API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Nov 29th, 2023
60
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 2.64 KB | None | 0 0
raw download clone embed print report
  1. ## PAM configuration for the Secure Shell service
  2.  
  3. auth required pam_listfile.so onerr=succeed item=user sense=deny file=/etc/users.denied
  4. auth required pam_listfile.so item=user sense=allow file=/etc/users.allowed onerr=fail
  5.  
  6. # Standard Un*x authentication.
  7. @include common-auth
  8.  
  9. # Disallow non-root logins when /etc/nologin exists.
  10. account required pam_nologin.so
  11.  
  12. # Uncomment and edit /etc/security/access.conf if you need to set complex
  13. # access limits that are hard to express in sshd_config.
  14. # account required pam_access.so
  15.  
  16. # Standard Un*x authorization.
  17. @include common-account
  18.  
  19. # SELinux needs to be the first session rule. This ensures that any
  20. # lingering context has been cleared. Without this it is possible that a
  21. # module could execute code in the wrong domain.
  22. session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so close
  23.  
  24. # Set the loginuid process attribute.
  25. session required pam_loginuid.so
  26.  
  27. # Create a new session keyring.
  28. session optional pam_keyinit.so force revoke
  29.  
  30. # Standard Un*x session setup and teardown.
  31. @include common-session
  32.  
  33. # Print the message of the day upon successful login.
  34. # This includes a dynamically generated part from /run/motd.dynamic
  35. # and a static (admin-editable) part from /etc/motd.
  36. session optional pam_motd.so motd=/run/motd.dynamic
  37. session optional pam_motd.so noupdate
  38.  
  39. # Print the status of the user's mailbox upon successful login.
  40. session optional pam_mail.so standard noenv # [1]
  41.  
  42. # Set up user limits from /etc/security/limits.conf.
  43. session required pam_limits.so
  44.  
  45. # Read environment variables from /etc/environment and
  46. # /etc/security/pam_env.conf.
  47. session required pam_env.so # [1]
  48. # In Debian 4.0 (etch), locale-related environment variables were moved to
  49. # /etc/default/locale, so read that as well.
  50. session required pam_env.so user_readenv=1 envfile=/etc/default/locale
  51.  
  52. # SELinux needs to intervene at login time to ensure that the process starts
  53. # in the proper default security context. Only sessions which are intended
  54. # to run in the user's context should be run after this.
  55. session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so open
  56.  
  57. # Standard Un*x password updating.
  58. @include common-password
  59. auth [success=done default=ignore] pam_succeed_if.so user ingroup sftp
  60. auth [success=ok new_authtok_reqd=ok ignore=ignore default=bad] pam_exec.so /etc/pam.scripts/ssh-login-alert user ingroup sftp
  61. auth required pam_unix.so nullok_secure
  62. auth required pam_permit.so
  63. auth required pam_oath.so usersfile=/etc/security/users.oath
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!