From edd7c245d3a77012abf801da00d5664ebaa5f749 Mon Sep 17 00:00:00 2001 From: paul Date: Wed, 4 Jun 2003 13:59:38 +0000 Subject: 2003-06-04 Paul Jakma * Merge of zebra privileges --- redhat/zebra.pam | 18 +++++++++++++++++- 1 file changed, 17 insertions(+), 1 deletion(-) (limited to 'redhat/zebra.pam') diff --git a/redhat/zebra.pam b/redhat/zebra.pam index fb17f59e..1390edf4 100644 --- a/redhat/zebra.pam +++ b/redhat/zebra.pam @@ -1,10 +1,26 @@ #%PAM-1.0 # + +##### if running zebra as root: # Only allow root (and possibly wheel) to use this because enable access # is unrestricted. +# auth sufficient /lib/security/pam_rootok.so -auth sufficient /lib/security/pam_rootok.so # Uncomment the following line to implicitly trust users in the "wheel" group. #auth sufficient /lib/security/pam_wheel.so trust use_uid # Uncomment the following line to require a user to be in the "wheel" group. #auth required /lib/security/pam_wheel.so use_uid +########################################################### + +# If using zebra privileges and with a seperate group for vty access, then +# access can be controlled via the vty access group, and pam can simply +# check for valid user/password +# +# only allow local users. +auth required /lib/security/pam_securetty.so +auth required /lib/security/pam_stack.so service=system-auth +auth required /lib/security/pam_nologin.so +account required /lib/security/pam_stack.so service=system-auth +password required /lib/security/pam_stack.so service=system-auth +session required /lib/security/pam_stack.so service=system-auth +session optional /lib/security/pam_console.so -- cgit v1.2.1