packages: krb5/kftpd.pamd (NEW), krb5/klogin.pamd (NEW), krb5/kshell.pamd (...

baggins baggins at pld-linux.org
Wed Jun 3 17:34:05 CEST 2009 

Author: baggins                      Date: Wed Jun  3 15:34:05 2009 GMT
Module: packages                      Tag: HEAD
---- Log message:
- PAM service configs

---- Files affected:
packages/krb5:
   kftpd.pamd (NONE -> 1.1)  (NEW), klogin.pamd (NONE -> 1.1)  (NEW), kshell.pamd (NONE -> 1.1)  (NEW)

---- Diffs:

================================================================
Index: packages/krb5/kftpd.pamd
diff -u /dev/null packages/krb5/kftpd.pamd:1.1
--- /dev/null	Wed Jun  3 17:34:06 2009
+++ packages/krb5/kftpd.pamd	Wed Jun  3 17:34:00 2009
@@ -0,0 +1,12 @@
+#%PAM-1.0
+auth		required	pam_listfile.so item=user sense=deny file=/etc/ftpd/ftpusers onerr=succeed
+auth		include		system-auth
+account		required	pam_nologin.so
+account		include		system-auth
+# pam_selinux.so close should be the first session rule
+# session		required	pam_selinux.so close
+session		include		system-auth
+session		required	pam_loginuid.so
+# pam_selinux.so open should only be followed by sessions to be executed in the user context
+# session		required	pam_selinux.so open
+session		optional	pam_keyinit.so force revoke

================================================================
Index: packages/krb5/klogin.pamd
diff -u /dev/null packages/krb5/klogin.pamd:1.1
--- /dev/null	Wed Jun  3 17:34:06 2009
+++ packages/krb5/klogin.pamd	Wed Jun  3 17:34:00 2009
@@ -0,0 +1,19 @@
+#%PAM-1.0
+auth		required	pam_listfile.so item=user sense=deny file=/etc/security/blacklist.klogin onerr=succeed
+auth		required	pam_securetty.so
+auth		include		system-auth
+account		required	pam_shells.so
+account		required	pam_nologin.so
+account		required 	pam_access.so
+account		include		system-auth
+password	include		system-auth
+# pam_selinux.so close should be the first session rule
+# session		required	pam_selinux.so close
+session		include		system-auth
+session		required	pam_loginuid.so
+session		optional	pam_console.so
+session		optional	pam_mail.so
+# pam_selinux.so open should only be followed by sessions to be executed in the user context
+#session		required	pam_selinux.so open
+#session		optional	pam_keyinit.so force revoke
+session		optional	pam_ck_connector.so

================================================================
Index: packages/krb5/kshell.pamd
diff -u /dev/null packages/krb5/kshell.pamd:1.1
--- /dev/null	Wed Jun  3 17:34:06 2009
+++ packages/krb5/kshell.pamd	Wed Jun  3 17:34:00 2009
@@ -0,0 +1,17 @@
+#%PAM-1.0
+auth		required	pam_listfile.so item=user sense=deny file=/etc/security/blacklist.kshell onerr=succeed
+auth		required	pam_securetty.so
+auth		required	pam_rhosts_auth.so
+auth		include		system-auth
+account		required	pam_shells.so
+account		required	pam_nologin.so
+account		required 	pam_access.so
+account		include		system-auth
+# pam_selinux.so close should be the first session rule
+# session		required	pam_selinux.so close
+session		include		system-auth
+session		required	pam_loginuid.so
+session		optional	pam_mail.so
+# pam_selinux.so open should only be followed by sessions to be executed in the user context
+#session		required	pam_selinux.so open
+session		optional	pam_keyinit.so force revoke
================================================================

More information about the pld-cvs-commit mailing list