#%PAM-1.0 # This file is auto-generated. # User changes will be destroyed the next time authconfig is run. # Make note of the following settings. Authconfig doesn't add everything # you need to make this all work. (I should file a bug report) # Note also that even tho I have pam_mkhomedir here, it doesn't really # work! Well, it does, but not the way you expect it to. For example, if # you log in, pam_mkhomedir will try to make your directory in # /home/DOMAIN/username. But because some of these processes (ssh, etc) # stop running as root by the time pam_mkhomedir is called, pam_mkhomedir # doesn't have permission to create the directory!! ARGH. So, do yourself # a favour for now and create the /home/DOMAIN director and open it up # so that a normal user can create his/her directory. This is stupid, I know. auth required /lib/security/$ISA/pam_env.so auth sufficient /lib/security/$ISA/pam_unix.so likeauth nullok auth sufficient /lib/security/$ISA/pam_krb5.so use_first_pass auth sufficient /lib/security/$ISA/pam_winbind.so use_first_pass auth required /lib/security/$ISA/pam_deny.so account required /lib/security/$ISA/pam_unix.so broken_shadow account sufficient /lib/security/$ISA/pam_succeed_if.so uid < 100 quiet account [default=bad success=ok user_unknown=ignore] /lib/security/$ISA/pam_krb5.so account [default=bad success=ok user_unknown=ignore] /lib/security/$ISA/pam_winbind.so account required /lib/security/$ISA/pam_permit.so password requisite /lib/security/$ISA/pam_cracklib.so retry=3 password sufficient /lib/security/$ISA/pam_unix.so nullok use_authtok md5 shadow password sufficient /lib/security/$ISA/pam_krb5.so use_authtok password sufficient /lib/security/$ISA/pam_winbind.so use_authtok password required /lib/security/$ISA/pam_deny.so session required /lib/security/$ISA/pam_limits.so session required /lib/security/$ISA/pam_unix.so session optional /lib/security/$ISA/pam_krb5.so session required pam_mkhomedir.so skel=/etc/skel umask=0077