xref: /illumos-gate/usr/src/lib/libpam/pam.conf (revision bbf21555) 
1#
2# CDDL HEADER START
3#
4# The contents of this file are subject to the terms of the
5# Common Development and Distribution License (the "License").
6# You may not use this file except in compliance with the License.
7#
8# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9# or http://www.opensolaris.org/os/licensing.
10# See the License for the specific language governing permissions
11# and limitations under the License.
12#
13# When distributing Covered Code, include this CDDL HEADER in each
14# file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15# If applicable, add the following below this CDDL HEADER, with the
16# fields enclosed by brackets "[]" replaced with your own identifying
17# information: Portions Copyright [yyyy] [name of copyright owner]
18#
19# CDDL HEADER END
20#
21#
22# Copyright 2010 Sun Microsystems, Inc.  All rights reserved.
23# Use is subject to license terms.
24#
25# PAM configuration
26#
27# Unless explicitly defined, all services use the modules
28# defined in the "other" section.
29#
30# Modules are defined with relative pathnames, i.e., they are
31# relative to /usr/lib/security/$ISA. Absolute path names, as
32# present in this file in previous releases are still acceptable.
33#
34# Authentication management
35#
36# login service (explicit because of pam_dial_auth)
37#
38login	auth requisite		pam_authtok_get.so.1
39login	auth required		pam_dhkeys.so.1
40login	auth required		pam_unix_cred.so.1
41login	auth required		pam_unix_auth.so.1
42login	auth required		pam_dial_auth.so.1
43#
44# rlogin service (explicit because of pam_rhost_auth)
45#
46rlogin	auth sufficient		pam_rhosts_auth.so.1
47rlogin	auth requisite		pam_authtok_get.so.1
48rlogin	auth required		pam_dhkeys.so.1
49rlogin	auth required		pam_unix_cred.so.1
50rlogin	auth required		pam_unix_auth.so.1
51#
52# Kerberized rlogin service
53#
54krlogin	auth required		pam_unix_cred.so.1
55krlogin	auth required		pam_krb5.so.1
56#
57# rsh service (explicit because of pam_rhost_auth,
58# and pam_unix_auth for meaningful pam_setcred)
59#
60rsh	auth sufficient		pam_rhosts_auth.so.1
61rsh	auth required		pam_unix_cred.so.1
62#
63# Kerberized rsh service
64#
65krsh	auth required		pam_unix_cred.so.1
66krsh	auth required		pam_krb5.so.1
67#
68# Kerberized telnet service
69#
70ktelnet	auth required		pam_unix_cred.so.1
71ktelnet	auth required		pam_krb5.so.1
72#
73# PPP service (explicit because of pam_dial_auth)
74#
75ppp	auth requisite		pam_authtok_get.so.1
76ppp	auth required		pam_dhkeys.so.1
77ppp	auth required		pam_unix_cred.so.1
78ppp	auth required		pam_unix_auth.so.1
79ppp	auth required		pam_dial_auth.so.1
80#
81# GDM Autologin (explicit because of pam_allow).  These need to be
82# here as there is no mechanism for packages to amend pam.conf as
83# they are installed.
84#
85gdm-autologin auth  required    pam_unix_cred.so.1
86gdm-autologin auth  sufficient  pam_allow.so.1
87#
88# Default definitions for Authentication management
89# Used when service name is not explicitly mentioned for authentication
90#
91other	auth requisite		pam_authtok_get.so.1
92other	auth required		pam_dhkeys.so.1
93other	auth required		pam_unix_cred.so.1
94other	auth required		pam_unix_auth.so.1
95#
96# passwd command (explicit because of a different authentication module)
97#
98passwd	auth required		pam_passwd_auth.so.1
99#
100# cron service (explicit because of non-usage of pam_roles.so.1)
101#
102cron	account required	pam_unix_account.so.1
103#
104# cups service (explicit because of non-usage of pam_roles.so.1)
105#
106cups	account	required	pam_unix_account.so.1
107#
108# GDM Autologin (explicit because of pam_allow) This needs to be here
109# as there is no mechanism for packages to amend pam.conf as they are
110# installed.
111#
112gdm-autologin account  sufficient  pam_allow.so.1
113#
114# Default definition for Account management
115# Used when service name is not explicitly mentioned for account management
116#
117other	account requisite	pam_roles.so.1
118other	account required	pam_unix_account.so.1
119#
120# Default definition for Session management
121# Used when service name is not explicitly mentioned for session management
122#
123other	session required	pam_unix_session.so.1
124#
125# Default definition for Password management
126# Used when service name is not explicitly mentioned for password management
127#
128other	password required	pam_dhkeys.so.1
129other	password requisite	pam_authtok_get.so.1
130other	password requisite	pam_authtok_check.so.1
131other	password required	pam_authtok_store.so.1
132#
133# Support for Kerberos V5 authentication and example configurations can
134# be found in the pam_krb5(7) man page under the "EXAMPLES" section.
135#
136