summaryrefslogblamecommitdiffstats
path: root/source/n/openssh/sshd.pam
blob: cc188fa56311188e2215f07725b08bb85e62c3d1 (plain) (tree)
1
2
3
4
5
6
7
8
9
10




                                                                         
                                                 



                                                                           
                                           



                                                                   
                                         





                                               
                                              
#%PAM-1.0
# pam_securetty.so is commented out since sshd already does a good job of
# protecting itself. You may uncomment it if you like, but then you may
# need to add additional consoles to /etc/securetty if you want to allow
# root logins on them, such as: ssh, pts/0, :0, etc
#auth            required        pam_securetty.so
# When using pam_faillock, print a message to the user if the account is
# locked. This lets the user know what is going on, but it also potentially
# gives additional information to attackers:
#auth            requisite       pam_faillock.so preauth
auth            include         system-auth
# To set a limit on failed authentications, the pam_faillock module
# can be enabled. See pam_faillock(8) for more information.
#auth            [default=die]   pam_faillock.so authfail
#auth            sufficient      pam_faillock.so authsucc
auth            include         postlogin
account         required        pam_nologin.so
account         include         system-auth
password        include         system-auth
session         include         system-auth
session         include         postlogin
session         required        pam_loginuid.so
-session        optional        pam_elogind.so