1# 2# The PAM configuration file for the Shadow `login' service 3# 4 5# Enforce a minimal delay in case of failure (in microseconds). 6# (Replaces the `FAIL_DELAY' setting from login.defs) 7# Note that other modules may require another minimal delay. (for example, 8# to disable any delay, you should add the nodelay option to pam_unix) 9auth optional pam_faildelay.so delay=3000000 10 11# Outputs an issue file prior to each login prompt (Replaces the 12# ISSUE_FILE option from login.defs). Uncomment for use 13# auth required pam_issue.so issue=/etc/issue 14 15# Disallows root logins except on tty's listed in /etc/securetty 16# (Replaces the `CONSOLE' setting from login.defs) 17# Note that it is included as a "requisite" module. No password prompts will 18# be displayed if this module fails to avoid having the root password 19# transmitted on unsecure ttys. 20# You can change it to a "required" module if you think it permits to 21# guess valid user names of your system (invalid user names are considered 22# as possibly being root). 23auth [success=ok ignore=ignore user_unknown=ignore default=die] pam_securetty.so 24 25# Disallows other than root logins when /etc/nologin exists 26# (Replaces the `NOLOGINS_FILE' option from login.defs) 27auth requisite pam_nologin.so 28 29# This module parses environment configuration file(s) 30# and also allows you to use an extended config 31# file /etc/security/pam_env.conf. 32# 33# parsing /etc/environment needs "readenv=1" 34session required pam_env.so readenv=1 35 36# Standard Un*x authentication. 37auth include common-auth 38 39# This allows certain extra groups to be granted to a user 40# based on things like time of day, tty, service, and user. 41# Please edit /etc/security/group.conf to fit your needs 42# (Replaces the `CONSOLE_GROUPS' option in login.defs) 43auth optional pam_group.so 44 45# Uncomment and edit /etc/security/time.conf if you need to set 46# time restrainst on logins. 47# (Replaces the `PORTTIME_CHECKS_ENAB' option from login.defs 48# as well as /etc/porttime) 49# account requisite pam_time.so 50 51# Uncomment and edit /etc/security/access.conf if you need to 52# set access limits. 53# (Replaces /etc/login.access file) 54# account required pam_access.so 55 56# Sets up user limits according to /etc/security/limits.conf 57# (Replaces the use of /etc/limits in old login) 58session required pam_limits.so 59 60# Prints the motd upon succesful login 61# (Replaces the `MOTD_FILE' option in login.defs) 62session optional pam_motd.so 63 64# Prints the status of the user's mailbox upon succesful login 65# (Replaces the `MAIL_CHECK_ENAB' option from login.defs). 66# 67# This also defines the MAIL environment variable 68# However, userdel also needs MAIL_DIR and MAIL_FILE variables 69# in /etc/login.defs to make sure that removing a user 70# also removes the user's mail spool file. 71# See comments in /etc/login.defs 72session optional pam_mail.so standard 73 74# Standard Un*x account and session 75account include common-account 76password include common-password 77session include common-session 78