diff options
| author | paul <paul> | 2005-11-04 13:25:23 +0100 |
|---|---|---|
| committer | paul <paul> | 2005-11-04 13:25:23 +0100 |
| commit | 8570676c4ffb407284d51a80c045d6989b7af6d7 (patch) | |
| tree | ad8a30ad88ffd7d6da6700256390f385261c1c23 /redhat | |
| parent | - bah, fix likkle typo. (diff) | |
| download | frr-8570676c4ffb407284d51a80c045d6989b7af6d7.tar.xz frr-8570676c4ffb407284d51a80c045d6989b7af6d7.zip | |
- quagga.pam: pam_stack.so module is deprecated, use 'include' instead.
- quagga.pam.stack: the old pam_stack way, kept to allow spec file to
backwards compatible (changes to spec file pending local testing)
Diffstat (limited to 'redhat')
| -rw-r--r-- | redhat/quagga.pam | 20 | ||||
| -rw-r--r-- | redhat/quagga.pam.stack | 26 |
2 files changed, 36 insertions, 10 deletions
diff --git a/redhat/quagga.pam b/redhat/quagga.pam index 8ddc2bbe3..9a91ad852 100644 --- a/redhat/quagga.pam +++ b/redhat/quagga.pam @@ -4,12 +4,12 @@ ##### if running quagga as root: # Only allow root (and possibly wheel) to use this because enable access # is unrestricted. -auth sufficient /lib/security/$ISA/pam_rootok.so +auth sufficient pam_rootok.so # Uncomment the following line to implicitly trust users in the "wheel" group. -#auth sufficient /lib/security/$ISA/pam_wheel.so trust use_uid +#auth sufficient pam_wheel.so trust use_uid # Uncomment the following line to require a user to be in the "wheel" group. -#auth required /lib/security/$ISA/pam_wheel.so use_uid +#auth required pam_wheel.so use_uid ########################################################### # If using quagga privileges and with a seperate group for vty access, then @@ -17,10 +17,10 @@ auth sufficient /lib/security/$ISA/pam_rootok.so # check for valid user/password, eg: # # only allow local users. -#auth required /lib/security/$ISA/pam_securetty.so -#auth required /lib/security/$ISA/pam_stack.so service=system-auth -#auth required /lib/security/$ISA/pam_nologin.so -#account required /lib/security/$ISA/pam_stack.so service=system-auth -#password required /lib/security/$ISA/pam_stack.so service=system-auth -#session required /lib/security/$ISA/pam_stack.so service=system-auth -#session optional /lib/security/$ISA/pam_console.so +#auth required pam_securetty.so +#auth include system-auth +#auth required pam_nologin.so +#account include system-auth +#password include system-auth +#session include system-auth +#session optional pam_console.so diff --git a/redhat/quagga.pam.stack b/redhat/quagga.pam.stack new file mode 100644 index 000000000..8ddc2bbe3 --- /dev/null +++ b/redhat/quagga.pam.stack @@ -0,0 +1,26 @@ +#%PAM-1.0 +# + +##### if running quagga as root: +# Only allow root (and possibly wheel) to use this because enable access +# is unrestricted. +auth sufficient /lib/security/$ISA/pam_rootok.so + +# Uncomment the following line to implicitly trust users in the "wheel" group. +#auth sufficient /lib/security/$ISA/pam_wheel.so trust use_uid +# Uncomment the following line to require a user to be in the "wheel" group. +#auth required /lib/security/$ISA/pam_wheel.so use_uid +########################################################### + +# If using quagga privileges and with a seperate group for vty access, then +# access can be controlled via the vty access group, and pam can simply +# check for valid user/password, eg: +# +# only allow local users. +#auth required /lib/security/$ISA/pam_securetty.so +#auth required /lib/security/$ISA/pam_stack.so service=system-auth +#auth required /lib/security/$ISA/pam_nologin.so +#account required /lib/security/$ISA/pam_stack.so service=system-auth +#password required /lib/security/$ISA/pam_stack.so service=system-auth +#session required /lib/security/$ISA/pam_stack.so service=system-auth +#session optional /lib/security/$ISA/pam_console.so |