xref: /illumos-gate/usr/src/lib/libpam/pam.conf (revision 08516594b0e540dc0f415fa7ae31f54d943a0913)
1#
2# CDDL HEADER START
3#
4# The contents of this file are subject to the terms of the
5# Common Development and Distribution License (the "License").
6# You may not use this file except in compliance with the License.
7#
8# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9# or http://www.opensolaris.org/os/licensing.
10# See the License for the specific language governing permissions
11# and limitations under the License.
12#
13# When distributing Covered Code, include this CDDL HEADER in each
14# file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15# If applicable, add the following below this CDDL HEADER, with the
16# fields enclosed by brackets "[]" replaced with your own identifying
17# information: Portions Copyright [yyyy] [name of copyright owner]
18#
19# CDDL HEADER END
20#
21#
22#ident	"%Z%%M%	%I%	%E% SMI"
23#
24# Copyright 2007 Sun Microsystems, Inc.  All rights reserved.
25# Use is subject to license terms.
26#
27# PAM configuration
28#
29# Unless explicitly defined, all services use the modules
30# defined in the "other" section.
31#
32# Modules are defined with relative pathnames, i.e., they are
33# relative to /usr/lib/security/$ISA. Absolute path names, as
34# present in this file in previous releases are still acceptable.
35#
36# Authentication management
37#
38# login service (explicit because of pam_dial_auth)
39#
40login	auth requisite		pam_authtok_get.so.1
41login	auth required		pam_dhkeys.so.1
42login	auth required		pam_unix_cred.so.1
43login	auth required		pam_unix_auth.so.1
44login	auth required		pam_dial_auth.so.1
45#
46# rlogin service (explicit because of pam_rhost_auth)
47#
48rlogin	auth sufficient		pam_rhosts_auth.so.1
49rlogin	auth requisite		pam_authtok_get.so.1
50rlogin	auth required		pam_dhkeys.so.1
51rlogin	auth required		pam_unix_cred.so.1
52rlogin	auth required		pam_unix_auth.so.1
53#
54# Kerberized rlogin service
55#
56krlogin	auth required		pam_unix_cred.so.1
57krlogin	auth required		pam_krb5.so.1
58#
59# rsh service (explicit because of pam_rhost_auth,
60# and pam_unix_auth for meaningful pam_setcred)
61#
62rsh	auth sufficient		pam_rhosts_auth.so.1
63rsh	auth required		pam_unix_cred.so.1
64#
65# Kerberized rsh service
66#
67krsh	auth required		pam_unix_cred.so.1
68krsh	auth required		pam_krb5.so.1
69#
70# Kerberized telnet service
71#
72ktelnet	auth required		pam_unix_cred.so.1
73ktelnet	auth required		pam_krb5.so.1
74#
75# PPP service (explicit because of pam_dial_auth)
76#
77ppp	auth requisite		pam_authtok_get.so.1
78ppp	auth required		pam_dhkeys.so.1
79ppp	auth required		pam_unix_cred.so.1
80ppp	auth required		pam_unix_auth.so.1
81ppp	auth required		pam_dial_auth.so.1
82#
83# Default definitions for Authentication management
84# Used when service name is not explicitly mentioned for authentication
85#
86other	auth requisite		pam_authtok_get.so.1
87other	auth required		pam_dhkeys.so.1
88other	auth required		pam_unix_cred.so.1
89other	auth required		pam_unix_auth.so.1
90#
91# passwd command (explicit because of a different authentication module)
92#
93passwd	auth required		pam_passwd_auth.so.1
94#
95# cron service (explicit because of non-usage of pam_roles.so.1)
96#
97cron	account required	pam_unix_account.so.1
98#
99# Default definition for Account management
100# Used when service name is not explicitly mentioned for account management
101#
102other	account requisite	pam_roles.so.1
103other	account required	pam_unix_account.so.1
104#
105# Default definition for Session management
106# Used when service name is not explicitly mentioned for session management
107#
108other	session required	pam_unix_session.so.1
109#
110# Default definition for  Password management
111# Used when service name is not explicitly mentioned for password management
112#
113other	password required	pam_dhkeys.so.1
114other	password requisite	pam_authtok_get.so.1
115other	password requisite	pam_authtok_check.so.1
116other	password required	pam_authtok_store.so.1
117#
118# Support for Kerberos V5 authentication and example configurations can
119# be found in the pam_krb5(5) man page under the "EXAMPLES" section.
120#
121