5 kx #%PAM-1.0
5 kx #
5 kx # Most of these PAM modules have man pages included, like
5 kx # pam_unix(8) for example.
5 kx #
5 kx
5 kx ##################
5 kx # Authentication #
5 kx ##################
5 kx #
5 kx auth required pam_env.so
5 kx auth optional pam_group.so
5 kx auth required pam_unix.so likeauth nullok
5 kx -auth optional pam_gnome_keyring.so
5 kx
5 kx ##################
5 kx # Account checks #
5 kx ##################
5 kx #
5 kx # Only root can login if file /etc/nologin exists.
5 kx # This is equivalent to NOLOGINS_FILE on login.defs
5 kx #
5 kx account required pam_nologin.so
5 kx #
5 kx # Enable restrictions by time, specified in /etc/security/time.conf
5 kx # This is equivalent to PORTTIME_CHECKS_ENAB on login.defs
5 kx #
5 kx account required pam_time.so
5 kx account required pam_unix.so
5 kx account sufficient pam_succeed_if.so uid < 100 quiet
5 kx account required pam_permit.so
5 kx
5 kx #############################
5 kx # Password quality checking #
5 kx #############################
5 kx #
5 kx # Please note that unless cracklib and libpwquality are installed, setting
5 kx # passwords will not work unless the lines for the pam_pwquality module are
5 kx # commented out and the line for the traditional no-quality-check password
5 kx # changing is uncommented.
5 kx #
5 kx # The pam_pwquality module will check the quality of a user-supplied password
5 kx # against the dictionary installed for cracklib. Other tests are (or may be)
5 kx # done as well - see: man pam_pwquality
5 kx #
5 kx # Default password quality checking with pam_pwquality. If you don't want
5 kx # password quality checking, comment out these two lines and uncomment the
5 kx # traditional password handling line below.
5 kx password requisite pam_pwquality.so minlen=6 retry=3
5 kx password sufficient pam_unix.so nullok sha512 shadow minlen=6 try_first_pass use_authtok
5 kx
5 kx # Traditional password handling without pam_pwquality password checking.
5 kx # Commented out by default to use the two pam_pwquality lines above.
5 kx #password sufficient pam_unix.so nullok sha512 shadow minlen=6
5 kx
5 kx # ATTENTION: always keep this line for pam_deny.so:
5 kx password required pam_deny.so
5 kx
5 kx #########################
5 kx # Session Configuration #
5 kx #########################
5 kx #
5 kx # This applies the limits specified in /etc/security/limits.conf
5 kx #
5 kx session required pam_limits.so
5 kx session required pam_unix.so
5 kx #session required pam_lastlog.so showfailed
5 kx #session optional pam_mail.so standard
5 kx -session optional pam_gnome_keyring.so auto_start
Radix cross Linux
The main Radix cross Linux repository contains the build scripts of packages, which have the most complete and common functionality for desktop machines
452 Commits
2 Branches
1 Tag