2bd19e3f8f
Use pam-config package to package config files for pam package. We can remove related patch of pam and use RPM instead of SRPM for pam. Deployment test and ping test between VMs pass Config files check pass. Story: 2003768 Task: 27589 Depends-on: https://review.openstack.org/#/c/617454/ Change-Id: Ib19aa8ef023c184c7dcf0e4086adb516be0d947d Signed-off-by: zhipengl <zhipengs.liu@intel.com>
32 lines
1.6 KiB
Plaintext
Executable File
32 lines
1.6 KiB
Plaintext
Executable File
#%PAM-1.0
|
|
auth required pam_env.so
|
|
auth sufficient pam_unix.so nullok try_first_pass
|
|
auth requisite pam_succeed_if.so uid >= 1000 quiet_success
|
|
auth required pam_deny.so
|
|
|
|
account required pam_unix.so
|
|
account sufficient pam_localuser.so
|
|
account sufficient pam_succeed_if.so uid < 1000 quiet
|
|
account required pam_permit.so
|
|
|
|
################# StarlingX Cloud Password Rules #######################
|
|
# Enforce a password containing atleast 1 lower case, 1 upper case, #
|
|
# 1 digit and 1 special character. Such a password will have a #
|
|
# minimum length of 7 characters. A user may not re-use the last most #
|
|
# recent password and every password must differ from its previous #
|
|
# one by atleast 3 characters #
|
|
# - Added enforce_for_root for pam_pwquality.so #
|
|
#######################################################################
|
|
|
|
password requisite pam_pwquality.so try_first_pass retry=3 authtok_type= difok=3 minlen=7 lcredit=-1 ucredit=-1 ocredit=-1 dcredit=-1 enforce_for_root debug
|
|
password requisite pam_pwhistory.so use_authtok enforce_for_root remember=2
|
|
|
|
password [success=2 default=ignore] pam_unix.so sha512 shadow nullok try_first_pass use_authtok
|
|
password [success=1 default=ignore] pam_ldap.so use_authtok
|
|
|
|
session optional pam_keyinit.so revoke
|
|
session required pam_limits.so
|
|
-session optional pam_systemd.so
|
|
session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid
|
|
session required pam_unix.so
|