diff options
Diffstat (limited to 'files/etc/pam.d')
| -rw-r--r-- | files/etc/pam.d/gdm | 12 | ||||
| -rw-r--r-- | files/etc/pam.d/login.lenny | 84 | ||||
| -rw-r--r-- | files/etc/pam.d/login.squeeze | 108 | ||||
| -rw-r--r-- | files/etc/pam.d/login.wheezy | 107 |
4 files changed, 0 insertions, 311 deletions
diff --git a/files/etc/pam.d/gdm b/files/etc/pam.d/gdm deleted file mode 100644 index c8c9888..0000000 --- a/files/etc/pam.d/gdm +++ /dev/null @@ -1,12 +0,0 @@ -#%PAM-1.0 -auth requisite pam_nologin.so -auth required pam_env.so readenv=1 -auth required pam_env.so readenv=1 envfile=/etc/default/locale -@include common-auth -auth optional pam_gnome_keyring.so -@include common-account -session required pam_limits.so -@include common-session -session optional pam_gnome_keyring.so auto_start -@include common-password -@include common-pammount diff --git a/files/etc/pam.d/login.lenny b/files/etc/pam.d/login.lenny deleted file mode 100644 index fd498c4..0000000 --- a/files/etc/pam.d/login.lenny +++ /dev/null @@ -1,84 +0,0 @@ -# -# The PAM configuration file for the Shadow `login' service -# - -# Enforce a minimal delay in case of failure (in microseconds). -# (Replaces the `FAIL_DELAY' setting from login.defs) -# Note that other modules may require another minimal delay. (for example, -# to disable any delay, you should add the nodelay option to pam_unix) -auth optional pam_faildelay.so delay=3000000 - -# Outputs an issue file prior to each login prompt (Replaces the -# ISSUE_FILE option from login.defs). Uncomment for use -# auth required pam_issue.so issue=/etc/issue - -# Disallows root logins except on tty's listed in /etc/securetty -# (Replaces the `CONSOLE' setting from login.defs) -auth [success=ok ignore=ignore user_unknown=ignore default=die] pam_securetty.so - -# Disallows other than root logins when /etc/nologin exists -# (Replaces the `NOLOGINS_FILE' option from login.defs) -auth requisite pam_nologin.so - -# This module parses environment configuration file(s) -# and also allows you to use an extended config -# file /etc/security/pam_env.conf. -# -# parsing /etc/environment needs "readenv=1" -session required pam_env.so readenv=1 -# locale variables are also kept into /etc/default/locale in etch -# reading this file *in addition to /etc/environment* does not hurt -session required pam_env.so readenv=1 envfile=/etc/default/locale - -# Standard Un*x authentication. -@include common-auth - -# This allows certain extra groups to be granted to a user -# based on things like time of day, tty, service, and user. -# Please edit /etc/security/group.conf to fit your needs -# (Replaces the `CONSOLE_GROUPS' option in login.defs) -auth optional pam_group.so - -# Uncomment and edit /etc/security/time.conf if you need to set -# time restrainst on logins. -# (Replaces the `PORTTIME_CHECKS_ENAB' option from login.defs -# as well as /etc/porttime) -# account requisite pam_time.so - -# Uncomment and edit /etc/security/access.conf if you need to -# set access limits. -# (Replaces /etc/login.access file) -# account required pam_access.so - -# Sets up user limits according to /etc/security/limits.conf -# (Replaces the use of /etc/limits in old login) -session required pam_limits.so - -# Prints the last login info upon succesful login -# (Replaces the `LASTLOG_ENAB' option from login.defs) -session optional pam_lastlog.so - -# Prints the motd upon succesful login -# (Replaces the `MOTD_FILE' option in login.defs) -session optional pam_motd.so - -# Prints the status of the user's mailbox upon succesful login -# (Replaces the `MAIL_CHECK_ENAB' option from login.defs). -# -# This also defines the MAIL environment variable -# However, userdel also needs MAIL_DIR and MAIL_FILE variables -# in /etc/login.defs to make sure that removing a user -# also removes the user's mail spool file. -# See comments in /etc/login.defs -session optional pam_mail.so standard - -# SELinux needs to intervene at login time to ensure that the process -# starts in the proper default security context. -# Uncomment the following line to enable SELinux -# session required pam_selinux.so select_context - -# Standard Un*x account and session -@include common-account -@include common-session -@include common-password -@include common-pammount diff --git a/files/etc/pam.d/login.squeeze b/files/etc/pam.d/login.squeeze deleted file mode 100644 index 47bf6f6..0000000 --- a/files/etc/pam.d/login.squeeze +++ /dev/null @@ -1,108 +0,0 @@ -# -# The PAM configuration file for the Shadow `login' service -# - -# Enforce a minimal delay in case of failure (in microseconds). -# (Replaces the `FAIL_DELAY' setting from login.defs) -# Note that other modules may require another minimal delay. (for example, -# to disable any delay, you should add the nodelay option to pam_unix) -auth optional pam_faildelay.so delay=3000000 - -# Outputs an issue file prior to each login prompt (Replaces the -# ISSUE_FILE option from login.defs). Uncomment for use -# auth required pam_issue.so issue=/etc/issue - -# Disallows root logins except on tty's listed in /etc/securetty -# (Replaces the `CONSOLE' setting from login.defs) -# -# With the default control of this module: -# [success=ok new_authtok_reqd=ok ignore=ignore user_unknown=bad default=die] -# root will not be prompted for a pasword on insecure lines. -# if an invalid username is entered, a password is prompted (but login -# will eventually be rejected) -# -# You can change it to a "requisite" module if you think root may mis-type -# her login and should not be prompted for a password in that case. But -# this will leave the system as vulnerable to user enumeration attacks. -# -# You can change it to a "required" module if you think it permits to -# guess valid user names of your system (invalid user names are considered -# as possibly being root on insecure lines), but root passwords may be -# communicated over insecure lines. -auth [success=ok new_authtok_reqd=ok ignore=ignore user_unknown=bad default=die] pam_securetty.so - -# Disallows other than root logins when /etc/nologin exists -# (Replaces the `NOLOGINS_FILE' option from login.defs) -auth requisite pam_nologin.so - -# SELinux needs to be the first session rule. This ensures that any -# lingering context has been cleared. Without out this it is possible -# that a module could execute code in the wrong domain. -# When the module is present, "required" would be sufficient (When SELinux -# is disabled, this returns success.) -session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so close - -# This module parses environment configuration file(s) -# and also allows you to use an extended config -# file /etc/security/pam_env.conf. -# -# parsing /etc/environment needs "readenv=1" -session required pam_env.so readenv=1 -# locale variables are also kept into /etc/default/locale in etch -# reading this file *in addition to /etc/environment* does not hurt -session required pam_env.so readenv=1 envfile=/etc/default/locale - -# Standard Un*x authentication. -@include common-auth - -# This allows certain extra groups to be granted to a user -# based on things like time of day, tty, service, and user. -# Please edit /etc/security/group.conf to fit your needs -# (Replaces the `CONSOLE_GROUPS' option in login.defs) -auth optional pam_group.so - -# Uncomment and edit /etc/security/time.conf if you need to set -# time restrainst on logins. -# (Replaces the `PORTTIME_CHECKS_ENAB' option from login.defs -# as well as /etc/porttime) -# account requisite pam_time.so - -# Uncomment and edit /etc/security/access.conf if you need to -# set access limits. -# (Replaces /etc/login.access file) -# account required pam_access.so - -# Sets up user limits according to /etc/security/limits.conf -# (Replaces the use of /etc/limits in old login) -session required pam_limits.so - -# Prints the last login info upon succesful login -# (Replaces the `LASTLOG_ENAB' option from login.defs) -session optional pam_lastlog.so - -# Prints the motd upon succesful login -# (Replaces the `MOTD_FILE' option in login.defs) -session optional pam_motd.so - -# Prints the status of the user's mailbox upon succesful login -# (Replaces the `MAIL_CHECK_ENAB' option from login.defs). -# -# This also defines the MAIL environment variable -# However, userdel also needs MAIL_DIR and MAIL_FILE variables -# in /etc/login.defs to make sure that removing a user -# also removes the user's mail spool file. -# See comments in /etc/login.defs -session optional pam_mail.so standard - -# Standard Un*x account and session -@include common-account -@include common-session -@include common-password -@include common-pammount - -# SELinux needs to intervene at login time to ensure that the process -# starts in the proper default security context. Only sessions which are -# intended to run in the user's context should be run after this. -session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so open -# When the module is present, "required" would be sufficient (When SELinux -# is disabled, this returns success.) diff --git a/files/etc/pam.d/login.wheezy b/files/etc/pam.d/login.wheezy deleted file mode 100644 index 6ac4fd7..0000000 --- a/files/etc/pam.d/login.wheezy +++ /dev/null @@ -1,107 +0,0 @@ -# -# The PAM configuration file for the Shadow `login' service -# - -# Enforce a minimal delay in case of failure (in microseconds). -# (Replaces the `FAIL_DELAY' setting from login.defs) -# Note that other modules may require another minimal delay. (for example, -# to disable any delay, you should add the nodelay option to pam_unix) -auth optional pam_faildelay.so delay=3000000 - -# Outputs an issue file prior to each login prompt (Replaces the -# ISSUE_FILE option from login.defs). Uncomment for use -# auth required pam_issue.so issue=/etc/issue - -# Disallows root logins except on tty's listed in /etc/securetty -# (Replaces the `CONSOLE' setting from login.defs) -# -# With the default control of this module: -# [success=ok new_authtok_reqd=ok ignore=ignore user_unknown=bad default=die] -# root will not be prompted for a pasword on insecure lines. -# if an invalid username is entered, a password is prompted (but login -# will eventually be rejected) -# -# You can change it to a "requisite" module if you think root may mis-type -# her login and should not be prompted for a password in that case. But -# this will leave the system as vulnerable to user enumeration attacks. -# -# You can change it to a "required" module if you think it permits to -# guess valid user names of your system (invalid user names are considered -# as possibly being root on insecure lines), but root passwords may be -# communicated over insecure lines. -auth [success=ok new_authtok_reqd=ok ignore=ignore user_unknown=bad default=die] pam_securetty.so - -# Disallows other than root logins when /etc/nologin exists -# (Replaces the `NOLOGINS_FILE' option from login.defs) -auth requisite pam_nologin.so - -# SELinux needs to be the first session rule. This ensures that any -# lingering context has been cleared. Without out this it is possible -# that a module could execute code in the wrong domain. -# When the module is present, "required" would be sufficient (When SELinux -# is disabled, this returns success.) -session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so close - -# This module parses environment configuration file(s) -# and also allows you to use an extended config -# file /etc/security/pam_env.conf. -# -# parsing /etc/environment needs "readenv=1" -session required pam_env.so readenv=1 -# locale variables are also kept into /etc/default/locale in etch -# reading this file *in addition to /etc/environment* does not hurt -session required pam_env.so readenv=1 envfile=/etc/default/locale - -# Standard Un*x authentication. -@include common-auth - -# This allows certain extra groups to be granted to a user -# based on things like time of day, tty, service, and user. -# Please edit /etc/security/group.conf to fit your needs -# (Replaces the `CONSOLE_GROUPS' option in login.defs) -auth optional pam_group.so - -# Uncomment and edit /etc/security/time.conf if you need to set -# time restrainst on logins. -# (Replaces the `PORTTIME_CHECKS_ENAB' option from login.defs -# as well as /etc/porttime) -# account requisite pam_time.so - -# Uncomment and edit /etc/security/access.conf if you need to -# set access limits. -# (Replaces /etc/login.access file) -# account required pam_access.so - -# Sets up user limits according to /etc/security/limits.conf -# (Replaces the use of /etc/limits in old login) -session required pam_limits.so - -# Prints the last login info upon succesful login -# (Replaces the `LASTLOG_ENAB' option from login.defs) -session optional pam_lastlog.so - -# Prints the motd upon succesful login -# (Replaces the `MOTD_FILE' option in login.defs) -session optional pam_motd.so - -# Prints the status of the user's mailbox upon succesful login -# (Replaces the `MAIL_CHECK_ENAB' option from login.defs). -# -# This also defines the MAIL environment variable -# However, userdel also needs MAIL_DIR and MAIL_FILE variables -# in /etc/login.defs to make sure that removing a user -# also removes the user's mail spool file. -# See comments in /etc/login.defs -session optional pam_mail.so standard - -# Standard Un*x account and session -@include common-account -@include common-session -@include common-password - -# SELinux needs to intervene at login time to ensure that the process -# starts in the proper default security context. Only sessions which are -# intended to run in the user's context should be run after this. -session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so open -# When the module is present, "required" would be sufficient (When SELinux -# is disabled, this returns success.) |