diff options
| author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-10 19:49:47 +0000 |
|---|---|---|
| committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-10 19:49:47 +0000 |
| commit | 9c5dd847393c7c0f37ef557d7a0d402deedd8d2a (patch) | |
| tree | dcb9b4740181f58a5d235e8ca52f9855494f486e /debian/openssh-server.sshd.pam.in | |
| parent | Adding upstream version 1:9.6p1. (diff) | |
| download | openssh-9c5dd847393c7c0f37ef557d7a0d402deedd8d2a.tar.xz openssh-9c5dd847393c7c0f37ef557d7a0d402deedd8d2a.zip | |
Adding debian version 1:9.6p1-4.debian/1%9.6p1-4
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'debian/openssh-server.sshd.pam.in')
| -rw-r--r-- | debian/openssh-server.sshd.pam.in | 55 |
1 files changed, 55 insertions, 0 deletions
diff --git a/debian/openssh-server.sshd.pam.in b/debian/openssh-server.sshd.pam.in new file mode 100644 index 0000000..2cad67d --- /dev/null +++ b/debian/openssh-server.sshd.pam.in @@ -0,0 +1,55 @@ +# PAM configuration for the Secure Shell service + +# Standard Un*x authentication. +@include common-auth + +# Disallow non-root logins when /etc/nologin exists. +account required pam_nologin.so + +# Uncomment and edit /etc/security/access.conf if you need to set complex +# access limits that are hard to express in sshd_config. +# account required pam_access.so + +# Standard Un*x authorization. +@include common-account + +# SELinux needs to be the first session rule. This ensures that any +# lingering context has been cleared. Without this it is possible that a +# module could execute code in the wrong domain. +session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so close + +# Set the loginuid process attribute. +session required pam_loginuid.so + +@IF_KEYINIT@# Create a new session keyring. +@IF_KEYINIT@session optional pam_keyinit.so force revoke + +# Standard Un*x session setup and teardown. +@include common-session + +# Print the message of the day upon successful login. +# This includes a dynamically generated part from /run/motd.dynamic +# and a static (admin-editable) part from /etc/motd. +session optional pam_motd.so motd=/run/motd.dynamic +session optional pam_motd.so noupdate + +# Print the status of the user's mailbox upon successful login. +session optional pam_mail.so standard noenv # [1] + +# Set up user limits from /etc/security/limits.conf. +session required pam_limits.so + +# Read environment variables from /etc/environment and +# /etc/security/pam_env.conf. +session required pam_env.so # [1] +# In Debian 4.0 (etch), locale-related environment variables were moved to +# /etc/default/locale, so read that as well. +session required pam_env.so user_readenv=1 envfile=/etc/default/locale + +# SELinux needs to intervene at login time to ensure that the process starts +# in the proper default security context. Only sessions which are intended +# to run in the user's context should be run after this. +session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so open + +# Standard Un*x password updating. +@include common-password |