forked from rpms/openssh
1961bc12e6
- use pam_selinux to obtain the user context instead of doing it itself - unbreak server keep alive settings (patch from upstream) - small addition to scp manpage
13 lines
534 B
Plaintext
13 lines
534 B
Plaintext
#%PAM-1.0
|
|
auth include system-auth
|
|
account required pam_nologin.so
|
|
account include system-auth
|
|
password include system-auth
|
|
# pam_selinux.so close should be the first session rule
|
|
session required pam_selinux.so close
|
|
session include system-auth
|
|
session required pam_loginuid.so
|
|
# pam_selinux.so open should only be followed by sessions to be executed in the user context
|
|
session required pam_selinux.so open env_params
|
|
session optional pam_keyinit.so force revoke
|