HardenedBSD/etc/pam.d/sshd
Mark Murray daf509c612 The PAM module pam_krb5 does not have "session" capabilities.
Don't give examples of such use, this is bogus.
2003-04-30 21:57:54 +00:00

27 lines
680 B
Plaintext

#
# $FreeBSD$
#
# PAM configuration for the "sshd" service
#
# auth
auth required pam_nologin.so no_warn
auth sufficient pam_opie.so no_warn no_fake_prompts
auth requisite pam_opieaccess.so no_warn allow_local
#auth sufficient pam_krb5.so no_warn try_first_pass
#auth sufficient pam_ssh.so no_warn try_first_pass
auth required pam_unix.so no_warn try_first_pass
# account
#account required pam_krb5.so
account required pam_login_access.so
account required pam_unix.so
# session
#session optional pam_ssh.so
session required pam_permit.so
# password
#password sufficient pam_krb5.so no_warn try_first_pass
password required pam_unix.so no_warn try_first_pass