2003-06-04 Paul Jakma <paul@dishone.st> * Merge of zebra privileges

commit: edd7c245d3a77012abf801da00d5664ebaa5f749 [log] [tgz]
author: paul <paul> Wed Jun 04 13:59:38 2003 +0000
committer: paul <paul> Wed Jun 04 13:59:38 2003 +0000
tree: d4fada229d7980fb751f28c9a979aa88de1a0af0
parent: a159ed935b580ed99111a185734ddd9c973e7691 [diff] [blame]
diff --git a/redhat/zebra.pam b/redhat/zebra.pam
index fb17f59..1390edf 100644
--- a/redhat/zebra.pam
+++ b/redhat/zebra.pam

@@ -1,10 +1,26 @@
 #%PAM-1.0
 #
+
+##### if running zebra as root:
 # Only allow root (and possibly wheel) to use this because enable access
 # is unrestricted.
+# auth       sufficient   /lib/security/pam_rootok.so
 
-auth       sufficient   /lib/security/pam_rootok.so
 # Uncomment the following line to implicitly trust users in the "wheel" group.
 #auth       sufficient   /lib/security/pam_wheel.so trust use_uid
 # Uncomment the following line to require a user to be in the "wheel" group.
 #auth       required     /lib/security/pam_wheel.so use_uid
+###########################################################
+
+# If using zebra privileges and with a seperate group for vty access, then
+# access can be controlled via the vty access group, and pam can simply
+# check for valid user/password
+#
+# only allow local users.
+auth       required     /lib/security/pam_securetty.so
+auth       required     /lib/security/pam_stack.so service=system-auth
+auth       required     /lib/security/pam_nologin.so
+account    required     /lib/security/pam_stack.so service=system-auth
+password   required     /lib/security/pam_stack.so service=system-auth
+session    required     /lib/security/pam_stack.so service=system-auth
+session    optional     /lib/security/pam_console.so
commit	edd7c245d3a77012abf801da00d5664ebaa5f749	[log] [tgz]
author	paul <paul>	Wed Jun 04 13:59:38 2003 +0000
committer	paul <paul>	Wed Jun 04 13:59:38 2003 +0000
tree	d4fada229d7980fb751f28c9a979aa88de1a0af0
parent	a159ed935b580ed99111a185734ddd9c973e7691 [diff] [blame]