forked from rpms/openssh
20 lines
863 B
Plaintext
20 lines
863 B
Plaintext
#%PAM-1.0
|
|
auth required pam_sepermit.so
|
|
auth substack password-auth
|
|
auth include postlogin
|
|
# Used with polkit to reauthorize users in remote sessions
|
|
-auth optional pam_reauthorize.so prepare
|
|
account required pam_nologin.so
|
|
account include password-auth
|
|
password include password-auth
|
|
# pam_selinux.so close should be the first session rule
|
|
session required pam_selinux.so close
|
|
session required pam_loginuid.so
|
|
# pam_selinux.so open should only be followed by sessions to be executed in the user context
|
|
session required pam_selinux.so open env_params
|
|
session optional pam_keyinit.so force revoke
|
|
session include password-auth
|
|
session include postlogin
|
|
# Used with polkit to reauthorize users in remote sessions
|
|
-session optional pam_reauthorize.so prepare
|