diff options
Diffstat (limited to 'meta-ampere/meta-common/recipes-extended/pam/libpam/pam.d/common-auth')
-rw-r--r-- | meta-ampere/meta-common/recipes-extended/pam/libpam/pam.d/common-auth | 21 |
1 files changed, 21 insertions, 0 deletions
diff --git a/meta-ampere/meta-common/recipes-extended/pam/libpam/pam.d/common-auth b/meta-ampere/meta-common/recipes-extended/pam/libpam/pam.d/common-auth new file mode 100644 index 0000000000..c79219f24d --- /dev/null +++ b/meta-ampere/meta-common/recipes-extended/pam/libpam/pam.d/common-auth @@ -0,0 +1,21 @@ +# +# /etc/pam.d/common-auth - authentication settings common to all services +# +# This file is included from other service-specific PAM config files, +# and should contain a list of the authentication modules that define +# the central authentication scheme for use on the system +# (e.g., /etc/shadow, LDAP, Kerberos, etc.). The default is to use the +# traditional Unix authentication mechanisms. + +# here are the per-package modules (the "Primary" block) +auth [success=ok user_unknown=ignore default=2] pam_tally2.so deny=5 unlock_time=0 +# Try for local user first, and then try for ldap +auth [success=2 default=ignore] pam_unix.so quiet +-auth [success=1 default=ignore] pam_ldap.so ignore_unknown_user ignore_authinfo_unavail +# here's the fallback if no module succeeds +auth requisite pam_deny.so +# prime the stack with a positive return value if there isn't one already; +# this avoids us returning an error just because nothing sets a success code +# since the modules above will each just jump around +auth required pam_permit.so +# and here are more per-package modules (the "Additional" block) |