#
# Copyright (c) 2012, Oracle and/or its affiliates. All rights reserved.
#
# PAM configuration file for authenticating users through LDAP or through 
# UNIX password-based login if the account is local (not in LDAP).
#
# Authentication management
#
#
# login service (explicit because of pam_dial_auth)
#
login	auth requisite		pam_authtok_get.so.1
login	auth required		pam_dhkeys.so.1
login	auth required		pam_dial_auth.so.1
login	auth binding		pam_unix_auth.so.1	server_policy
login	auth required		pam_unix_cred.so.1
login	auth required		pam_ldap.so.1
#
# rlogin service (explicit because of pam_rhost_auth)
#
rlogin	auth sufficient		pam_rhosts_auth.so.1
rlogin	auth requisite		pam_authtok_get.so.1
rlogin	auth required		pam_dhkeys.so.1
rlogin	auth binding		pam_unix_auth.so.1	server_policy
rlogin	auth required		pam_unix_cred.so.1
rlogin	auth required		pam_ldap.so.1
#
# Kerberized rlogin service
#
krlogin	auth required		pam_unix_cred.so.1
krlogin	auth required		pam_krb5.so.1
#
# rsh service (explicit because of pam_rhost_auth)
#
rsh	auth sufficient		pam_rhosts_auth.so.1
rsh	auth required		pam_unix_cred.so.1
#
# Kerberized rsh service
#
krsh	auth required		pam_unix_cred.so.1
krsh	auth required		pam_krb5.so.1
#
# Kerberized telnet service
#
ktelnet	auth required		pam_unix_cred.so.1
ktelnet	auth required		pam_krb5.so.1
#
# PPP service (explicit because of pam_dial_auth)
#
ppp	auth requisite		pam_authtok_get.so.1
ppp	auth required		pam_dhkeys.so.1
ppp	auth required		pam_unix_cred.so.1
ppp	auth required		pam_dial_auth.so.1
ppp	auth binding		pam_unix_auth.so.1	server_policy
ppp	auth required		pam_ldap.so.1
#
# GDM Autologin (explicit because of pam_allow).  These need to be
# here as there is no mechanism for packages to amend pam.conf as
# they are installed.
#
gdm-autologin auth  required    pam_unix_cred.so.1
gdm-autologin auth  sufficient  pam_allow.so.1
#
other	auth	requisite	pam_authtok_get.so.1
other	auth	required	pam_dhkeys.so.1
other	auth	required	pam_unix_cred.so.1
other	auth	binding		pam_unix_auth.so.1 server_policy
other	auth	required	pam_ldap.so.1
#
# Account management
#
other	account	requisite	pam_roles.so.1
other	account	required	pam_tsol_account.so.1
other	account	binding		pam_unix_account.so.1 server_policy
other	account	required	pam_ldap.so.1
#
# Password management (authentication)
#
passwd	auth 	binding		pam_passwd_auth.so.1 server_policy
passwd	auth 	required	pam_ldap.so.1
# 
# Password management (updates)
#
other   password include	pam_authtok_common
other	password required	pam_authtok_store.so.1 server_policy
#
# Session management
#
other	session required	pam_unix_session.so.1
#
# Account management for Trusted Extensions (TX)
# These entries are required for TX environments since these services
# run in the Trusted Path and pam_tsol_account(5) isn't applicable to
# PAM sessions which run in the Trusted Path.
#
gdm		account	requisite	pam_roles.so.1
gdm		account	binding		pam_unix_account.so.1 server_policy
gdm		account	required	pam_ldap.so.1
xscreensaver	account	requisite	pam_roles.so.1
xscreensaver	account	binding		pam_unix_account.so.1 server_policy
xscreensaver	account	required	pam_ldap.so.1
passwd		account	requisite	pam_roles.so.1
passwd		account	binding		pam_unix_account.so.1 server_policy
passwd		account	required	pam_ldap.so.1
dtpasswd	account	requisite	pam_roles.so.1
dtpasswd	account	binding		pam_unix_account.so.1 server_policy
dtpasswd	account	required	pam_ldap.so.1
tsoljds-tstripe	account	requisite	pam_roles.so.1
tsoljds-tstripe	account	binding		pam_unix_account.so.1 server_policy
tsoljds-tstripe	account	required	pam_ldap.so.1