From 8570676c4ffb407284d51a80c045d6989b7af6d7 Mon Sep 17 00:00:00 2001 From: paul Date: Fri, 4 Nov 2005 12:25:23 +0000 Subject: - quagga.pam: pam_stack.so module is deprecated, use 'include' instead. - quagga.pam.stack: the old pam_stack way, kept to allow spec file to backwards compatible (changes to spec file pending local testing) --- redhat/quagga.pam.stack | 26 ++++++++++++++++++++++++++ 1 file changed, 26 insertions(+) create mode 100644 redhat/quagga.pam.stack (limited to 'redhat/quagga.pam.stack') diff --git a/redhat/quagga.pam.stack b/redhat/quagga.pam.stack new file mode 100644 index 00000000..8ddc2bbe --- /dev/null +++ b/redhat/quagga.pam.stack @@ -0,0 +1,26 @@ +#%PAM-1.0 +# + +##### if running quagga as root: +# Only allow root (and possibly wheel) to use this because enable access +# is unrestricted. +auth sufficient /lib/security/$ISA/pam_rootok.so + +# Uncomment the following line to implicitly trust users in the "wheel" group. +#auth sufficient /lib/security/$ISA/pam_wheel.so trust use_uid +# Uncomment the following line to require a user to be in the "wheel" group. +#auth required /lib/security/$ISA/pam_wheel.so use_uid +########################################################### + +# If using quagga privileges and with a seperate group for vty access, then +# access can be controlled via the vty access group, and pam can simply +# check for valid user/password, eg: +# +# only allow local users. +#auth required /lib/security/$ISA/pam_securetty.so +#auth required /lib/security/$ISA/pam_stack.so service=system-auth +#auth required /lib/security/$ISA/pam_nologin.so +#account required /lib/security/$ISA/pam_stack.so service=system-auth +#password required /lib/security/$ISA/pam_stack.so service=system-auth +#session required /lib/security/$ISA/pam_stack.so service=system-auth +#session optional /lib/security/$ISA/pam_console.so -- cgit v1.2.1