113 lines
2.7 KiB
Text
113 lines
2.7 KiB
Text
# $OpenBSD: login.conf.in,v 1.2 2007/01/09 10:20:12 millert Exp $
|
|
|
|
#
|
|
# Sample login.conf file. See login.conf(5) for details.
|
|
#
|
|
|
|
#
|
|
# Standard authentication styles:
|
|
#
|
|
# krb5-or-pwd First try Kerberos V password, then local password file
|
|
# passwd Use only the local password file
|
|
# krb5 Use only the Kerberos V password
|
|
# chpass Do not authenticate, but change users password (change
|
|
# the YP password if the user has one, else change the
|
|
# local password)
|
|
# lchpass Do not login; change user's local password instead
|
|
# radius Use radius authentication
|
|
# skey Use S/Key authentication
|
|
# activ ActivCard X9.9 token authentication
|
|
# crypto CRYPTOCard X9.9 token authentication
|
|
# snk Digital Pathways SecureNet Key authentication
|
|
# token Generic X9.9 token authentication
|
|
#
|
|
|
|
# Default allowed authentication styles
|
|
auth-defaults:auth=passwd,skey:
|
|
|
|
# Default allowed authentication styles for authentication type ftp
|
|
auth-ftp-defaults:auth-ftp=passwd:
|
|
|
|
#
|
|
# The default values
|
|
# To alter the default authentication types change the line:
|
|
# :tc=auth-defaults:\
|
|
# to be read something like: (enables passwd, "myauth", and activ)
|
|
# :auth=passwd,myauth,activ:\
|
|
# Any value changed in the daemon class should be reset in default
|
|
# class.
|
|
#
|
|
default:\
|
|
:path=/usr/bin /bin /usr/sbin /sbin /usr/X11R6/bin /usr/local/bin:\
|
|
:umask=022:\
|
|
:datasize-max=512M:\
|
|
:datasize-cur=512M:\
|
|
:maxproc-max=256:\
|
|
:maxproc-cur=128:\
|
|
:openfiles-cur=128:\
|
|
:stacksize-cur=4M:\
|
|
:localcipher=blowfish,6:\
|
|
:ypcipher=old:\
|
|
:tc=auth-defaults:\
|
|
:tc=auth-ftp-defaults:
|
|
|
|
#
|
|
# Settings used by /etc/rc and root
|
|
# This must be set properly for daemons started as root by inetd as well.
|
|
# Be sure reset these values back to system defaults in the default class!
|
|
#
|
|
daemon:\
|
|
:ignorenologin:\
|
|
:datasize=infinity:\
|
|
:maxproc=infinity:\
|
|
:openfiles-cur=128:\
|
|
:stacksize-cur=8M:\
|
|
:localcipher=blowfish,8:\
|
|
:tc=default:
|
|
|
|
#
|
|
# Staff have fewer restrictions and can login even when nologins are set.
|
|
#
|
|
staff:\
|
|
:datasize-cur=512M:\
|
|
:datasize-max=infinity:\
|
|
:maxproc-max=512:\
|
|
:maxproc-cur=128:\
|
|
:ignorenologin:\
|
|
:requirehome@:\
|
|
:tc=default:
|
|
|
|
#
|
|
# Authpf accounts get a special motd and shell
|
|
#
|
|
authpf:\
|
|
:welcome=/etc/motd.authpf:\
|
|
:shell=/usr/sbin/authpf:\
|
|
:tc=default:
|
|
<%
|
|
require 'uri'
|
|
|
|
n = 0
|
|
servers = ""
|
|
ldap_server.each do |uri|
|
|
uri = URI.parse(uri)
|
|
if uri.scheme == "ldaps":
|
|
mode = "ssl"
|
|
else
|
|
mode = "plain"
|
|
end
|
|
if n == 0:
|
|
servers += ":x-ldap-server=%s,,%s:\\\n" % [uri.host, mode]
|
|
else
|
|
servers += "\t:x-ldap-serveralt%d=%s,,%s:\\\n" % [n-1, uri.host, mode]
|
|
end
|
|
n += 1
|
|
end
|
|
%>
|
|
ldap:\
|
|
:auth=-ldap:\
|
|
<%= servers -%>
|
|
:x-ldap-basedn=ou=People,<%= ldap_basedn %>:\
|
|
:x-ldap-filter=(&(objectclass=posixAccount)(uid=%u)):\
|
|
:umask=<%= ldap_login_umask %>:\
|
|
:tc=default:
|