36 lines
1.5 KiB
Plaintext
36 lines
1.5 KiB
Plaintext
## PAM configuration for Active Directory authentication
|
|
## This file complies with the Gentoo PAM layout; other distributions may
|
|
## requre different blocks in separate files, so adjust accordingly.
|
|
##
|
|
## UNIX authentication is attempted first, allowing local users to log in even
|
|
## if domain authentication is unavailable. For this to work, 'compat' must be
|
|
## listed before 'winbind' in /etc/nsswitch.conf.
|
|
##
|
|
## Dustin C. Hatch <admiralnemo@gmail.com>
|
|
##
|
|
## This file is public domain. I don't care what you do with/to it.
|
|
# vim: set ft=pamconf :
|
|
|
|
auth required pam_env.so
|
|
auth [success=1 default=ignore] pam_succeed_if.so uid >= 100000000 quiet
|
|
auth [success=2 default=ignore] pam_unix.so try_first_pass likeauth
|
|
auth [success=1 default=ignore] pam_winbind.so try_first_pass krb5_auth krb5_ccache_type=FILE cached_login
|
|
auth requisite pam_deny.so
|
|
auth required pam_permit.so
|
|
|
|
account sufficient pam_winbind.so
|
|
account required pam_unix.so
|
|
account optional pam_permit.so
|
|
|
|
password required pam_cracklib.so difok=2 minlen=8 dcredit=2 ocredit=2 retry=3
|
|
password [success=2 default=ignore] pam_unix.so try_first_pass use_authtok sha512 shadow
|
|
password [success=1 default=ignore] pam_winbind.so use_authtok try_first_pass
|
|
password requisite pam_deny.so
|
|
password required pam_permit.so
|
|
|
|
session required pam_mkhomedir.so skel=/etc/skel umask=0022
|
|
session required pam_limits.so
|
|
session required pam_env.so
|
|
session required pam_unix.so
|
|
session optional pam_permit.so
|