blob: 1390edf4a327d9032bb032dcf9584dd3bed16bde [file] [log] [blame]
paul788cdc62003-01-18 00:22:08 +00001#%PAM-1.0
2#
pauledd7c242003-06-04 13:59:38 +00003
4##### if running zebra as root:
paul788cdc62003-01-18 00:22:08 +00005# Only allow root (and possibly wheel) to use this because enable access
6# is unrestricted.
pauledd7c242003-06-04 13:59:38 +00007# auth sufficient /lib/security/pam_rootok.so
paul788cdc62003-01-18 00:22:08 +00008
paul788cdc62003-01-18 00:22:08 +00009# Uncomment the following line to implicitly trust users in the "wheel" group.
10#auth sufficient /lib/security/pam_wheel.so trust use_uid
11# Uncomment the following line to require a user to be in the "wheel" group.
12#auth required /lib/security/pam_wheel.so use_uid
pauledd7c242003-06-04 13:59:38 +000013###########################################################
14
15# If using zebra privileges and with a seperate group for vty access, then
16# access can be controlled via the vty access group, and pam can simply
17# check for valid user/password
18#
19# only allow local users.
20auth required /lib/security/pam_securetty.so
21auth required /lib/security/pam_stack.so service=system-auth
22auth required /lib/security/pam_nologin.so
23account required /lib/security/pam_stack.so service=system-auth
24password required /lib/security/pam_stack.so service=system-auth
25session required /lib/security/pam_stack.so service=system-auth
26session optional /lib/security/pam_console.so