forked from rpms/openssh
6a5e296ba7
- add pam_sepermit to allow blocking confined users in permissive mode (#471746) - move system-auth after pam_selinux in the session stack
14 lines
567 B
Plaintext
14 lines
567 B
Plaintext
#%PAM-1.0
|
|
auth required pam_sepermit.so
|
|
auth include system-auth
|
|
account required pam_nologin.so
|
|
account include system-auth
|
|
password include system-auth
|
|
# pam_selinux.so close should be the first session rule
|
|
session required pam_selinux.so close
|
|
session required pam_loginuid.so
|
|
# pam_selinux.so open should only be followed by sessions to be executed in the user context
|
|
session required pam_selinux.so open env_params
|
|
session optional pam_keyinit.so force revoke
|
|
session include system-auth
|