2bd19e3f8f
Use pam-config package to package config files for pam package. We can remove related patch of pam and use RPM instead of SRPM for pam. Deployment test and ping test between VMs pass Config files check pass. Story: 2003768 Task: 27589 Depends-on: https://review.openstack.org/#/c/617454/ Change-Id: Ib19aa8ef023c184c7dcf0e4086adb516be0d947d Signed-off-by: zhipengl <zhipengs.liu@intel.com>
23 lines
1.2 KiB
Plaintext
Executable File
23 lines
1.2 KiB
Plaintext
Executable File
#
|
|
# /etc/pam.d/common-auth - authentication settings common to all services
|
|
#
|
|
# This file is included from other service-specific PAM config files,
|
|
# and should contain a list of the authentication modules that define
|
|
# the central authentication scheme for use on the system
|
|
# (e.g., /etc/shadow, LDAP, Kerberos, etc.). The default is to use the
|
|
# traditional Unix authentication mechanisms.
|
|
|
|
# here are the per-package modules (the "Primary" block)
|
|
# auth [success=1 default=ignore] pam_unix.so nullok_secure
|
|
# auth sufficient pam_ldap.so use_first_pass
|
|
auth required pam_tally2.so deny=5 unlock_time=300 audit
|
|
auth [success=2 default=ignore] pam_unix.so nullok_secure
|
|
auth [success=1 default=ignore] pam_ldap.so use_first_pass debug
|
|
# here's the fallback if no module succeeds
|
|
auth requisite pam_deny.so
|
|
# prime the stack with a positive return value if there isn't one already;
|
|
# this avoids us returning an error just because nothing sets a success code
|
|
# since the modules above will each just jump around
|
|
auth required pam_permit.so
|
|
# and here are more per-package modules (the "Additional" block)
|