32 lines
1.2 KiB
Plaintext
32 lines
1.2 KiB
Plaintext
#%PAM-1.0
|
|
|
|
auth required pam_permit.so
|
|
|
|
@include common-account
|
|
|
|
# SELinux needs to be the first session rule. This ensures that any
|
|
# lingering context has been cleared. Without this it is possible that a
|
|
# module could execute code in the wrong domain.
|
|
session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so close
|
|
# Create a new session keyring.
|
|
session optional pam_keyinit.so force revoke
|
|
session required pam_limits.so
|
|
session required pam_loginuid.so
|
|
@include common-session
|
|
# SELinux needs to intervene at login time to ensure that the process starts
|
|
# in the proper default security context. Only sessions which are intended
|
|
# to run in the user's context should be run after this.
|
|
session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so open
|
|
|
|
# Can't change password
|
|
password required pam_deny.so
|
|
|
|
# From the pam_env man page
|
|
# Since setting of PAM environment variables can have side effects to other modules, this module should be the last one on the stack.
|
|
|
|
# Load environment from /etc/environment
|
|
session required pam_env.so
|
|
|
|
# Load environment from /etc/default/locale
|
|
session required pam_env.so envfile=/etc/default/locale
|