xref: /illumos-gate/usr/src/lib/libpam/pam.conf (revision f875b4eb) 
1#
2# CDDL HEADER START
3#
4# The contents of this file are subject to the terms of the
5# Common Development and Distribution License (the "License").
6# You may not use this file except in compliance with the License.
7#
8# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9# or http://www.opensolaris.org/os/licensing.
10# See the License for the specific language governing permissions
11# and limitations under the License.
12#
13# When distributing Covered Code, include this CDDL HEADER in each
14# file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15# If applicable, add the following below this CDDL HEADER, with the
16# fields enclosed by brackets "[]" replaced with your own identifying
17# information: Portions Copyright [yyyy] [name of copyright owner]
18#
19# CDDL HEADER END
20#
21#
22#ident	"%Z%%M%	%I%	%E% SMI"
23#
24# Copyright 2007 Sun Microsystems, Inc.  All rights reserved.
25# Use is subject to license terms.
26#
27# PAM configuration
28#
29# Unless explicitly defined, all services use the modules
30# defined in the "other" section.
31#
32# Modules are defined with relative pathnames, i.e., they are
33# relative to /usr/lib/security/$ISA. Absolute path names, as
34# present in this file in previous releases are still acceptable.
35#
36# Authentication management
37#
38# login service (explicit because of pam_dial_auth)
39#
40login	auth requisite		pam_authtok_get.so.1
41login	auth required		pam_dhkeys.so.1
42login	auth required		pam_unix_cred.so.1
43login	auth required		pam_unix_auth.so.1
44login	auth required		pam_dial_auth.so.1
45#
46# rlogin service (explicit because of pam_rhost_auth)
47#
48rlogin	auth sufficient		pam_rhosts_auth.so.1
49rlogin	auth requisite		pam_authtok_get.so.1
50rlogin	auth required		pam_dhkeys.so.1
51rlogin	auth required		pam_unix_cred.so.1
52rlogin	auth required		pam_unix_auth.so.1
53#
54# Kerberized rlogin service
55#
56krlogin	auth required		pam_unix_cred.so.1
57krlogin	auth required		pam_krb5.so.1
58#
59# rsh service (explicit because of pam_rhost_auth,
60# and pam_unix_auth for meaningful pam_setcred)
61#
62rsh	auth sufficient		pam_rhosts_auth.so.1
63rsh	auth required		pam_unix_cred.so.1
64#
65# Kerberized rsh service
66#
67krsh	auth required		pam_unix_cred.so.1
68krsh	auth required		pam_krb5.so.1
69#
70# Kerberized telnet service
71#
72ktelnet	auth required		pam_unix_cred.so.1
73ktelnet	auth required		pam_krb5.so.1
74#
75# PPP service (explicit because of pam_dial_auth)
76#
77ppp	auth requisite		pam_authtok_get.so.1
78ppp	auth required		pam_dhkeys.so.1
79ppp	auth required		pam_unix_cred.so.1
80ppp	auth required		pam_unix_auth.so.1
81ppp	auth required		pam_dial_auth.so.1
82#
83# Default definitions for Authentication management
84# Used when service name is not explicitly mentioned for authentication
85#
86other	auth requisite		pam_authtok_get.so.1
87other	auth required		pam_dhkeys.so.1
88other	auth required		pam_unix_cred.so.1
89other	auth required		pam_unix_auth.so.1
90#
91# passwd command (explicit because of a different authentication module)
92#
93passwd	auth required		pam_passwd_auth.so.1
94#
95# cron service (explicit because of non-usage of pam_roles.so.1)
96#
97cron	account required	pam_unix_account.so.1
98#
99#
100# dtlogin service (explicit because of non-usage of pam_tsol_account.so.1)
101#
102dtlogin		account		requisite	pam_roles.so.1
103dtlogin		account		required	pam_unix_account.so.1
104#
105# dtsession service (explicit because of non-usage of pam_tsol_account.so.1)
106#
107dtsession	account		requisite	pam_roles.so.1
108dtsession	account		required	pam_unix_account.so.1
109#
110# gdm service (explicit because of non-usage of pam_tsol_account.so.1)
111#
112gdm		account		requisite	pam_roles.so.1
113gdm		account		required	pam_unix_account.so.1
114#
115# xscreensaver service (explicit because of non-usage of pam_tsol_account.so.1)
116#
117xscreensaver	account		requisite	pam_roles.so.1
118xscreensaver	account		required	pam_unix_account.so.1
119#
120# passwd service (explicit because of non-usage of pam_tsol_account.so.1)
121#
122passwd		account		requisite	pam_roles.so.1
123passwd		account		required	pam_unix_account.so.1
124#
125# dtpasswd service (explicit because of non-usage of pam_tsol_account.so.1)
126#
127dtpasswd	account		requisite	pam_roles.so.1
128dtpasswd	account		required	pam_unix_account.so.1
129#
130#
131# Default definition for Account management
132# Used when service name is not explicitly mentioned for account management
133#
134other	account requisite	pam_roles.so.1
135other	account required	pam_unix_account.so.1
136other	account required	pam_tsol_account.so.1
137#
138# Default definition for Session management
139# Used when service name is not explicitly mentioned for session management
140#
141other	session required	pam_unix_session.so.1
142#
143# Default definition for Password management
144# Used when service name is not explicitly mentioned for password management
145#
146other	password required	pam_dhkeys.so.1
147other	password requisite	pam_authtok_get.so.1
148other	password requisite	pam_authtok_check.so.1
149other	password required	pam_authtok_store.so.1
150#
151# Support for Kerberos V5 authentication and example configurations can
152# be found in the pam_krb5(5) man page under the "EXAMPLES" section.
153#
154