202ad050a8
Move ssh.pam from openssh-config to pam-config Verified below issue! When trying to login invalid password attempt 5 times using ssh, the user account is not locked out. /etc/pam.d/sshd is expected in controller node as well. Closes-Bug: #1814345 Change-Id: I8fae8782cbd491c6efe8631f04c2728a531bc4ca Signed-off-by: zhipengl <zhipengs.liu@intel.com>
25 lines
1.1 KiB
Plaintext
25 lines
1.1 KiB
Plaintext
# WRSM-1.0
|
|
|
|
auth include common-auth
|
|
account required pam_nologin.so
|
|
|
|
# SELinux needs to be the first session rule. This ensures that any
|
|
# lingering context has been cleared. Without out this it is possible
|
|
# that a module could execute code in the wrong domain.
|
|
# When the module is present, "required" would be sufficient (When SELinux
|
|
# is disabled, this returns success.)
|
|
session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so close
|
|
|
|
account include common-account
|
|
password include common-password
|
|
session optional pam_keyinit.so force revoke
|
|
session include common-session
|
|
session required pam_loginuid.so
|
|
|
|
# SELinux needs to intervene at login time to ensure that the process
|
|
# starts in the proper default security context. Only sessions which are
|
|
# intended to run in the user's context should be run after this.
|
|
# When the module is present, "required" would be sufficient (When SELinux
|
|
# is disabled, this returns success.)
|
|
session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so open
|