| 1 |
auth required pam_env.so |
| 2 |
# this part is here if the module don't exist |
| 3 |
# basically, the idea is to copy the exact detail of sufficient, |
| 4 |
# and add abort=ignore |
| 5 |
auth [abort=ignore success=done new_authtok_reqd=done default=ignore] pam_tcb.so shadow fork nullok prefix=$2a$ count=8 |
| 6 |
auth sufficient pam_unix.so likeauth nullok |
| 7 |
auth sufficient pam_ldap.so use_first_pass |
| 8 |
<% if access_class = 'admin' %> |
| 9 |
auth required pam_wheel.so group=mga-sysadmin |
| 10 |
<% end %> |
| 11 |
<% if access_class = 'commiters' %> |
| 12 |
auth required pam_wheel.so group=mga-commiters |
| 13 |
<% end %> |
| 14 |
auth required pam_deny.so |
| 15 |
|
| 16 |
|
| 17 |
account sufficient pam_localuser.so |
| 18 |
account sufficient pam_ldap.so |
| 19 |
account required pam_deny.so |
| 20 |
|
| 21 |
|
| 22 |
password required pam_cracklib.so retry=3 minlen=8 dcredit=-1 ucredit=-1 ocredit=-1 lcredit=-1 dcredit=0 ucredit=0 ucredit=0 |
| 23 |
# TODO check this part too |
| 24 |
password sufficient pam_tcb.so use_authtok shadow write_to=shadow fork nullok prefix=$2a$ count=8 abort=ignore |
| 25 |
password sufficient pam_ldap.so use_authtok |
| 26 |
password sufficient pam_unix.so use_authtok nullok md5 shadow |
| 27 |
password required pam_deny.so |
| 28 |
|
| 29 |
session optional pam_keyinit.so revoke |
| 30 |
# optional if there is a problem when creating the account |
| 31 |
session optional pam_mkhomedir.so |
| 32 |
session required pam_limits.so |
| 33 |
session required pam_unix.so |
| 34 |
session optional pam_ldap.so |
| 35 |
|
Parent Directory
| 
Revision Log