paul | 788cdc6 | 2003-01-18 00:22:08 +0000 | [diff] [blame] | 1 | #%PAM-1.0 |
| 2 | # |
paul | edd7c24 | 2003-06-04 13:59:38 +0000 | [diff] [blame] | 3 | |
| 4 | ##### if running zebra as root: |
paul | 788cdc6 | 2003-01-18 00:22:08 +0000 | [diff] [blame] | 5 | # Only allow root (and possibly wheel) to use this because enable access |
| 6 | # is unrestricted. |
paul | 9abb7b7 | 2003-07-12 21:46:24 +0000 | [diff] [blame^] | 7 | auth sufficient /lib/security/pam_rootok.so |
paul | 788cdc6 | 2003-01-18 00:22:08 +0000 | [diff] [blame] | 8 | |
paul | 788cdc6 | 2003-01-18 00:22:08 +0000 | [diff] [blame] | 9 | # Uncomment the following line to implicitly trust users in the "wheel" group. |
| 10 | #auth sufficient /lib/security/pam_wheel.so trust use_uid |
| 11 | # Uncomment the following line to require a user to be in the "wheel" group. |
| 12 | #auth required /lib/security/pam_wheel.so use_uid |
paul | edd7c24 | 2003-06-04 13:59:38 +0000 | [diff] [blame] | 13 | ########################################################### |
| 14 | |
| 15 | # If using zebra privileges and with a seperate group for vty access, then |
| 16 | # access can be controlled via the vty access group, and pam can simply |
| 17 | # check for valid user/password |
| 18 | # |
| 19 | # only allow local users. |
| 20 | auth required /lib/security/pam_securetty.so |
| 21 | auth required /lib/security/pam_stack.so service=system-auth |
| 22 | auth required /lib/security/pam_nologin.so |
| 23 | account required /lib/security/pam_stack.so service=system-auth |
| 24 | password required /lib/security/pam_stack.so service=system-auth |
| 25 | session required /lib/security/pam_stack.so service=system-auth |
| 26 | session optional /lib/security/pam_console.so |