1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
|
#ident $Id: pam.conf,v 1.3 2005/10/29 01:07:48 lukeh Exp $
#
# Authentication management
#
#
# This implements the following authentication policy:
#
# Local authentication is authoritative for local users
#
# LDAP authentication is required unless unavailable
#
# If LDAP authentication is unavailable, then cached
# credentials will be used to authenticate
#
# If LDAP authentication succeeded, then the cached
# credentials will be updated with a hash of the
# authentication token
#
# If LDAP authentication failed for any other reason,
# then cached credentials will be deleted if they
# matched the authentication token
other auth [user_unknown=ignore default=done] \
/lib/security/pam_unix.so
other auth [authinfo_unavail=ignore success=1 default=2] \
/lib/security/pam_ldap.so try_first_pass
other auth [default=done] /lib/security/pam_ccreds.so action=validate use_first_pass
other auth [default=done] /lib/security/pam_ccreds.so action=store
other auth [default=bad] /lib/security/pam_ccreds.so action=update
#
# Account management
#
#
# This implements the following authorization policy:
#
# Local authorization is authoritative for local users
#
# LDAP authorization is required if available
#
# If LDAP authorization is unavailable, then the user
# is allowed to login (we do not presently support
# caching of authorization information)
#
other account [user_unknown=ignore default=done] /lib/security/pam_unix.so
other account [authinfo_unavail=ignore default=done] /lib/security/pam_ldap.so
other account [default=done] /lib/security/pam_permit.so
#
# Session management
#
other session required /lib/security/pam_unix.so
#
# Password management
#
other password required /lib/security/pam_ldap.so
#other password required /lib/security/pam_unix.so
|
