diff options
Diffstat (limited to 'templates/system-auth.tpl')
-rw-r--r-- | templates/system-auth.tpl | 54 |
1 files changed, 54 insertions, 0 deletions
diff --git a/templates/system-auth.tpl b/templates/system-auth.tpl new file mode 100644 index 0000000..13f5c0d --- /dev/null +++ b/templates/system-auth.tpl @@ -0,0 +1,54 @@ +auth required pam_env.so {{ debug|default('', true) }} +{% if pam_ssh -%} +auth sufficient pam_ssh.so +{% endif -%} + +{% if krb5 -%} +auth [success=1 default=ignore] pam_krb5.so {{ krb5_params }} +{% endif -%} + +auth required pam_unix.so try_first_pass {{ likeauth }} {{ nullok|default('', true) }} {{ debug|default('', true) }} +auth optional pam_permit.so +{% if not minimal -%} +auth required pam_faillock.so preauth silent audit deny=3 unlock_time=600 +auth sufficient pam_unix.so {{ nullok|default('', true) }} try_first_pass +auth [default=die] pam_faillock.so authfail audit deny=3 unlock_time=600 +{% endif -%} + +{% if krb5 -%} +account [success=1 default=ignore] pam_krb5.so {{ krb5_params }} +{% endif -%} +account required pam_unix.so {{ debug|default('', true) }} +account optional pam_permit.so +{% if not minimal -%} +account required pam_faillock.so +{% endif -%} + +{% if passwdqc -%} +password required pam_passwdqc.so min=8,8,8,8,8 retry=3 +{% endif -%} + +{% if krb5 -%} +password [success=1 default=ignore] pam_krb5.so {{ krb5_params }} +{% endif -%} + +password required pam_unix.so try_first_pass {{ unix_authtok|default('', true) }} {{ nullok|default('', true) }} {{ unix_extended_encryption|default('', true) }} {{ debug|default('', true) }} +password optional pam_permit.so + +{%- if pam_ssh -%} +session optional pam_ssh.so +{% endif -%} + +{% if systemd -%} +-session optional pam_systemd.so +{% endif -%} + +{% if elogind -%} +-session optional pam_elogind.so +{% endif -%} + +{% if libcap -%} +-session optional pam_libcap.so +{% endif -%} + +{% include "templates/system-session.tpl" %} |