]> git.ipfire.org Git - people/amarx/ipfire-3.x.git/blobdiff - openssh/sshd.pam
projects / people / amarx / ipfire-3.x.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
openssh: Some bigger changes.
[people/amarx/ipfire-3.x.git] / openssh / sshd.pam
diff --git a/openssh/sshd.pam b/openssh/sshd.pam
index ba632dda5a92ae2f991cd4c87e0ede5bc4bbb1d2..a80e4506162b555771cd790b3537b4ee9547fdc1 100644 (file)
--- a/openssh/sshd.pam
+++ b/openssh/sshd.pam
@@ -1,9 +1,15 @@
 #%PAM-1.0
-auth       include      system-auth
-
+auth      required     pam_sepermit.so
+auth       substack     password-auth
+auth       include      postlogin
 account    required     pam_nologin.so
-account    include      system-auth
-
-password   include      system-auth
-
-session    include      system-auth
+account    include      password-auth
+password   include      password-auth
+# pam_selinux.so close should be the first session rule
+session    required     pam_selinux.so close
+session    required     pam_loginuid.so
+# pam_selinux.so open should only be followed by sessions to be executed in the user context
+session    required     pam_selinux.so open env_params
+session    optional     pam_keyinit.so force revoke
+session    include      password-auth
+session    include      postlogin
Alex's tree of IPFire 3.x