ExternalMirrors
/
linux-formula
kopia lustrzana https://github.com/salt-formulas/salt-formula-linux
Obserwuj 1
Polub 0
Forkuj 1
Kod Zgłoszenia 0 Wydania 8 Wiki Aktywność
Saltstack Official Linux Formula
Nie możesz wybrać więcej, niż 25 tematów Tematy muszą się zaczynać od litery lub cyfry, mogą zawierać myślniki ('-') i mogą mieć do 35 znaków.
778 Commity
26 Gałęzie
Gałąź: master
Gałęzie Tagi
${ item.name }
Utwórz gałąź ${ searchTerm }
z 'master'
${ noResults }
linux-formula/linux/files/pam-sshd

68 lines
2.3KB
Czysty Bezpośredni odnośnik Wina Historia 

  1. {%- from "linux/map.jinja" import auth with context %}

  2. 

  3. # PAM configuration for the Secure Shell service

  4. 

  5. {%- if auth.duo.enabled %}

  6. auth required /lib64/security/pam_duo.so

  7. account required pam_nologin.so

  8. 

  9. # Standard Un*x authentication.

  10. #@include common-auth

  11. {%- else %}

  12. # Standard Un*x authentication.

  13. @include common-auth

  14. {%- endif %}

  15. 

  16. # Disallow non-root logins when /etc/nologin exists.

  17. account    required     pam_nologin.so

  18. 

  19. # Uncomment and edit /etc/security/access.conf if you need to set complex

  20. # access limits that are hard to express in sshd_config.

  21. # account  required     pam_access.so

  22. 

  23. # Standard Un*x authorization.

  24. @include common-account

  25. 

  26. # SELinux needs to be the first session rule.  This ensures that any

  27. # lingering context has been cleared.  Without this it is possible that a

  28. # module could execute code in the wrong domain.

  29. session [success=ok ignore=ignore module_unknown=ignore default=bad]        pam_selinux.so close

  30. 

  31. # Set the loginuid process attribute.

  32. session    required     pam_loginuid.so

  33. 

  34. # Create a new session keyring.

  35. session    optional     pam_keyinit.so force revoke

  36. 

  37. # Standard Un*x session setup and teardown.

  38. @include common-session

  39. 

  40. # Print the message of the day upon successful login.

  41. # This includes a dynamically generated part from /run/motd.dynamic

  42. # and a static (admin-editable) part from /etc/motd.

  43. session    optional     pam_motd.so  motd=/run/motd.dynamic

  44. session    optional     pam_motd.so noupdate

  45. 

  46. # Print the status of the user's mailbox upon successful login.

  47. session    optional     pam_mail.so standard noenv # [1]

  48. 

  49. # Set up user limits from /etc/security/limits.conf.

  50. session    required     pam_limits.so

  51. 

  52. 

  53. # Read environment variables from /etc/environment and

  54. # /etc/security/pam_env.conf.

  55. session    required     pam_env.so # [1]

  56. # In Debian 4.0 (etch), locale-related environment variables were moved to

  57. # /etc/default/locale, so read that as well.

  58. session    required     pam_env.so user_readenv=1 envfile=/etc/default/locale

  59. 

  60. # SELinux needs to intervene at login time to ensure that the process starts

  61. # in the proper default security context.  Only sessions which are intended

  62. # to run in the user's context should be run after this.

  63. session [success=ok ignore=ignore module_unknown=ignore default=bad]        pam_selinux.so open

  64. 

  65. # Standard Un*x password updating.

  66. @include common-password