1 |
auth required pam_env.so |
2 |
# this part is here if the module don't exist |
3 |
# basically, the idea is to copy the exact detail of sufficient, |
4 |
# and add abort=ignore |
5 |
auth [abort=ignore success=done new_authtok_reqd=done default=ignore] pam_tcb.so shadow fork nullok prefix=$2a$ count=8 |
6 |
auth sufficient pam_unix.so likeauth nullok |
7 |
auth sufficient pam_ldap.so use_first_pass |
8 |
<% if access_class = 'admin' %> |
9 |
auth required pam_wheel.so group=mga-sysadmin |
10 |
<% end %> |
11 |
<% if access_class = 'commiters' %> |
12 |
auth required pam_wheel.so group=mga-commiters |
13 |
<% end %> |
14 |
auth required pam_deny.so |
15 |
|
16 |
|
17 |
account sufficient pam_localuser.so |
18 |
account sufficient pam_ldap.so |
19 |
account required pam_deny.so |
20 |
|
21 |
|
22 |
password required pam_cracklib.so retry=3 minlen=8 dcredit=-1 ucredit=-1 ocredit=-1 lcredit=-1 dcredit=0 ucredit=0 ucredit=0 |
23 |
# TODO check this part too |
24 |
password sufficient pam_tcb.so use_authtok shadow write_to=shadow fork nullok prefix=$2a$ count=8 abort=ignore |
25 |
password sufficient pam_ldap.so use_authtok |
26 |
password sufficient pam_unix.so use_authtok nullok md5 shadow |
27 |
password required pam_deny.so |
28 |
|
29 |
session optional pam_keyinit.so revoke |
30 |
# optional if there is a problem when creating the account |
31 |
session optional pam_mkhomedir.so |
32 |
session required pam_limits.so |
33 |
session required pam_unix.so |
34 |
session optional pam_ldap.so |
35 |
|