summaryrefslogtreecommitdiff
path: root/redhat/zebra.pam
diff options
context:
space:
mode:
authorpaul <paul>2003-06-04 13:59:38 +0000
committerpaul <paul>2003-06-04 13:59:38 +0000
commitedd7c245d3a77012abf801da00d5664ebaa5f749 (patch)
treed4fada229d7980fb751f28c9a979aa88de1a0af0 /redhat/zebra.pam
parenta159ed935b580ed99111a185734ddd9c973e7691 (diff)
2003-06-04 Paul Jakma <paul@dishone.st>
* Merge of zebra privileges
Diffstat (limited to 'redhat/zebra.pam')
-rw-r--r--redhat/zebra.pam18
1 files changed, 17 insertions, 1 deletions
diff --git a/redhat/zebra.pam b/redhat/zebra.pam
index fb17f59e..1390edf4 100644
--- a/redhat/zebra.pam
+++ b/redhat/zebra.pam
@@ -1,10 +1,26 @@
#%PAM-1.0
#
+
+##### if running zebra as root:
# Only allow root (and possibly wheel) to use this because enable access
# is unrestricted.
+# auth sufficient /lib/security/pam_rootok.so
-auth sufficient /lib/security/pam_rootok.so
# Uncomment the following line to implicitly trust users in the "wheel" group.
#auth sufficient /lib/security/pam_wheel.so trust use_uid
# Uncomment the following line to require a user to be in the "wheel" group.
#auth required /lib/security/pam_wheel.so use_uid
+###########################################################
+
+# If using zebra privileges and with a seperate group for vty access, then
+# access can be controlled via the vty access group, and pam can simply
+# check for valid user/password
+#
+# only allow local users.
+auth required /lib/security/pam_securetty.so
+auth required /lib/security/pam_stack.so service=system-auth
+auth required /lib/security/pam_nologin.so
+account required /lib/security/pam_stack.so service=system-auth
+password required /lib/security/pam_stack.so service=system-auth
+session required /lib/security/pam_stack.so service=system-auth
+session optional /lib/security/pam_console.so