-
-
Save shichao-an/71fcde2da2bb003d7ed2 to your computer and use it in GitHub Desktop.
/etc/pam.d/sshd
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# PAM configuration for the Secure Shell service | |
# Standard Un*x authentication. | |
@include common-auth | |
# Disallow non-root logins when /etc/nologin exists. | |
account required pam_nologin.so | |
# Uncomment and edit /etc/security/access.conf if you need to set complex | |
# access limits that are hard to express in sshd_config. | |
#account required pam_access.so | |
# Standard Un*x authorization. | |
@include common-account | |
# SELinux needs to be the first session rule. This ensures that any | |
# lingering context has been cleared. Without this it is possible that a | |
# module could execute code in the wrong domain. | |
session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so close | |
# Set the loginuid process attribute. | |
session required pam_loginuid.so | |
# Create a new session keyring. | |
session optional pam_keyinit.so force revoke | |
# Standard Un*x session setup and teardown. | |
@include common-session | |
# Print the message of the day upon successful login. | |
# This includes a dynamically generated part from /run/motd.dynamic | |
# and a static (admin-editable) part from /etc/motd. | |
session optional pam_motd.so motd=/run/motd.dynamic noupdate | |
session optional pam_motd.so # [1] | |
# Print the status of the user's mailbox upon successful login. | |
session optional pam_mail.so standard noenv # [1] | |
# Set up user limits from /etc/security/limits.conf. | |
session required pam_limits.so | |
# Read environment variables from /etc/environment and | |
# /etc/security/pam_env.conf. | |
session required pam_env.so # [1] | |
# In Debian 4.0 (etch), locale-related environment variables were moved to | |
# /etc/default/locale, so read that as well. | |
session required pam_env.so user_readenv=1 envfile=/etc/default/locale | |
# SELinux needs to intervene at login time to ensure that the process starts | |
# in the proper default security context. Only sessions which are intended | |
# to run in the user's context should be run after this. | |
session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so open | |
# Standard Un*x password updating. | |
@include common-password |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment