summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--redhat/quagga.pam20
-rw-r--r--redhat/quagga.pam.stack26
2 files changed, 36 insertions, 10 deletions
diff --git a/redhat/quagga.pam b/redhat/quagga.pam
index 8ddc2bbe..9a91ad85 100644
--- a/redhat/quagga.pam
+++ b/redhat/quagga.pam
@@ -4,12 +4,12 @@
##### if running quagga as root:
# Only allow root (and possibly wheel) to use this because enable access
# is unrestricted.
-auth sufficient /lib/security/$ISA/pam_rootok.so
+auth sufficient pam_rootok.so
# Uncomment the following line to implicitly trust users in the "wheel" group.
-#auth sufficient /lib/security/$ISA/pam_wheel.so trust use_uid
+#auth sufficient pam_wheel.so trust use_uid
# Uncomment the following line to require a user to be in the "wheel" group.
-#auth required /lib/security/$ISA/pam_wheel.so use_uid
+#auth required pam_wheel.so use_uid
###########################################################
# If using quagga privileges and with a seperate group for vty access, then
@@ -17,10 +17,10 @@ auth sufficient /lib/security/$ISA/pam_rootok.so
# check for valid user/password, eg:
#
# only allow local users.
-#auth required /lib/security/$ISA/pam_securetty.so
-#auth required /lib/security/$ISA/pam_stack.so service=system-auth
-#auth required /lib/security/$ISA/pam_nologin.so
-#account required /lib/security/$ISA/pam_stack.so service=system-auth
-#password required /lib/security/$ISA/pam_stack.so service=system-auth
-#session required /lib/security/$ISA/pam_stack.so service=system-auth
-#session optional /lib/security/$ISA/pam_console.so
+#auth required pam_securetty.so
+#auth include system-auth
+#auth required pam_nologin.so
+#account include system-auth
+#password include system-auth
+#session include system-auth
+#session optional pam_console.so
diff --git a/redhat/quagga.pam.stack b/redhat/quagga.pam.stack
new file mode 100644
index 00000000..8ddc2bbe
--- /dev/null
+++ b/redhat/quagga.pam.stack
@@ -0,0 +1,26 @@
+#%PAM-1.0
+#
+
+##### if running quagga as root:
+# Only allow root (and possibly wheel) to use this because enable access
+# is unrestricted.
+auth sufficient /lib/security/$ISA/pam_rootok.so
+
+# Uncomment the following line to implicitly trust users in the "wheel" group.
+#auth sufficient /lib/security/$ISA/pam_wheel.so trust use_uid
+# Uncomment the following line to require a user to be in the "wheel" group.
+#auth required /lib/security/$ISA/pam_wheel.so use_uid
+###########################################################
+
+# If using quagga privileges and with a seperate group for vty access, then
+# access can be controlled via the vty access group, and pam can simply
+# check for valid user/password, eg:
+#
+# only allow local users.
+#auth required /lib/security/$ISA/pam_securetty.so
+#auth required /lib/security/$ISA/pam_stack.so service=system-auth
+#auth required /lib/security/$ISA/pam_nologin.so
+#account required /lib/security/$ISA/pam_stack.so service=system-auth
+#password required /lib/security/$ISA/pam_stack.so service=system-auth
+#session required /lib/security/$ISA/pam_stack.so service=system-auth
+#session optional /lib/security/$ISA/pam_console.so