|
 |
f09e2e |
#%PAM-1.0
|
|
|
f09e2e |
auth required pam_sepermit.so
|
|
|
f09e2e |
auth substack password-auth
|
|
|
f09e2e |
auth include postlogin
|
|
|
674526 |
# Used with polkit to reauthorize users in remote sessions
|
|
|
674526 |
-auth optional pam_reauthorize.so prepare
|
|
|
f09e2e |
account required pam_nologin.so
|
|
|
f09e2e |
account include password-auth
|
|
|
f09e2e |
password include password-auth
|
|
|
f09e2e |
# pam_selinux.so close should be the first session rule
|
|
|
f09e2e |
session required pam_selinux.so close
|
|
|
f09e2e |
session required pam_loginuid.so
|
|
|
f09e2e |
# pam_selinux.so open should only be followed by sessions to be executed in the user context
|
|
|
f09e2e |
session required pam_selinux.so open env_params
|
|
|
674526 |
session required pam_namespace.so
|
|
|
f09e2e |
session optional pam_keyinit.so force revoke
|
|
|
f09e2e |
session include password-auth
|
|
|
f09e2e |
session include postlogin
|
|
|
674526 |
# Used with polkit to reauthorize users in remote sessions
|
|
|
674526 |
-session optional pam_reauthorize.so prepare
|