blob: 2f404bcd9ac52497e8d4d1f58aa70b2aac54807a (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
|
auth required pam_shells.so {{ debug|default('', true) }}
auth required pam_nologin.so
auth include system-auth
{% if not minimal -%}
auth required pam_faillock.so preauth silent audit deny=3 unlock_time=600
auth sufficient pam_unix.so nullok try_first_pass
auth [default=die] pam_faillock.so authfail audit deny=3 unlock_time=600
{% endif -%}
account required pam_access.so {{ debug|default('', true) }}
account required pam_nologin.so
account include system-auth
{% if not minimal -%}
account required pam_faillock.so
{% endif -%}
password include system-auth
session optional pam_loginuid.so
{% if selinux -%}
session required pam_selinux.so close
{% endif -%}
session required pam_env.so envfile=/etc/profile.env {{ debug|default('', true) }}
{% if not miniaml -%}
session optional pam_lastlog.so silent {{ debug|default('', true) }}
{% endif -%}
session include system-auth
{% if selinux -%}
# Note: modules that run in the user's context must come after this line.
session required pam_selinux.so multiple open
{% endif -%}
{% if not minimal -%}
session optional pam_motd.so motd=/etc/motd
{% endif -%}
{% if not minimal -%}
session optional pam_mail.so
{% endif -%}
|