diff options
| author | Simon Rettberg | 2016-04-26 14:02:17 +0200 |
|---|---|---|
| committer | Simon Rettberg | 2016-04-26 14:02:17 +0200 |
| commit | cc7a265195079c63a694e24a528c444bfa6a2646 (patch) | |
| tree | db3a5b5c8e41a357bca5758669508ec870e1417b | |
| parent | [ipxe] use-cached was undocumented and has no effect anymore; use ifopen (diff) | |
| download | tmlite-bwlp-cc7a265195079c63a694e24a528c444bfa6a2646.tar.gz tmlite-bwlp-cc7a265195079c63a694e24a528c444bfa6a2646.tar.xz tmlite-bwlp-cc7a265195079c63a694e24a528c444bfa6a2646.zip | |
[ldap/ad] Add pam line for bwidm auth
| -rw-r--r-- | data/ad/common-account | 5 | ||||
| -rw-r--r-- | data/ad/common-auth | 6 |
2 files changed, 7 insertions, 4 deletions
diff --git a/data/ad/common-account b/data/ad/common-account index 5de6729..341a340 100644 --- a/data/ad/common-account +++ b/data/ad/common-account @@ -1,5 +1,6 @@ -account [success=2 new_authtok_reqd=done default=ignore] pam_unix.so -account [success=1 default=ignore] pam_sss.so use_first_pass +account [success=3 new_authtok_reqd=done default=ignore] pam_unix.so +account [success=2 new_authtok_reqd=done default=ignore] pam_exec.so quiet /opt/openslx/scripts/pam_bwidm +account [success=1 default=ignore] pam_sss.so # here's the fallback if no module succeeds account requisite pam_deny.so # prime the stack with a positive return value if there isn't one already; diff --git a/data/ad/common-auth b/data/ad/common-auth index 2fb9810..f7e97a5 100644 --- a/data/ad/common-auth +++ b/data/ad/common-auth @@ -1,6 +1,8 @@ -auth [success=2 default=ignore] pam_unix.so nullok_secure -auth [success=1 default=ignore] pam_sss.so use_first_pass +auth [success=4 default=ignore] pam_unix.so nodelay +auth [success=3 default=ignore] pam_exec.so quiet expose_authtok /opt/openslx/scripts/pam_bwidm +auth [success=2 default=ignore] pam_sss.so use_first_pass # here's the fallback if no module succeeds +auth optional pam_faildelay.so delay=2123123 auth requisite pam_deny.so auth optional pam_script.so expose=1 # prime the stack with a positive return value if there isn't one already; |