#ident $Id: pam.conf,v 1.3 2005/10/29 01:07:48 lukeh Exp $ # # Authentication management # # # This implements the following authentication policy: # # Local authentication is authoritative for local users # # LDAP authentication is required unless unavailable # # If LDAP authentication is unavailable, then cached # credentials will be used to authenticate # # If LDAP authentication succeeded, then the cached # credentials will be updated with a hash of the # authentication token # # If LDAP authentication failed for any other reason, # then cached credentials will be deleted if they # matched the authentication token other auth [user_unknown=ignore default=done] \ /lib/security/pam_unix.so other auth [authinfo_unavail=ignore success=1 default=2] \ /lib/security/pam_ldap.so try_first_pass other auth [default=done] /lib/security/pam_ccreds.so action=validate use_first_pass other auth [default=done] /lib/security/pam_ccreds.so action=store other auth [default=bad] /lib/security/pam_ccreds.so action=update # # Account management # # # This implements the following authorization policy: # # Local authorization is authoritative for local users # # LDAP authorization is required if available # # If LDAP authorization is unavailable, then the user # is allowed to login (we do not presently support # caching of authorization information) # other account [user_unknown=ignore default=done] /lib/security/pam_unix.so other account [authinfo_unavail=ignore default=done] /lib/security/pam_ldap.so other account [default=done] /lib/security/pam_permit.so # # Session management # other session required /lib/security/pam_unix.so # # Password management # other password required /lib/security/pam_ldap.so #other password required /lib/security/pam_unix.so