Current File : //etc/security/pam_policy/krb5_first

#
# Copyright (c) 2008, 2012, Oracle and/or its affiliates. All rights reserved.
#
# PAM configuration file for Kerberos authentication foremost and then
# fall-back to UNIX password-based crypt authentication if Kerberos
# authentication fails.
#
# Authentication management
#
#
# login service (explicit because of pam_dial_auth)
#
login	auth requisite		pam_authtok_get.so.1
login	auth required		pam_dhkeys.so.1
login	auth required		pam_unix_cred.so.1
login	auth required		pam_dial_auth.so.1
login	auth sufficient		pam_krb5.so.1
login	auth required		pam_unix_auth.so.1
#
# rlogin service (explicit because of pam_rhost_auth)
#
rlogin	auth sufficient		pam_rhosts_auth.so.1
rlogin	auth requisite		pam_authtok_get.so.1
rlogin	auth required		pam_dhkeys.so.1
rlogin	auth required		pam_unix_cred.so.1
rlogin	auth sufficient		pam_krb5.so.1
rlogin	auth required		pam_unix_auth.so.1
#
# Kerberized rlogin service
#
krlogin	auth required		pam_unix_cred.so.1
krlogin	auth required		pam_krb5.so.1
#
# rsh service (explicit because of pam_rhost_auth)
#
rsh	auth sufficient		pam_rhosts_auth.so.1
rsh	auth required		pam_unix_cred.so.1
#
# Kerberized rsh service
#
krsh	auth required		pam_unix_cred.so.1
krsh	auth required		pam_krb5.so.1
#
# Kerberized telnet service
#
ktelnet	auth required		pam_unix_cred.so.1
ktelnet	auth required		pam_krb5.so.1
#
# PPP service (explicit because of pam_dial_auth)
#
ppp	auth requisite		pam_authtok_get.so.1
ppp	auth required		pam_dhkeys.so.1
ppp	auth required		pam_unix_cred.so.1
ppp	auth required		pam_dial_auth.so.1
ppp	auth sufficient		pam_krb5.so.1
ppp	auth required		pam_unix_auth.so.1
#
# GDM Autologin (explicit because of pam_allow).  These need to be
# here as there is no mechanism for packages to amend pam.conf as
# they are installed.
#
gdm-autologin auth  required    pam_unix_cred.so.1
gdm-autologin auth  sufficient  pam_allow.so.1
#
# Default definitions for Authentication management
# Used when service name is not explicitly mentioned for authentication
#
OTHER	auth requisite		pam_authtok_get.so.1
OTHER	auth required		pam_dhkeys.so.1
OTHER	auth required		pam_unix_cred.so.1
OTHER	auth sufficient		pam_krb5.so.1
OTHER	auth required		pam_unix_auth.so.1
#
# passwd command (explicit because of a different authentication module)
#
passwd	auth required		pam_passwd_auth.so.1
#
# cron service (explicit because of non-usage of pam_roles.so.1)
#
cron	account required	pam_unix_account.so.1
#
# cups service (explicit because of non-usage of pam_roles.so.1)
#
cups	account	required	pam_unix_account.so.1
#
# GDM Autologin (explicit because of pam_allow) This needs to be here
# as there is no mechanism for packages to amend pam.conf as they are
# installed.
#
gdm-autologin account  sufficient  pam_allow.so.1
#
# Default definition for Account management
# Used when service name is not explicitly mentioned for account management
#
OTHER	account	requisite	pam_roles.so.1
OTHER	account	required	pam_unix_account.so.1
OTHER	account	required	pam_tsol_account.so.1
OTHER	account	required	pam_krb5.so.1
#
# Password management
#
OTHER   password        include		pam_authtok_common
OTHER	password	sufficient	pam_krb5.so.1
OTHER	password	required	pam_authtok_store.so.1
#
# Session management
#
OTHER	session	required	pam_unix_session.so.1
#
# Account management for Trusted Extensions (TX)
# These entries are required for TX environments since these services
# run in the Trusted Path and pam_tsol_account(5) isn't applicable to
# PAM sessions which run in the Trusted Path.
#
gdm		account		requisite	pam_roles.so.1
gdm		account		required	pam_unix_account.so.1
gdm		account		required	pam_krb5.so.1
xscreensaver	account		requisite	pam_roles.so.1
xscreensaver	account		required	pam_unix_account.so.1
xscreensaver	account		required	pam_krb5.so.1
passwd		account		requisite	pam_roles.so.1
passwd		account		required	pam_unix_account.so.1
passwd		account		required	pam_krb5.so.1
dtpasswd	account		requisite	pam_roles.so.1
dtpasswd	account		required	pam_unix_account.so.1
dtpasswd	account		required	pam_krb5.so.1
tsoljds-tstripe	account		requisite	pam_roles.so.1
tsoljds-tstripe	account		required	pam_unix_account.so.1
tsoljds-tstripe	account		required	pam_krb5.so.1