aboutsummaryrefslogtreecommitdiff
path: root/files/etc/pam.d
diff options
context:
space:
mode:
Diffstat (limited to 'files/etc/pam.d')
-rw-r--r--files/etc/pam.d/cups.cups_server12
-rw-r--r--files/etc/pam.d/kde.freebsd7
-rw-r--r--files/etc/pam.d/login.freebsd16
-rw-r--r--files/etc/pam.d/sddm.freebsd23
-rw-r--r--files/etc/pam.d/sshd.freebsd20
-rw-r--r--files/etc/pam.d/sudo.freebsd8
6 files changed, 50 insertions, 36 deletions
diff --git a/files/etc/pam.d/cups.cups_server b/files/etc/pam.d/cups.cups_server
index b61c074..03c2763 100644
--- a/files/etc/pam.d/cups.cups_server
+++ b/files/etc/pam.d/cups.cups_server
@@ -1,8 +1,6 @@
-# auth
-auth sufficient /usr/local/lib/security/pam_krb5.so try_first_pass
-auth required pam_unix.so no_warn try_first_pass
+auth sufficient /usr/local/lib/security/pam_krb5.so try_first_pass
+auth required pam_unix.so no_warn try_first_pass
-# account
-account required /usr/local/lib/security/pam_krb5.so
-account required pam_login_access.so
-account required pam_unix.so
+account required /usr/local/lib/security/pam_krb5.so
+account required pam_login_access.so
+account required pam_unix.so
diff --git a/files/etc/pam.d/kde.freebsd b/files/etc/pam.d/kde.freebsd
index 2604c78..8f87b98 100644
--- a/files/etc/pam.d/kde.freebsd
+++ b/files/etc/pam.d/kde.freebsd
@@ -1,2 +1,5 @@
-auth required /usr/local/lib/security/pam_krb5.so try_first_pass
-account required /usr/local/lib/security/pam_krb5.so
+auth required /usr/local/lib/security/pam_krb5.so try_first_pass
+
+account required /usr/local/lib/security/pam_krb5.so
+account required pam_login_access.so
+account required pam_unix.so
diff --git a/files/etc/pam.d/login.freebsd b/files/etc/pam.d/login.freebsd
new file mode 100644
index 0000000..164fcb0
--- /dev/null
+++ b/files/etc/pam.d/login.freebsd
@@ -0,0 +1,16 @@
+auth sufficient pam_self.so no_warn
+auth sufficient /usr/local/lib/security/pam_krb5.so try_first_pass
+auth required pam_unix.so no_warn try_first_pass nullok
+
+account requisite pam_securetty.so
+account required pam_nologin.so
+account required /usr/local/lib/security/pam_krb5.so
+account required pam_login_access.so
+account required pam_unix.so
+
+session required pam_lastlog.so no_fail
+session required pam_xdg.so
+session required /usr/local/lib/security/pam_krb5.so
+
+password sufficient /usr/local/lib/security/pam_krb5.so try_first_pass
+password required pam_unix.so no_warn try_first_pass
diff --git a/files/etc/pam.d/sddm.freebsd b/files/etc/pam.d/sddm.freebsd
index ef359ff..6a75823 100644
--- a/files/etc/pam.d/sddm.freebsd
+++ b/files/etc/pam.d/sddm.freebsd
@@ -2,15 +2,20 @@
# try multiple authentication sources (like krb5 but fall back to pam_unix)
# if we want pam_kwallet5 to execute.
# Hence, for sddm, we try krb5 only (no local accounts).
-auth required /usr/local/lib/security/pam_krb5.so try_first_pass
-auth optional pam_exec.so /usr/local/libexec/pam-create-local-homedir
-auth optional pam_kwallet5.so
+auth sufficient pam_self.so no_warn
+auth required /usr/local/lib/security/pam_krb5.so try_first_pass
+auth optional pam_exec.so /usr/local/libexec/pam-create-local-homedir
+auth optional pam_kwallet5.so
-account required /usr/local/lib/security/pam_krb5.so
-account required pam_login_access.so
-account required pam_unix.so
+account requisite pam_securetty.so
+account required pam_nologin.so
+account required /usr/local/lib/security/pam_krb5.so
+account required pam_login_access.so
+account required pam_unix.so
-session required pam_lastlog.so no_fail
-session optional pam_kwallet5.so auto_start
+session required pam_lastlog.so no_fail
+session required pam_xdg.so no_fail
+session required /usr/local/lib/security/pam_krb5.so
+session optional pam_kwallet5.so auto_start
-password required /usr/local/lib/security/pam_krb5.so try_first_pass
+password required /usr/local/lib/security/pam_krb5.so try_first_pass
diff --git a/files/etc/pam.d/sshd.freebsd b/files/etc/pam.d/sshd.freebsd
index 57b281b..559a980 100644
--- a/files/etc/pam.d/sshd.freebsd
+++ b/files/etc/pam.d/sshd.freebsd
@@ -1,17 +1,13 @@
-# auth
-auth sufficient /usr/local/lib/security/pam_krb5.so try_first_pass
-auth required pam_unix.so no_warn try_first_pass
+auth sufficient /usr/local/lib/security/pam_krb5.so try_first_pass
+auth required pam_unix.so no_warn try_first_pass
-# account
-account required pam_nologin.so
-account required /usr/local/lib/security/pam_krb5.so
-account required pam_login_access.so
-account required pam_unix.so
+account required pam_nologin.so
+account required /usr/local/lib/security/pam_krb5.so
+account required pam_login_access.so
+account required pam_unix.so
-# session
-session required /usr/local/lib/security/pam_krb5.so
-session required pam_permit.so
+session required /usr/local/lib/security/pam_krb5.so
+session required pam_permit.so
-# password
password sufficient /usr/local/lib/security/pam_krb5.so try_first_pass
password required pam_unix.so no_warn try_first_pass
diff --git a/files/etc/pam.d/sudo.freebsd b/files/etc/pam.d/sudo.freebsd
index 425bf4e..6a6b0a4 100644
--- a/files/etc/pam.d/sudo.freebsd
+++ b/files/etc/pam.d/sudo.freebsd
@@ -1,15 +1,11 @@
-# auth
-auth sufficient /usr/local/lib/security/pam_krb5.so try_first_pass
-auth required pam_unix.so no_warn try_first_pass
+auth sufficient /usr/local/lib/security/pam_krb5.so try_first_pass
+auth required pam_unix.so no_warn try_first_pass
-# account
account required /usr/local/lib/security/pam_krb5.so
account required pam_login_access.so
account required pam_unix.so
-# session
account required pam_permit.so
-# password
password sufficient /usr/local/lib/security/pam_krb5.so try_first_pass
password required pam_unix.so no_warn try_first_pass
generated by cgit v1.2.3 (git 2.25.1) at 2024-12-29 01:38:26 -0500