summaryrefslogtreecommitdiff
path: root/redhat/quagga.pam
diff options
context:
space:
mode:
authorpaul <paul>2003-08-12 12:54:13 +0000
committerpaul <paul>2003-08-12 12:54:13 +0000
commit6bd8fd3bb063a64d6e929910d297e2d8a760aea9 (patch)
tree983d515a6a29011136fe8be67b00552d248f8ea0 /redhat/quagga.pam
parent7190f4ea215c294abc269b6dfa12f5f114bd2ed6 (diff)
2003-08-12 Paul Jakma <paul@dishone.st>
* redhat/: zebra.{logrotate,pam,spec.in} -> quagga.{logrotate,pam,spec.in}.
Diffstat (limited to 'redhat/quagga.pam')
-rw-r--r--redhat/quagga.pam26
1 files changed, 26 insertions, 0 deletions
diff --git a/redhat/quagga.pam b/redhat/quagga.pam
new file mode 100644
index 00000000..f5b306e3
--- /dev/null
+++ b/redhat/quagga.pam
@@ -0,0 +1,26 @@
+#%PAM-1.0
+#
+
+##### if running zebra as root:
+# Only allow root (and possibly wheel) to use this because enable access
+# is unrestricted.
+auth sufficient /lib/security/pam_rootok.so
+
+# Uncomment the following line to implicitly trust users in the "wheel" group.
+#auth sufficient /lib/security/pam_wheel.so trust use_uid
+# Uncomment the following line to require a user to be in the "wheel" group.
+#auth required /lib/security/pam_wheel.so use_uid
+###########################################################
+
+# If using zebra privileges and with a seperate group for vty access, then
+# access can be controlled via the vty access group, and pam can simply
+# check for valid user/password
+#
+# only allow local users.
+auth required /lib/security/pam_securetty.so
+auth required /lib/security/pam_stack.so service=system-auth
+auth required /lib/security/pam_nologin.so
+account required /lib/security/pam_stack.so service=system-auth
+password required /lib/security/pam_stack.so service=system-auth
+session required /lib/security/pam_stack.so service=system-auth
+session optional /lib/security/pam_console.so