diff options
| -rw-r--r-- | redhat/quagga.pam | 20 | ||||
| -rw-r--r-- | redhat/quagga.pam.stack | 26 |
2 files changed, 36 insertions, 10 deletions
diff --git a/redhat/quagga.pam b/redhat/quagga.pam index 8ddc2bbe..9a91ad85 100644 --- a/redhat/quagga.pam +++ b/redhat/quagga.pam @@ -4,12 +4,12 @@ ##### if running quagga as root: # Only allow root (and possibly wheel) to use this because enable access # is unrestricted. -auth sufficient /lib/security/$ISA/pam_rootok.so +auth sufficient pam_rootok.so # Uncomment the following line to implicitly trust users in the "wheel" group. -#auth sufficient /lib/security/$ISA/pam_wheel.so trust use_uid +#auth sufficient pam_wheel.so trust use_uid # Uncomment the following line to require a user to be in the "wheel" group. -#auth required /lib/security/$ISA/pam_wheel.so use_uid +#auth required pam_wheel.so use_uid ########################################################### # If using quagga privileges and with a seperate group for vty access, then @@ -17,10 +17,10 @@ auth sufficient /lib/security/$ISA/pam_rootok.so # check for valid user/password, eg: # # only allow local users. -#auth required /lib/security/$ISA/pam_securetty.so -#auth required /lib/security/$ISA/pam_stack.so service=system-auth -#auth required /lib/security/$ISA/pam_nologin.so -#account required /lib/security/$ISA/pam_stack.so service=system-auth -#password required /lib/security/$ISA/pam_stack.so service=system-auth -#session required /lib/security/$ISA/pam_stack.so service=system-auth -#session optional /lib/security/$ISA/pam_console.so +#auth required pam_securetty.so +#auth include system-auth +#auth required pam_nologin.so +#account include system-auth +#password include system-auth +#session include system-auth +#session optional pam_console.so diff --git a/redhat/quagga.pam.stack b/redhat/quagga.pam.stack new file mode 100644 index 00000000..8ddc2bbe --- /dev/null +++ b/redhat/quagga.pam.stack @@ -0,0 +1,26 @@ +#%PAM-1.0 +# + +##### if running quagga as root: +# Only allow root (and possibly wheel) to use this because enable access +# is unrestricted. +auth sufficient /lib/security/$ISA/pam_rootok.so + +# Uncomment the following line to implicitly trust users in the "wheel" group. +#auth sufficient /lib/security/$ISA/pam_wheel.so trust use_uid +# Uncomment the following line to require a user to be in the "wheel" group. +#auth required /lib/security/$ISA/pam_wheel.so use_uid +########################################################### + +# If using quagga privileges and with a seperate group for vty access, then +# access can be controlled via the vty access group, and pam can simply +# check for valid user/password, eg: +# +# only allow local users. +#auth required /lib/security/$ISA/pam_securetty.so +#auth required /lib/security/$ISA/pam_stack.so service=system-auth +#auth required /lib/security/$ISA/pam_nologin.so +#account required /lib/security/$ISA/pam_stack.so service=system-auth +#password required /lib/security/$ISA/pam_stack.so service=system-auth +#session required /lib/security/$ISA/pam_stack.so service=system-auth +#session optional /lib/security/$ISA/pam_console.so |