mirror of
https://salsa.debian.org/freeipa-team/freeipa.git
synced 2024-12-30 10:47:08 -06:00
92cd987e0a
Add three new ipa-advise plugins, to facilitate configuration of legacy clients using nss-pam-ldapd: * config-redhat-nss-pam-ldapd * config-generic-linux-nss-pam-ldapd * config-freebsd-nss-pam-ldapd https://fedorahosted.org/freeipa/ticket/3672
26 lines
1.1 KiB
Plaintext
26 lines
1.1 KiB
Plaintext
# PAM configuration for the "sshd" service
|
|
#
|
|
|
|
# auth
|
|
auth sufficient pam_opie.so no_warn no_fake_prompts
|
|
auth requisite pam_opieaccess.so no_warn allow_local
|
|
#auth sufficient pam_krb5.so no_warn try_first_pass
|
|
#auth sufficient pam_ssh.so no_warn try_first_pass
|
|
auth sufficient /usr/local/lib/pam_ldap.so no_warn
|
|
auth required pam_unix.so no_warn try_first_pass
|
|
|
|
# account
|
|
account required pam_nologin.so
|
|
#account required pam_krb5.so
|
|
account required /usr/local/lib/pam_ldap.so no_warn ignore_authinfo_unavail ignore_unknown_user
|
|
account required pam_login_access.so
|
|
account required pam_unix.so
|
|
|
|
# session
|
|
#session optional pam_ssh.so want_agent
|
|
session required pam_permit.so
|
|
|
|
# password
|
|
#password sufficient pam_krb5.so no_warn try_first_pass
|
|
password required pam_unix.so no_warn try_first_pass
|