/[adm]/puppet/modules/pam/templates/system-auth
ViewVC logotype

Contents of /puppet/modules/pam/templates/system-auth

Parent Directory Parent Directory | Revision Log Revision Log


Revision 449 - (show annotations) (download)
Wed Nov 24 01:39:17 2010 UTC (10 years, 11 months ago) by misc
File size: 1441 byte(s)
move the group restriction at the top of the file, or they are useless

1 auth required pam_env.so
2 <%- if access_class = 'admin' -%>
3 auth required pam_succeed_if.so quiet user ingroup mga-sysadmin
4 <%- end -%>
5 <%- if access_class = 'commiters' -%>
6 auth required pam_succeed_if.so quiet user ingroup mga-commiters
7 <%- end -%>
8 # this part is here if the module don't exist
9 # basically, the idea is to copy the exact detail of sufficient,
10 # and add abort=ignore
11 auth [abort=ignore success=done new_authtok_reqd=done default=ignore] pam_tcb.so shadow fork nullok prefix=$2a$ count=8
12 auth sufficient pam_unix.so likeauth nullok try_first_pass
13 auth sufficient pam_ldap.so use_first_pass
14 auth required pam_deny.so
15
16
17 account sufficient pam_localuser.so
18 account sufficient pam_ldap.so
19 account required pam_deny.so
20
21
22 password required pam_cracklib.so retry=3 minlen=8 dcredit=-1 ucredit=-1 ocredit=-1 lcredit=-1 dcredit=0 ucredit=0 ucredit=0
23 # TODO check this part too
24 password sufficient pam_tcb.so use_authtok shadow write_to=shadow fork nullok prefix=$2a$ count=8 abort=ignore
25 password sufficient pam_ldap.so use_authtok
26 password sufficient pam_unix.so use_authtok nullok md5 shadow
27 password required pam_deny.so
28
29 session optional pam_keyinit.so revoke
30 # optional if there is a problem when creating the account
31 session optional pam_mkhomedir.so
32 session required pam_limits.so
33 session required pam_unix.so
34 session optional pam_ldap.so
35

  ViewVC Help
Powered by ViewVC 1.1.28