Cross Reference: /osnet-11/usr/src/lib/pam_modules/user_policy/conf/ldap

#
# CDDL HEADER START
#
# The contents of this file are subject to the terms of the
# Common Development and Distribution License (the "License").
# You may not use this file except in compliance with the License.
#
# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
# or http://www.opensolaris.org/os/licensing.
# See the License for the specific language governing permissions
# and limitations under the License.
#
# When distributing Covered Code, include this CDDL HEADER in each
# file and include the License file at usr/src/OPENSOLARIS.LICENSE.
# If applicable, add the following below this CDDL HEADER, with the
# fields enclosed by brackets "[]" replaced with your own identifying
# information: Portions Copyright [yyyy] [name of copyright owner]
#
# CDDL HEADER END
#
# Copyright (c) 2012, Oracle and/or its affiliates. All rights reserved.
#
# PAM configuration file for authenticating users through LDAP or through
# UNIX password-based login if the account is local (not in LDAP).
#
# Authentication management
#
#
# login service (explicit because of pam_dial_auth)
#
login   auth requisite      pam_authtok_get.so.1
login   auth required       pam_dhkeys.so.1
login   auth required       pam_dial_auth.so.1
login   auth binding        pam_unix_auth.so.1  server_policy
login   auth required       pam_unix_cred.so.1
login   auth required       pam_ldap.so.1
#
# rlogin service (explicit because of pam_rhost_auth)
#
rlogin  auth sufficient     pam_rhosts_auth.so.1
rlogin  auth requisite      pam_authtok_get.so.1
rlogin  auth required       pam_dhkeys.so.1
rlogin  auth binding        pam_unix_auth.so.1  server_policy
rlogin  auth required       pam_unix_cred.so.1
rlogin  auth required       pam_ldap.so.1
#
# Kerberized rlogin service
#
krlogin auth required       pam_unix_cred.so.1
krlogin auth required       pam_krb5.so.1
#
# rsh service (explicit because of pam_rhost_auth)
#
rsh auth sufficient     pam_rhosts_auth.so.1
rsh auth required       pam_unix_cred.so.1
#
# Kerberized rsh service
#
krsh    auth required       pam_unix_cred.so.1
krsh    auth required       pam_krb5.so.1
#
# Kerberized telnet service
#
ktelnet auth required       pam_unix_cred.so.1
ktelnet auth required       pam_krb5.so.1
#
# PPP service (explicit because of pam_dial_auth)
#
ppp auth requisite      pam_authtok_get.so.1
ppp auth required       pam_dhkeys.so.1
ppp auth required       pam_unix_cred.so.1
ppp auth required       pam_dial_auth.so.1
ppp auth binding        pam_unix_auth.so.1  server_policy
ppp auth required       pam_ldap.so.1
#
# GDM Autologin (explicit because of pam_allow).  These need to be
# here as there is no mechanism for packages to amend pam.conf as
# they are installed.
#
gdm-autologin auth  required    pam_unix_cred.so.1
gdm-autologin auth  sufficient  pam_allow.so.1
#
other   auth    requisite   pam_authtok_get.so.1
other   auth    required    pam_dhkeys.so.1
other   auth    required    pam_unix_cred.so.1
other   auth    binding     pam_unix_auth.so.1 server_policy
other   auth    required    pam_ldap.so.1
#
# Account management
#
other   account requisite   pam_roles.so.1
other   account required    pam_tsol_account.so.1
other   account binding     pam_unix_account.so.1 server_policy
other   account required    pam_ldap.so.1
#
# Password management (authentication)
#
passwd  auth    binding     pam_passwd_auth.so.1 server_policy
passwd  auth    required    pam_ldap.so.1
#
# Password management (updates)
#
other   password include    pam_authtok_common
other   password required   pam_authtok_store.so.1 server_policy
#
# Session management
#
other   session required    pam_unix_session.so.1
#
# Account management for Trusted Extensions (TX)
# These entries are required for TX environments since these services
# run in the Trusted Path and pam_tsol_account(5) isn't applicable to
# PAM sessions which run in the Trusted Path.
#
gdm     account requisite   pam_roles.so.1
gdm     account binding     pam_unix_account.so.1 server_policy
gdm     account required    pam_ldap.so.1
xscreensaver    account requisite   pam_roles.so.1
xscreensaver    account binding     pam_unix_account.so.1 server_policy
xscreensaver    account required    pam_ldap.so.1
passwd      account requisite   pam_roles.so.1
passwd      account binding     pam_unix_account.so.1 server_policy
passwd      account required    pam_ldap.so.1
dtpasswd    account requisite   pam_roles.so.1
dtpasswd    account binding     pam_unix_account.so.1 server_policy
dtpasswd    account required    pam_ldap.so.1
tsoljds-tstripe account requisite   pam_roles.so.1
tsoljds-tstripe account binding     pam_unix_account.so.1 server_policy
tsoljds-tstripe account required    pam_ldap.so.1