/gist:5cdb4843bd7dcff81cc2 Secret
Created
March 2, 2012 02:09
Star
You must be signed in to star a gist
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
root@bokk:~# cat /etc/pam.d/common-account | |
# | |
# /etc/pam.d/common-account - authorization settings common to all services | |
# | |
# This file is included from other service-specific PAM config files, | |
# and should contain a list of the authorization modules that define | |
# the central access policy for use on the system. The default is to | |
# only deny service to users whose accounts are expired in /etc/shadow. | |
# | |
# As of pam 1.0.1-6, this file is managed by pam-auth-update by default. | |
# To take advantage of this, it is recommended that you configure any | |
# local modules either before or after the default block, and use | |
# pam-auth-update to manage selection of other modules. See | |
# pam-auth-update(8) for details. | |
# | |
# here are the per-package modules (the "Primary" block) | |
account [success=1 new_authtok_reqd=done default=ignore] pam_unix.so | |
# here's the fallback if no module succeeds | |
account requisite pam_deny.so | |
# prime the stack with a positive return value if there isn't one already; | |
# this avoids us returning an error just because nothing sets a success code | |
# since the modules above will each just jump around | |
account required pam_permit.so | |
# and here are more per-package modules (the "Additional" block) | |
account [success=ok new_authtok_reqd=done ignore=ignore user_unknown=ignore authinfo_unavail=ignore default=bad] pam_ldap.so minimum_uid=1000 | |
# end of pam-auth-update config |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment