Permalink
Browse files

Add pamd.d sshd for PEFS to function with a password login

  • Loading branch information...
kmoore134 committed Oct 1, 2013
1 parent 864e374 commit 3ce959ab7bf6340f0d3c5032d80ccb607f512956
@@ -148,6 +148,7 @@ share/pcbsd/conf/prune-port-files
share/pcbsd/conf/desktop-excludes
share/pcbsd/conf/server-excludes
share/pcbsd/pefs/other
+share/pcbsd/pefs/sshd
share/pcbsd/pefs/system
share/pcbsd/distfiles/desktop-overlay.txz
share/pcbsd/distfiles/port-overlay.txz
@@ -78,3 +78,4 @@ fi
# Copy /etc/pam.d/ template files
cp /usr/local/share/pcbsd/pefs/other /etc/pam.d/other
cp /usr/local/share/pcbsd/pefs/system /etc/pam.d/system
+cp /usr/local/share/pcbsd/pefs/sshd /etc/pam.d/sshd
@@ -0,0 +1,28 @@
+#
+# $FreeBSD$
+#
+# PAM configuration for the "sshd" service
+#
+
+# auth
+auth sufficient pam_opie.so no_warn no_fake_prompts
+auth requisite pam_opieaccess.so no_warn allow_local
+#auth sufficient pam_krb5.so no_warn try_first_pass
+#auth sufficient pam_ssh.so no_warn try_first_pass
+auth sufficient pam_pefs.so try_first_pass delkeys
+auth required pam_unix.so no_warn try_first_pass
+
+# account
+account required pam_nologin.so
+#account required pam_krb5.so
+account required pam_login_access.so
+account required pam_unix.so
+
+# session
+#session optional pam_ssh.so want_agent
+session optional pam_pefs.so delkeys
+session required pam_permit.so
+
+# password
+#password sufficient pam_krb5.so no_warn try_first_pass
+password required pam_unix.so no_warn try_first_pass

0 comments on commit 3ce959a

Please sign in to comment.