diff options
author | paul <paul> | 2003-06-04 13:59:38 +0000 |
---|---|---|
committer | paul <paul> | 2003-06-04 13:59:38 +0000 |
commit | edd7c245d3a77012abf801da00d5664ebaa5f749 (patch) | |
tree | d4fada229d7980fb751f28c9a979aa88de1a0af0 /redhat/zebra.pam | |
parent | a159ed935b580ed99111a185734ddd9c973e7691 (diff) |
2003-06-04 Paul Jakma <paul@dishone.st>
* Merge of zebra privileges
Diffstat (limited to 'redhat/zebra.pam')
-rw-r--r-- | redhat/zebra.pam | 18 |
1 files changed, 17 insertions, 1 deletions
diff --git a/redhat/zebra.pam b/redhat/zebra.pam index fb17f59e..1390edf4 100644 --- a/redhat/zebra.pam +++ b/redhat/zebra.pam @@ -1,10 +1,26 @@ #%PAM-1.0 # + +##### if running zebra as root: # Only allow root (and possibly wheel) to use this because enable access # is unrestricted. +# auth sufficient /lib/security/pam_rootok.so -auth sufficient /lib/security/pam_rootok.so # Uncomment the following line to implicitly trust users in the "wheel" group. #auth sufficient /lib/security/pam_wheel.so trust use_uid # Uncomment the following line to require a user to be in the "wheel" group. #auth required /lib/security/pam_wheel.so use_uid +########################################################### + +# If using zebra privileges and with a seperate group for vty access, then +# access can be controlled via the vty access group, and pam can simply +# check for valid user/password +# +# only allow local users. +auth required /lib/security/pam_securetty.so +auth required /lib/security/pam_stack.so service=system-auth +auth required /lib/security/pam_nologin.so +account required /lib/security/pam_stack.so service=system-auth +password required /lib/security/pam_stack.so service=system-auth +session required /lib/security/pam_stack.so service=system-auth +session optional /lib/security/pam_console.so |