17c478bd9Sstevel@tonic-gate# 2*aecfc01dSrui zang - Sun Microsystems - Beijing China# Copyright 2008 Sun Microsystems, Inc. All rights reserved. 37c478bd9Sstevel@tonic-gate# Use is subject to license terms. 47c478bd9Sstevel@tonic-gate# 57c478bd9Sstevel@tonic-gate# CDDL HEADER START 67c478bd9Sstevel@tonic-gate# 77c478bd9Sstevel@tonic-gate# The contents of this file are subject to the terms of the 8*aecfc01dSrui zang - Sun Microsystems - Beijing China# Common Development and Distribution License (the "License"). 9*aecfc01dSrui zang - Sun Microsystems - Beijing China# You may not use this file except in compliance with the License. 107c478bd9Sstevel@tonic-gate# 117c478bd9Sstevel@tonic-gate# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 127c478bd9Sstevel@tonic-gate# or http://www.opensolaris.org/os/licensing. 137c478bd9Sstevel@tonic-gate# See the License for the specific language governing permissions 147c478bd9Sstevel@tonic-gate# and limitations under the License. 157c478bd9Sstevel@tonic-gate# 167c478bd9Sstevel@tonic-gate# When distributing Covered Code, include this CDDL HEADER in each 177c478bd9Sstevel@tonic-gate# file and include the License file at usr/src/OPENSOLARIS.LICENSE. 187c478bd9Sstevel@tonic-gate# If applicable, add the following below this CDDL HEADER, with the 197c478bd9Sstevel@tonic-gate# fields enclosed by brackets "[]" replaced with your own identifying 207c478bd9Sstevel@tonic-gate# information: Portions Copyright [yyyy] [name of copyright owner] 217c478bd9Sstevel@tonic-gate# 227c478bd9Sstevel@tonic-gate# CDDL HEADER END 237c478bd9Sstevel@tonic-gate# 247c478bd9Sstevel@tonic-gate 257c478bd9Sstevel@tonic-gate# Set the TZ environment variable of the shell. 267c478bd9Sstevel@tonic-gate# 277c478bd9Sstevel@tonic-gate#TIMEZONE=EST5EDT 287c478bd9Sstevel@tonic-gate 297c478bd9Sstevel@tonic-gate# ULIMIT sets the file size limit for the login. Units are disk blocks. 307c478bd9Sstevel@tonic-gate# The default of zero means no limit. 317c478bd9Sstevel@tonic-gate# 327c478bd9Sstevel@tonic-gate#ULIMIT=0 337c478bd9Sstevel@tonic-gate 347c478bd9Sstevel@tonic-gate# If CONSOLE is set, root can only login on that device. 35*aecfc01dSrui zang - Sun Microsystems - Beijing China# If the specified device is /dev/console, then root can also log into 36*aecfc01dSrui zang - Sun Microsystems - Beijing China# any of the currently enabled /dev/vt/# virtual terminal devices. 377c478bd9Sstevel@tonic-gate# Comment this line out to allow remote login by root. 387c478bd9Sstevel@tonic-gate# 397c478bd9Sstevel@tonic-gateCONSOLE=/dev/console 407c478bd9Sstevel@tonic-gate 417c478bd9Sstevel@tonic-gate# PASSREQ determines if login requires a password. 427c478bd9Sstevel@tonic-gate# 437c478bd9Sstevel@tonic-gatePASSREQ=YES 447c478bd9Sstevel@tonic-gate 457c478bd9Sstevel@tonic-gate# ALTSHELL determines if the SHELL environment variable should be set 467c478bd9Sstevel@tonic-gate# 477c478bd9Sstevel@tonic-gateALTSHELL=YES 487c478bd9Sstevel@tonic-gate 497c478bd9Sstevel@tonic-gate# PATH sets the initial shell PATH variable 507c478bd9Sstevel@tonic-gate# 517c478bd9Sstevel@tonic-gate#PATH=/usr/bin: 527c478bd9Sstevel@tonic-gate 537c478bd9Sstevel@tonic-gate# SUPATH sets the initial shell PATH variable for root 547c478bd9Sstevel@tonic-gate# 557c478bd9Sstevel@tonic-gate#SUPATH=/usr/sbin:/usr/bin 567c478bd9Sstevel@tonic-gate 577c478bd9Sstevel@tonic-gate# TIMEOUT sets the number of seconds (between 0 and 900) to wait before 587c478bd9Sstevel@tonic-gate# abandoning a login session. 597c478bd9Sstevel@tonic-gate# 607c478bd9Sstevel@tonic-gate#TIMEOUT=300 617c478bd9Sstevel@tonic-gate 627c478bd9Sstevel@tonic-gate# UMASK sets the initial shell file creation mode mask. See umask(1). 637c478bd9Sstevel@tonic-gate# 647c478bd9Sstevel@tonic-gate#UMASK=022 657c478bd9Sstevel@tonic-gate 667c478bd9Sstevel@tonic-gate# SYSLOG determines whether the syslog(3) LOG_AUTH facility should be used 677c478bd9Sstevel@tonic-gate# to log all root logins at level LOG_NOTICE and multiple failed login 687c478bd9Sstevel@tonic-gate# attempts at LOG_CRIT. 697c478bd9Sstevel@tonic-gate# 707c478bd9Sstevel@tonic-gateSYSLOG=YES 717c478bd9Sstevel@tonic-gate 727c478bd9Sstevel@tonic-gate# SLEEPTIME controls the number of seconds that the command should 737c478bd9Sstevel@tonic-gate# wait before printing the "login incorrect" message when a 747c478bd9Sstevel@tonic-gate# bad password is provided. The range is limited from 757c478bd9Sstevel@tonic-gate# 0 to 5 seconds. 767c478bd9Sstevel@tonic-gate# 777c478bd9Sstevel@tonic-gate#SLEEPTIME=4 787c478bd9Sstevel@tonic-gate 797c478bd9Sstevel@tonic-gate# DISABLETIME If present, and greater than zero, the number of seconds 807c478bd9Sstevel@tonic-gate# login will wait after RETRIES failed attempts or the PAM framework returns 817c478bd9Sstevel@tonic-gate# PAM_ABORT. Default is 20. Minimum is 0. No maximum is imposed. 827c478bd9Sstevel@tonic-gate# 837c478bd9Sstevel@tonic-gate#DISABLETIME=20 847c478bd9Sstevel@tonic-gate 857c478bd9Sstevel@tonic-gate# RETRIES determines the number of failed logins that will be 867c478bd9Sstevel@tonic-gate# allowed before login exits. Default is 5 and maximum is 15. 877c478bd9Sstevel@tonic-gate# If account locking is configured (user_attr(4)/policy.conf(4)) 887c478bd9Sstevel@tonic-gate# for a local user's account (passwd(4)/shadow(4)), that account 897c478bd9Sstevel@tonic-gate# will be locked if failed logins equals or exceeds RETRIES. 907c478bd9Sstevel@tonic-gate# 917c478bd9Sstevel@tonic-gate#RETRIES=5 927c478bd9Sstevel@tonic-gate# 937c478bd9Sstevel@tonic-gate# The SYSLOG_FAILED_LOGINS variable is used to determine how many failed 947c478bd9Sstevel@tonic-gate# login attempts will be allowed by the system before a failed login 957c478bd9Sstevel@tonic-gate# message is logged, using the syslog(3) LOG_NOTICE facility. For example, 967c478bd9Sstevel@tonic-gate# if the variable is set to 0, login will log -all- failed login attempts. 977c478bd9Sstevel@tonic-gate# 987c478bd9Sstevel@tonic-gate#SYSLOG_FAILED_LOGINS=5 99