# # Copyright (c) 2013, Oracle and/or its affiliates. All rights reserved. # # PAM configuration for using UNIX authentication (UNIX passwords) # and UNIX for account management and password management. # # Authentication management # # login service (explicit because of pam_dial_auth) # login auth requisite pam_authtok_get.so.1 login auth required pam_dhkeys.so.1 login auth required pam_unix_auth.so.1 login auth required pam_unix_cred.so.1 login auth required pam_dial_auth.so.1 # # rlogin service (explicit because of pam_rhost_auth) # rlogin auth sufficient pam_rhosts_auth.so.1 rlogin auth requisite pam_authtok_get.so.1 rlogin auth required pam_dhkeys.so.1 rlogin auth required pam_unix_auth.so.1 rlogin auth required pam_unix_cred.so.1 # # Kerberized rlogin service # krlogin auth required pam_unix_cred.so.1 krlogin auth required pam_krb5.so.1 # # rsh service (explicit because of pam_rhost_auth) # rsh auth sufficient pam_rhosts_auth.so.1 rsh auth required pam_unix_cred.so.1 # # Kerberized rsh service # krsh auth required pam_unix_cred.so.1 krsh auth required pam_krb5.so.1 # # Kerberized telnet service # ktelnet auth required pam_unix_cred.so.1 ktelnet auth required pam_krb5.so.1 # # pfexec service (explicit because of usage of pam_tty_tickets.so.1) # pfexec auth required pam_unix_cred.so.1 pfexec auth sufficient pam_tty_tickets.so.1 pfexec auth requisite pam_authtok_get.so.1 pfexec auth required pam_dhkeys.so.1 pfexec auth required pam_unix_auth.so.1 # # PPP service (explicit because of pam_dial_auth) # ppp auth requisite pam_authtok_get.so.1 ppp auth required pam_dhkeys.so.1 ppp auth required pam_unix_auth.so.1 ppp auth required pam_unix_cred.so.1 ppp auth required pam_dial_auth.so.1 # # GDM Autologin (explicit because of pam_allow). These need to be # here as there is no mechanism for packages to amend pam.conf as # they are installed. # gdm-autologin auth required pam_unix_cred.so.1 gdm-autologin auth sufficient pam_allow.so.1 # # Default definitions for Authentication management # Used when service name is not explicitly mentioned for authentication # other auth requisite pam_authtok_get.so.1 other auth required pam_dhkeys.so.1 other auth required pam_unix_auth.so.1 other auth required pam_unix_cred.so.1 # # cron service (explicit because of non-usage of pam_roles.so.1) # cron account required pam_unix_account.so.1 # # cups service (explicit because of non-usage of pam_roles.so.1) # cups account required pam_unix_account.so.1 # # pfexec service (explicit because of non-usage of pam_roles.so.1) # pfexec account required pam_unix_account.so.1 # # GDM Autologin (explicit because of pam_allow) This needs to be here # as there is no mechanism for packages to amend pam.conf as they are # installed. # gdm-autologin account sufficient pam_allow.so.1 # # Default definition for Account management # Used when service name is not explicitly mentioned for account management # other account requisite pam_roles.so.1 other account required pam_unix_account.so.1 other account required pam_tsol_account.so.1 # # Password management (authentication) # passwd auth required pam_passwd_auth.so.1 # # Password management (updates) # other password include pam_authtok_common other password required pam_authtok_store.so.1 # # Default definition for Session management # Used when service name is not explicitly mentioned for session management # other session required pam_unix_session.so.1 # # Account management for Trusted Extensions (TX) # These entries are required for TX environments since these services # run in the Trusted Path and pam_tsol_account(5) isn't applicable to # PAM sessions which run in the Trusted Path. # gdm account requisite pam_roles.so.1 gdm account required pam_unix_account.so.1 xscreensaver account requisite pam_roles.so.1 xscreensaver account required pam_unix_account.so.1 passwd account requisite pam_roles.so.1 passwd account required pam_unix_account.so.1 dtpasswd account requisite pam_roles.so.1 dtpasswd account required pam_unix_account.so.1 tsoljds-tstripe account requisite pam_roles.so.1 tsoljds-tstripe account required pam_unix_account.so.1