1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61
|
#ident $Id: pam.conf,v 1.3 2005/10/29 01:07:48 lukeh Exp $
#
# Authentication management
#
#
# This implements the following authentication policy:
#
# Local authentication is authoritative for local users
#
# LDAP authentication is required unless unavailable
#
# If LDAP authentication is unavailable, then cached
# credentials will be used to authenticate
#
# If LDAP authentication succeeded, then the cached
# credentials will be updated with a hash of the
# authentication token
#
# If LDAP authentication failed for any other reason,
# then cached credentials will be deleted if they
# matched the authentication token
other auth [user_unknown=ignore default=done] \
/lib/security/pam_unix.so
other auth [authinfo_unavail=ignore success=1 default=2] \
/lib/security/pam_ldap.so try_first_pass
other auth [default=done] /lib/security/pam_ccreds.so action=validate use_first_pass
other auth [default=done] /lib/security/pam_ccreds.so action=store
other auth [default=bad] /lib/security/pam_ccreds.so action=update
#
# Account management
#
#
# This implements the following authorization policy:
#
# Local authorization is authoritative for local users
#
# LDAP authorization is required if available
#
# If LDAP authorization is unavailable, then the user
# is allowed to login (we do not presently support
# caching of authorization information)
#
other account [user_unknown=ignore default=done] /lib/security/pam_unix.so
other account [authinfo_unavail=ignore default=done] /lib/security/pam_ldap.so
other account [default=done] /lib/security/pam_permit.so
#
# Session management
#
other session required /lib/security/pam_unix.so
#
# Password management
#
other password required /lib/security/pam_ldap.so
#other password required /lib/security/pam_unix.so
|