diff options
author | Michael Scherer <misc@mageia.org> | 2010-11-17 15:35:10 +0000 |
---|---|---|
committer | Michael Scherer <misc@mageia.org> | 2010-11-17 15:35:10 +0000 |
commit | d3918db07bb550d340c95b6ab495a346733c9c25 (patch) | |
tree | f8f8c07761af82917cad825ee895183e4bc90eda /modules/pam/templates | |
parent | e3241bb3df3a21e26c077cdcbb559e038fd7388f (diff) | |
download | puppet-d3918db07bb550d340c95b6ab495a346733c9c25.tar puppet-d3918db07bb550d340c95b6ab495a346733c9c25.tar.gz puppet-d3918db07bb550d340c95b6ab495a346733c9c25.tar.bz2 puppet-d3918db07bb550d340c95b6ab495a346733c9c25.tar.xz puppet-d3918db07bb550d340c95b6ab495a346733c9c25.zip |
- add a proto module for taking care of pam ( need pam_ldap, etc support, and a review of the pam config file too )
Diffstat (limited to 'modules/pam/templates')
-rw-r--r-- | modules/pam/templates/system-auth | 35 |
1 files changed, 35 insertions, 0 deletions
diff --git a/modules/pam/templates/system-auth b/modules/pam/templates/system-auth new file mode 100644 index 00000000..b02aec3a --- /dev/null +++ b/modules/pam/templates/system-auth @@ -0,0 +1,35 @@ +auth required pam_env.so +# this part is here if the module don't exist +# basically, the idea is to copy the exact detail of sufficient, +# and add abort=ignore +auth [abort=ignore success=done new_authtok_reqd=done default=ignore] pam_tcb.so shadow fork nullok prefix=$2a$ count=8 +auth sufficient pam_unix.so likeauth nullok +auth sufficient pam_ldap.so use_first_pass +<% if access_class = 'admin' %> +auth required pam_wheel.so group=mga-sysadmin +<% end %> +<% if access_class = 'commiters' %> +auth required pam_wheel.so group=mga-commiters +<% end %> +auth required pam_deny.so + + +account sufficient pam_localuser.so +account sufficient pam_ldap.so +account required pam_deny.so + + +password required pam_cracklib.so retry=3 minlen=8 dcredit=-1 ucredit=-1 ocredit=-1 lcredit=-1 dcredit=0 ucredit=0 ucredit=0 +# TODO check this part too +password sufficient pam_tcb.so use_authtok shadow write_to=shadow fork nullok prefix=$2a$ count=8 abort=ignore +password sufficient pam_ldap.so use_authtok +password sufficient pam_unix.so use_authtok nullok md5 shadow +password required pam_deny.so + +session optional pam_keyinit.so revoke +# optional if there is a problem when creating the account +session optional pam_mkhomedir.so +session required pam_limits.so +session required pam_unix.so +session optional pam_ldap.so + |