From 6e00c9e8137aae1fb8dd568a62d9fb5fc4a277cb Mon Sep 17 00:00:00 2001
From: Cullum Smith <cullum@sacredheartsc.com>
Date: Tue, 24 Sep 2024 22:35:45 -0400
Subject: finish up idm_server hostclass

---
 files/etc/pam.d/sshd.freebsd | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)
 create mode 100644 files/etc/pam.d/sshd.freebsd

(limited to 'files/etc/pam.d')

diff --git a/files/etc/pam.d/sshd.freebsd b/files/etc/pam.d/sshd.freebsd
new file mode 100644
index 0000000..57b281b
--- /dev/null
+++ b/files/etc/pam.d/sshd.freebsd
@@ -0,0 +1,17 @@
+# auth
+auth    sufficient  /usr/local/lib/security/pam_krb5.so try_first_pass
+auth    required    pam_unix.so no_warn try_first_pass
+
+# account
+account   required  pam_nologin.so
+account   required  /usr/local/lib/security/pam_krb5.so
+account   required  pam_login_access.so
+account   required  pam_unix.so
+
+# session
+session   required  /usr/local/lib/security/pam_krb5.so
+session   required  pam_permit.so
+
+# password
+password  sufficient  /usr/local/lib/security/pam_krb5.so try_first_pass
+password  required    pam_unix.so no_warn try_first_pass
-- 
cgit v1.2.3