X-Git-Url: http://ftp.carnet.hr/carnet-debian/scm?a=blobdiff_plain;f=files%2Fetc%2Fpam.d%2Flogin;fp=files%2Fetc%2Fpam.d%2Flogin;h=95e049d4df702a23b2e207fcbb89fc709e696549;hb=d76524eb23710a7326e9633ab4df800d65449c5d;hp=0000000000000000000000000000000000000000;hpb=a26fded43562e80021ad20d6066a6667fa78e0e8;p=carnet-upgrade.git

diff --git a/files/etc/pam.d/login b/files/etc/pam.d/login
new file mode 100644
index 0000000..95e049d
--- /dev/null
+++ b/files/etc/pam.d/login
@@ -0,0 +1,75 @@
+#
+# The PAM configuration file for the Shadow `login' service
+#
+# NOTE: If you use a session module (such as kerberos or NIS+)
+# that retains persistent credentials (like key caches, etc), you
+# need to enable the `CLOSE_SESSIONS' option in /etc/login.defs
+# in order for login to stay around until after logout to call
+# pam_close_session() and cleanup.
+#
+
+# Outputs an issue file prior to each login prompt (Replaces the
+# ISSUE_FILE option from login.defs). Uncomment for use
+# auth       required   pam_issue.so issue=/etc/issue
+
+# Disallows root logins except on tty's listed in /etc/securetty
+# (Replaces the `CONSOLE' setting from login.defs)
+auth       requisite  pam_securetty.so
+
+# Disallows other than root logins when /etc/nologin exists
+# (Replaces the `NOLOGINS_FILE' option from login.defs)
+auth       requisite  pam_nologin.so
+
+# This module parses /etc/environment (the standard for setting
+# environ vars) and also allows you to use an extended config
+# file /etc/security/pam_env.conf.
+# (Replaces the `ENVIRON_FILE' setting from login.defs)
+auth       required   pam_env.so
+
+# Standard Un*x authentication. The "nullok" line allows passwordless
+# accounts.
+@include common-auth
+
+# This allows certain extra groups to be granted to a user
+# based on things like time of day, tty, service, and user.
+# Please uncomment and edit /etc/security/group.conf if you
+# wish to use this.
+# (Replaces the `CONSOLE_GROUPS' option in login.defs)
+# auth       optional   pam_group.so
+
+# Uncomment and edit /etc/security/time.conf if you need to set
+# time restrainst on logins.
+# (Replaces the `PORTTIME_CHECKS_ENAB' option from login.defs
+# as well as /etc/porttime)
+# account    requisite  pam_time.so
+
+# Uncomment and edit /etc/security/access.conf if you need to
+# set access limits.
+# (Replaces /etc/login.access file)
+# account  required       pam_access.so
+
+# Standard Un*x account and session
+@include common-account
+@include common-session
+
+# Sets up user limits, please uncomment and read /etc/security/limits.conf
+# to enable this functionality.
+# (Replaces the use of /etc/limits in old login)
+session    required   pam_limits.so
+
+# Prints the last login info upon succesful login
+# (Replaces the `LASTLOG_ENAB' option from login.defs)
+session    optional   pam_lastlog.so
+
+# Prints the motd upon succesful login
+# (Replaces the `MOTD_FILE' option in login.defs)
+session    optional   pam_motd.so
+
+# Prints the status of the user's mailbox upon succesful login
+# (Replaces the `MAIL_CHECK_ENAB' option from login.defs). You
+# can also enable a MAIL environment variable from here, but it
+# is better handled by /etc/login.defs, since userdel also uses
+# it to make sure that removing a user, also removes their mail
+# spool file.
+session    optional   pam_mail.so standard noenv
+@include common-password