20 lines
910 B
Plaintext
20 lines
910 B
Plaintext
#%PAM-1.0
|
|
auth required pam_sepermit.so
|
|
auth substack password-auth
|
|
auth include postlogin
|
|
auth optional pam_ssh_add.so
|
|
# List of users to deny access to Cockpit, by default root is included.
|
|
account required pam_listfile.so item=user sense=deny file=/etc/cockpit/disallowed-users onerr=succeed
|
|
account required pam_nologin.so
|
|
account include password-auth
|
|
password include password-auth
|
|
# pam_selinux.so close should be the first session rule
|
|
session required pam_selinux.so close
|
|
session required pam_loginuid.so
|
|
# pam_selinux.so open should only be followed by sessions to be executed in the user context
|
|
session required pam_selinux.so open env_params
|
|
session optional pam_keyinit.so force revoke
|
|
session optional pam_ssh_add.so
|
|
session include password-auth
|
|
session include postlogin
|