Changeset 528

Timestamp:

Feb 14, 2010, 11:43:23 PM (14 years ago)

Author:

sebas

Message:

agrege la configuration de pam_ldap

Location:

trunk/puppet/modules/puppet-openldap/files/etc/pam.d

Files:

• common-account (modified) (1 diff)
• common-auth (modified) (1 diff)
• common-password (modified) (1 diff)
• common-session (modified) (1 diff)

trunk/puppet/modules/puppet-openldap/files/etc/pam.d/common-account

@@ -15 +15 @@
 
 # here are the per-package modules (the "Primary" block)
-account [success=1 new_authtok_reqd=done default=ignore]        pam_unix.so 
+account [success=2 new_authtok_reqd=done default=ignore]        pam_unix.so 
+account [success=1 default=ignore]      pam_ldap.so
 # here's the fallback if no module succeeds
 account requisite                       pam_deny.so

trunk/puppet/modules/puppet-openldap/files/etc/pam.d/common-auth

@@ -15 +15 @@
 
 # here are the per-package modules (the "Primary" block)
-auth    [success=1 default=ignore]      pam_unix.so nullok_secure
+auth    [success=2 default=ignore]      pam_unix.so nullok_secure
+auth    [success=1 default=ignore]      pam_ldap.so use_first_pass
 # here's the fallback if no module succeeds
 auth    requisite                       pam_deny.so

trunk/puppet/modules/puppet-openldap/files/etc/pam.d/common-password

@@ -23 +23 @@
 
 # here are the per-package modules (the "Primary" block)
-password        [success=1 default=ignore]      pam_unix.so obscure sha512
+password        requisite                       pam_cracklib.so retry=3 minlen=8 difok=3
+password        [success=2 default=ignore]      pam_unix.so obscure use_authtok try_first_pass sha512
+password        [success=1 user_unknown=ignore default=die]     pam_ldap.so use_authtok try_first_pass
 # here's the fallback if no module succeeds
 password        requisite                       pam_deny.so

trunk/puppet/modules/puppet-openldap/files/etc/pam.d/common-session

@@ -22 +22 @@
 session required                        pam_permit.so
 # and here are more per-package modules (the "Additional" block)
-session required        pam_unix.so 
+session required                        pam_unix.so 
+session optional                        pam_ldap.so
 session optional                        pam_ck_connector.so nox11
 # end of pam-auth-update config
+
+# if the home dir is not there, pam creates it with the umask provided + /etc/skel/
+session required        pam_mkhomedir.so skel=/etc/skel/ umask=0077