maybe chgrp ldap './openldap/ssl/ldap.pem'
maybe chmod 0400 './openldap/ssl/ldap.pem'
maybe chmod 0755 './pam.d'
+maybe chmod 0644 './pam.d/._cfg0000_system-auth'
+maybe chmod 0644 './pam.d/._cfg0000_system-services'
maybe chmod 0644 './pam.d/chage'
maybe chmod 0644 './pam.d/chfn'
maybe chmod 0644 './pam.d/chgpasswd'
--- /dev/null
+auth required pam_env.so
+auth sufficient pam_ssh.so
+auth [success=1 default=ignore] pam_krb5.so ignore_root try_first_pass
+auth required pam_unix.so try_first_pass likeauth nullok
+auth optional pam_permit.so
+
+account [success=1 default=ignore] pam_krb5.so ignore_root try_first_pass
+account required pam_unix.so
+account optional pam_permit.so
+
+password required pam_cracklib.so difok=2 minlen=8 dcredit=2 ocredit=2 retry=3
+password [success=1 default=ignore] pam_krb5.so ignore_root try_first_pass
+password required pam_unix.so try_first_pass use_authtok nullok sha512 shadow
+password optional pam_permit.so
+
+session optional pam_ssh.so
+session required pam_limits.so
+session required pam_env.so
+session optional pam_mktemp.so
+session [success=1 default=ignore] pam_krb5.so ignore_root try_first_pass
+session required pam_unix.so
+session optional pam_permit.so
--- /dev/null
+auth sufficient pam_permit.so
+account include system-auth
+session optional pam_loginuid.so
+session required pam_limits.so
+session required pam_env.so
+session optional pam_mktemp.so
+session [success=1 default=ignore] pam_krb5.so ignore_root try_first_pass
+session required pam_unix.so
+session optional pam_permit.so
projects / config / bruni / etc.git / commitdiff