so.1 # # cups service (explicit because of non-usage of pam_roles.so.1) # cups account required pam_unix_account.so.1 # # GDM Autologin (explicit because of pam_allow) This needs to be here # as there is no mechanism for packages to amend pam.conf as they are # installed. # gdm-autologin account sufficient pam_allow.so.1 # # Default definition for Account management # Used when service name is not explicitly mentioned for account management # OTHER account requisite pam_roles.so.1 OTHER account required pam_unix_account.so.1 OTHER account required pam_tsol_account.so.1 OTHER account optional pam_krb5.so.1 # # Password management # OTHER password include pam_authtok_common OTHER password required pam_authtok_store.so.1 OTHER password optional pam_krb5.so.1 # # Session management # OTHER session required pam_unix_session.so.1 # # Account management for Trusted Extensions (TX) # These entries are required for TX environments since these services # run in the Trusted Path and pam_tsol_account(5) isn't applicable to # PAM sessions which run in the Trusted Path. # gdm account requisite pam_roles.so.1 gdm account required pam_unix_account.so.1 gdm account optional pam_krb5.so.1 xscreensaver account requisite pam_roles.so.1 xscreensaver account required pam_unix_account.so.1 xscreensaver account optional pam_krb5.so.1 passwd account requisite pam_roles.so.1 passwd account required pam_unix_account.so.1 passwd account optional pam_krb5.so.1 dtpasswd account requisite pam_roles.so.1 dtpasswd account required pam_unix_account.so.1 dtpasswd account optional pam_krb5.so.1 tsoljds-tstripe account requisite pam_roles.so.1 tsoljds-tstripe account required pam_unix_account.so.1 tsoljds-tstripe account optional pam_krb5.so.1