SOURCES: system-auth.5 (NEW), system-auth.pamd - common configurat...

baggins baggins at pld-linux.org
Mon Feb 5 00:25:36 CET 2007 

Author: baggins                      Date: Sun Feb  4 23:25:36 2007 GMT
Module: SOURCES                       Tag: HEAD
---- Log message:
- common configuration file for PAMified services

---- Files affected:
SOURCES:
   system-auth.5 (NONE -> 1.1)  (NEW), system-auth.pamd (1.3 -> 1.4) 

---- Diffs:

================================================================
Index: SOURCES/system-auth.5
diff -u /dev/null SOURCES/system-auth.5:1.1
--- /dev/null	Mon Feb  5 00:25:36 2007
+++ SOURCES/system-auth.5	Mon Feb  5 00:25:30 2007
@@ -0,0 +1,61 @@
+.TH SYSTEM-AUTH 5 "2006 Feb 3" "Red Hat" "Linux-PAM Manual"
+.SH NAME
+
+system-auth \- Common configuration file for PAMified services
+
+.SH SYNOPSIS
+.B /etc/pam.d/system-auth
+.sp 2
+.SH DESCRIPTION
+
+The purpose of this configuration file is to provide common 
+configuration file for all applications and service daemons
+calling PAM library.
+
+.sp
+The
+.BR system-auth
+configuration file is included from all individual service configuration
+files with the help of the
+.BR include
+directive.
+
+.SH NOTES
+There should be no
+.BR sufficient
+modules in the
+.BR session
+part of
+.BR system-auth
+file because individual services may add session modules after
+.BR include
+of the
+.BR system-auth
+file. Execution of these modules would be skipped if there were sufficient
+modules in
+.BR system-auth
+file.
+
+.sp
+Conversely there should not be any modules after
+.BR include
+directive in the individual service files in
+.BR auth account
+and
+.BR password
+sections otherwise they could be bypassed.
+
+.SH BUGS
+.sp 2
+None known.
+
+.SH "SEE ALSO"
+pam(8), config-util(5)
+
+The three
+.BR Linux-PAM
+Guides, for
+.BR "system administrators" ", "
+.BR "module developers" ", "
+and
+.BR "application developers" ". "

================================================================
Index: SOURCES/system-auth.pamd
diff -u SOURCES/system-auth.pamd:1.3 SOURCES/system-auth.pamd:1.4
--- SOURCES/system-auth.pamd:1.3	Thu May 12 13:39:07 2005
+++ SOURCES/system-auth.pamd	Mon Feb  5 00:25:30 2007
@@ -1,12 +1,18 @@
 #%PAM-1.0
 auth		required	pam_listfile.so item=user sense=deny file=/etc/security/blacklist onerr=succeed
-auth		required	pam_unix.so
+autrh		required	pam_env.so
+auth		required	pam_unix.so try_first_pass
 auth		required	pam_tally.so deny=0 file=/var/log/faillog onerr=succeed
 auth		required	pam_nologin.so
+
 account		required	pam_tally.so file=/var/log/faillog onerr=succeed
 account		required	pam_unix.so
-password	required	pam_cracklib.so difok=2 minlen=8 dcredit=2 ocredit=2 retry=3
-password	required	pam_unix.so blowfish shadow use_authtok
-session		required	pam_unix.so
+
+password	required	pam_cracklib.so try_first_pass difok=2 minlen=8 dcredit=2 ocredit=2 retry=3
+password	required	pam_unix.so try_first_pass blowfish shadow use_authtok
+
+session		optional	pam_keyinit.so revoke
 session		required	pam_env.so
 session		required	pam_limits.so change_uid
+session		[success=1 default=ignore]	pam_succeed_if.so service in crond quiet use_uid
+session		required	pam_unix.so
================================================================

---- CVS-web:
    http://cvs.pld-linux.org/SOURCES/system-auth.pamd?r1=1.3&r2=1.4&f=u

More information about the pld-cvs-commit mailing list