diff options
Diffstat (limited to 'meta/recipes-extended')
-rw-r--r-- | meta/recipes-extended/pam/libpam/pam.d/other | 15 |
1 files changed, 6 insertions, 9 deletions
diff --git a/meta/recipes-extended/pam/libpam/pam.d/other b/meta/recipes-extended/pam/libpam/pam.d/other index 6e40cd0c02..ec970ecbe0 100644 --- a/meta/recipes-extended/pam/libpam/pam.d/other +++ b/meta/recipes-extended/pam/libpam/pam.d/other @@ -6,22 +6,19 @@ #pam_open_session, the session module out of /etc/pam.d/other is #used. -#If you really want nothing to happen then use pam_permit.so or -#pam_deny.so as appropriate. - # We use pam_warn.so to generate syslog notes that the 'other' #fallback rules are being used (as a hint to suggest you should setup -#specific PAM rules for the service and aid to debugging). We then -#fall back to the system default in /etc/pam.d/common-* +#specific PAM rules for the service and aid to debugging). Then to be +#secure, deny access to all services by default. auth required pam_warn.so -auth include common-auth +auth required pam_deny.so account required pam_warn.so -account include common-account +account required pam_deny.so password required pam_warn.so -password include common-password +password required pam_deny.so session required pam_warn.so -session include common-session +session required pam_deny.so |