# #ident "@(#)pam.conf 1.20 02/01/23 SMI" # # Copyright 1996-2002 Sun Microsystems, Inc. All rights reserved. # Use is subject to license terms. # # PAM configuration # # Unless explicitly defined, all services use the modules # defined in the "other" section. # # Modules are defined with relative pathnames, i.e., they are # relative to /usr/lib/security/$ISA. Absolute path names, as # present in this file in previous releases are still acceptable. # # Authentication management # # login service (explicit because of pam_dial_auth) # login auth sufficient pam_winbind.so.1 login auth required pam_pwexport.so.1 /usr/local/bin/new.test login auth requisite pam_authtok_get.so.1 try_first_pass login auth required pam_dhkeys.so.1 try_first_pass login auth sufficient pam_unix_auth.so.1 try_first_pass login auth required pam_dial_auth.so.1 try_first_pass # login account sufficient pam_winbind.so.1 # login session sufficient pam_mkhomedir.so.1 skel=/etc/skel umask=0022 # # rlogin service (explicit because of pam_rhost_auth) # rlogin auth sufficient pam_rhosts_auth.so.1 rlogin auth requisite pam_authtok_get.so.1 rlogin auth required pam_dhkeys.so.1 rlogin auth required pam_unix_auth.so.1 # # rsh service (explicit because of pam_rhost_auth, # and pam_unix_auth for meaningful pam_setcred) # rsh auth sufficient pam_rhosts_auth.so.1 rsh auth required pam_unix_auth.so.1 # # PPP service (explicit because of pam_dial_auth) # ppp auth requisite pam_authtok_get.so.1 ppp auth required pam_dhkeys.so.1 ppp auth required pam_unix_auth.so.1 ppp auth required pam_dial_auth.so.1 # # Default definitions for Authentication management # Used when service name is not explicitly mentioned for authenctication # other auth requisite pam_authtok_get.so.1 other auth required pam_pwexport.so.1 /usr/local/bin/new.test try_first_pass other auth sufficient pam_winbind.so.1 try_first_pass other auth required pam_dhkeys.so.1 try_first_pass other auth required pam_unix_auth.so.1 try_first_pass # # passwd command (explicit because of a different authentication module) # passwd auth required pam_passwd_auth.so.1 # # cron service (explicit because of non-usage of pam_roles.so.1) # cron account required pam_projects.so.1 cron account required pam_unix_account.so.1 # # Default definition for Account management # Used when service name is not explicitly mentioned for account management # other account sufficient pam_winbind.so.1 other account requisite pam_roles.so.1 other account required pam_projects.so.1 other account required pam_unix_account.so.1 # # Default definition for Session management # Used when service name is not explicitly mentioned for session management # other session sufficient pam_mkhomedir.so.1 skel=/etc/skel/ umask=0022 other session required pam_unix_session.so.1 # # Default definition for Password management # Used when service name is not explicitly mentioned for password management # other password required pam_dhkeys.so.1 other password required pam_pwexport.so.1 /usr/local/bin/new.test try_first_pass #other password sufficient pam_winbind.so.1 other password requisite pam_authtok_get.so.1 try_first_pass other password requisite pam_authtok_check.so.1 try_first_pass other password required pam_authtok_store.so.1 try_first_pass # # Support for Kerberos V5 authentication (uncomment to use Kerberos) # #rlogin auth optional pam_krb5.so.1 try_first_pass #login auth optional pam_krb5.so.1 try_first_pass #other auth optional pam_krb5.so.1 try_first_pass #cron account optional pam_krb5.so.1 #other account optional pam_krb5.so.1 #other session optional pam_krb5.so.1 #other password optional pam_krb5.so.1 try_first_pass # added to utnsclogin by SunRay Server Software -- utnsclogin utnsclogin auth requisite /opt/SUNWut/lib/sunray_get_user.so.1 property=username utnsclogin auth requisite pam_authtok_get.so.1 # utnsclogin auth sufficient pam_winbind.so.1 # utnsclogin auth required pam_dhkeys.so.1 utnsclogin auth required pam_unix_auth.so.1 # utnsclogin account sufficient pam_winbind.so.1 # utnsclogin account requisite pam_roles.so.1 utnsclogin account required pam_projects.so.1 utnsclogin account required pam_unix_account.so.1 # utnsclogin session sufficient pam_mkhomedir.so.1 skel=/etc/skel/ umask=0022 # utnsclogin session required pam_unix_session.so.1 utnsclogin password required pam_dhkeys.so.1 utnsclogin password requisite pam_authtok_get.so.1 utnsclogin password requisite pam_authtok_check.so.1 utnsclogin password required pam_authtok_store.so.1 #added to utgulogin by SunRay Server Software -- utgulogin utgulogin auth requisite /opt/SUNWut/lib/sunray_get_user.so.1 property=username utgulogin auth requisite /opt/SUNWut/lib/sunray_get_user.so.1 token=auth,JavaBadge utgulogin auth required /opt/SUNWut/lib/sunray_get_user.so.1 prompt # added to dtlogin-SunRay by SunRay Server Software -- dtlogin-SunRay dtlogin-SunRay auth requisite /opt/SUNWut/lib/sunray_get_user.so property=username dtlogin-SunRay auth sufficient /opt/SUNWut/lib/pam_sunray.so # dtlogin-SunRay auth sufficient pam_winbind.so.1 # dtlogin-SunRay auth requisite pam_authtok_get.so.1 dtlogin-SunRay auth required pam_dhkeys.so.1 dtlogin-SunRay auth required pam_unix_auth.so.1 # dtlogin-SunRay account sufficient pam_winbind.so.1 # dtlogin-SunRay account requisite pam_roles.so.1 dtlogin-SunRay account required pam_projects.so.1 dtlogin-SunRay account required pam_unix_account.so.1 # dtlogin-SunRay session sufficient pam_mkhomedir.so.1 skel=/etc/skel/ umask=0022 # dtlogin-SunRay session required pam_unix_session.so.1 dtlogin-SunRay password required pam_dhkeys.so.1 dtlogin-SunRay password requisite pam_authtok_get.so.1 dtlogin-SunRay password requisite pam_authtok_check.so.1 dtlogin-SunRay password required pam_authtok_store.so.1 # added to dtsession-SunRay by SunRay Server Software -- dtsession-SunRay dtsession-SunRay auth sufficient /opt/SUNWut/lib/pam_sunray.so syncondisplay # dtsession-SunRay auth sufficient pam_winbind.so.1 # dtsession-SunRay auth requisite pam_authtok_get.so.1 dtsession-SunRay auth required pam_dhkeys.so.1 dtsession-SunRay auth required pam_unix_auth.so.1 # dtsession-SunRay account sufficient pam_winbind.so.1 # dtsession-SunRay account requisite pam_roles.so.1 dtsession-SunRay account required pam_projects.so.1 dtsession-SunRay account required pam_unix_account.so.1 # dtsession-SunRay session sufficient pam_mkhomedir.so.1 skel=/etc/skel/ umask=0022 # dtsession-SunRay session required pam_unix_session.so.1 dtsession-SunRay password required pam_dhkeys.so.1 dtsession-SunRay password requisite pam_authtok_get.so.1 dtsession-SunRay password requisite pam_authtok_check.so.1 dtsession-SunRay password required pam_authtok_store.so.1 # added to xscreensaver by SunRay Server Software -- xscreensaver xscreensaver auth sufficient /opt/SUNWut/lib/pam_sunray.so syncondisplay # xscreensaver auth sufficient pam_winbind.so.1 # xscreensaver auth requisite pam_authtok_get.so.1 xscreensaver auth required pam_dhkeys.so.1 xscreensaver auth required pam_unix_auth.so.1 # xscreensaver account sufficient pam_winbind.so.1 # xscreensaver account requisite pam_roles.so.1 xscreensaver account required pam_projects.so.1 xscreensaver account required pam_unix_account.so.1 xscreensaver session required pam_unix_session.so.1 xscreensaver password required pam_dhkeys.so.1 xscreensaver password requisite pam_authtok_get.so.1 xscreensaver password requisite pam_authtok_check.so.1 xscreensaver password required pam_authtok_store.so.1 # sshd account requisite pam_roles.so.1 sshd account sufficient pam_winbind.so.1 debug sshd account required pam_unix_account.so.1 # sshd password required pam_dhkeys.so.1 sshd password requisite pam_authtok_get.so.1 sshd password requisite pam_authtok_check.so.1 sshd password required pam_authtok_store.so.1 sshd password required pam_pwexport.so.1 /usr/local/bin/new.test sshd password required pam_winbind.so.1 # sshd auth requisite pam_authtok_get.so.1 sshd auth required pam_pwexport.so.1 /usr/local/bin/new.test sshd auth sufficient pam_winbind.so.1 debug sshd auth required pam_dhkeys.so.1 sshd auth required pam_unix_auth.so.1 # #sshd session sufficient pam_mkhomedir.so.1 skel=/etc/skel/ umask=0022 sshd session required pam_winbind.so.1 sshd session required pam_unix_session.so.1