1*4882a593Smuzhiyun# 2*4882a593Smuzhiyun# /etc/pam.d/common-auth - authentication settings common to all services 3*4882a593Smuzhiyun# 4*4882a593Smuzhiyun# This file is included from other service-specific PAM config files, 5*4882a593Smuzhiyun# and should contain a list of the authentication modules that define 6*4882a593Smuzhiyun# the central authentication scheme for use on the system 7*4882a593Smuzhiyun# (e.g., /etc/shadow, LDAP, Kerberos, etc.). The default is to use the 8*4882a593Smuzhiyun# traditional Unix authentication mechanisms. 9*4882a593Smuzhiyun 10*4882a593Smuzhiyun# here are the per-package modules (the "Primary" block) 11*4882a593Smuzhiyunauth [success=1 default=ignore] pam_unix.so nullok_secure 12*4882a593Smuzhiyun# here's the fallback if no module succeeds 13*4882a593Smuzhiyunauth requisite pam_deny.so 14*4882a593Smuzhiyun# prime the stack with a positive return value if there isn't one already; 15*4882a593Smuzhiyun# this avoids us returning an error just because nothing sets a success code 16*4882a593Smuzhiyun# since the modules above will each just jump around 17*4882a593Smuzhiyunauth required pam_permit.so 18*4882a593Smuzhiyun# and here are more per-package modules (the "Additional" block) 19