Pam configuration files from FreeBSD; perl script not imported.

etc/pam.d/Makefile

@@ -0,0 +1,11 @@
+# $FreeBSD: src/etc/pam.d/Makefile,v 1.11 2004/10/24 15:32:24 ru Exp $
+
+NOOBJ=
+FILES=	README ftpd gdm imap kde login other passwd pop3 \
+	rexecd rsh sshd su system telnetd xdm
+FILESDIR=	/etc/pam.d
+FILESMODE=	644
+FILESMODE_README=	444
+LINKS=	${FILESDIR}/ftpd ${FILESDIR}/ftp
+
+.include <bsd.prog.mk>

etc/pam.d/README

@@ -0,0 +1,62 @@
+
+This directory contains configuration files for the Pluggable
+Authentication Modules (PAM) library.
+
+Each file details the module chain for a single service, and must be
+named after that service.  If no configuration file is found for a
+particular service, the /etc/pam.d/other is used instead.  If that
+file does not exist, /etc/pam.conf is searched for entries matching
+the specified service or, failing that, the "other" service.
+
+See the pam(8) manual page for an explanation of the workings of the
+PAM library and descriptions of the various files and modules.  Below
+is a summary of the format for the pam.conf and /etc/pam.d/* files.
+
+Configuration lines take the following form:
+
+module-type	control-flag	module-path	arguments
+
+Comments are introduced with a hash mark ('#').  Blank lines and lines
+consisting entirely of comments are ignored.
+
+The meanings of the different fields are as follows:
+
+ module-type:
+   auth:      prompt for a password to authenticate that the user is
+              who they say they are, and set any credentials.
+   account:   non-authentication based authorization, based on time,
+              resources, etc.
+   session:   housekeeping before and/or after login.
+   password:  update authentication tokens.
+
+ control-flag: How libpam handles success or failure of the module.
+   required:   success is required; on failure all remaining
+               modules are run, but the request will be denied.
+   requisite:  success is required, and on failure no remaining
+               modules are run.
+   sufficient: success is sufficient, and if no previous required
+               module failed, no remaining modules are run.
+   binding:    success is sufficient; on failure all remaining
+               modules are run, but the request will be denied.
+   optional:   ignored unless the other modules return PAM_IGNORE.
+
+ arguments: Module-specific options, plus some generic ones:
+   debug:           syslog debug info.
+   no_warn:         return no warning messages to the application.
+                    Remove this to feed back to the user the
+                    reason(s) they are being rejected.
+   use_first_pass:  try authentication using password from the
+                    preceding auth module.
+   try_first_pass:  first try authentication using password from
+                    the preceding auth module, and if that fails
+                    prompt for a new password.
+   use_mapped_pass: convert cleartext password to a crypto key.
+   expose_account:  allow printing more info about the user when
+                    prompting.
+
+Note that having a "sufficient" module as the last entry for a
+particular service and module type may result in surprising behaviour.
+To get the intended semantics, add a "required" entry listing the
+pam_deny module at the end of the chain.
+
+$FreeBSD: src/etc/pam.d/README,v 1.5 2004/06/06 11:46:29 schweikh Exp $

etc/pam.d/ftpd

@@ -0,0 +1,20 @@
+#
+# $FreeBSD: src/etc/pam.d/ftpd,v 1.18 2003/04/30 21:57:54 markm Exp $
+#
+# PAM configuration for the "ftpd" service
+#
+
+# auth
+auth		required	pam_nologin.so		no_warn
+auth		sufficient	pam_opie.so		no_warn no_fake_prompts
+auth		requisite	pam_opieaccess.so	no_warn allow_local
+#auth		sufficient	pam_krb5.so		no_warn
+#auth           sufficient      pam_ssh.so		no_warn try_first_pass
+auth		required	pam_unix.so		no_warn try_first_pass
+
+# account
+#account 	required	pam_krb5.so
+account		required	pam_unix.so
+
+# session
+session		required	pam_permit.so

etc/pam.d/gdm

@@ -0,0 +1,19 @@
+#
+# $FreeBSD: src/etc/pam.d/gdm,v 1.7 2003/04/30 21:57:54 markm Exp $
+#
+# PAM configuration for the "gdm" service
+#
+
+# auth
+auth		required	pam_nologin.so		no_warn
+#auth		sufficient	pam_krb5.so		no_warn try_first_pass
+#auth		sufficient	pam_ssh.so		no_warn try_first_pass
+auth		required	pam_unix.so		no_warn try_first_pass
+
+# account
+#account 	required	pam_krb5.so
+account		required	pam_unix.so
+
+# session
+#session 	optional	pam_ssh.so
+session		required	pam_permit.so

etc/pam.d/imap

@@ -0,0 +1,11 @@
+#
+# $FreeBSD: src/etc/pam.d/imap,v 1.5 2003/03/08 09:50:11 markm Exp $
+#
+# PAM configuration for the "imap" service
+#
+
+# auth
+#auth		required	pam_nologin.so		no_warn
+#auth		sufficient	pam_krb5.so		no_warn try_first_pass
+#auth		sufficient	pam_ssh.so		no_warn try_first_pass
+auth		required	pam_unix.so		no_warn try_first_pass

etc/pam.d/kde

@@ -0,0 +1,19 @@
+#
+# $FreeBSD: src/etc/pam.d/kde,v 1.6 2003/04/30 21:57:54 markm Exp $
+#
+# PAM configuration for the "kde" service
+#
+
+# auth
+auth		required	pam_nologin.so		no_warn
+#auth		sufficient	pam_krb5.so		no_warn try_first_pass
+#auth		sufficient	pam_ssh.so		no_warn try_first_pass
+auth		required	pam_unix.so		no_warn try_first_pass
+
+# account
+#account 	required	pam_krb5.so
+account		required	pam_unix.so
+
+# session
+#session 	optional	pam_ssh.so
+session		required	pam_permit.so

etc/pam.d/login

@@ -0,0 +1,20 @@
+#
+# $FreeBSD: src/etc/pam.d/login,v 1.16 2003/06/14 12:35:05 des Exp $
+#
+# PAM configuration for the "login" service
+#
+
+# auth
+auth		required	pam_nologin.so		no_warn
+auth		sufficient	pam_self.so		no_warn
+auth		include		system
+
+# account
+account		requisite	pam_securetty.so
+account		include		system
+
+# session
+session		include		system
+
+# password
+password	include		system

etc/pam.d/other

@@ -0,0 +1,25 @@
+#
+# $FreeBSD: src/etc/pam.d/other,v 1.10 2003/04/30 21:57:54 markm Exp $
+#
+# PAM configuration for the "other" service
+#
+
+# auth
+auth		required	pam_nologin.so		no_warn
+auth		sufficient	pam_opie.so		no_warn no_fake_prompts
+auth		requisite	pam_opieaccess.so	no_warn allow_local
+#auth		sufficient	pam_krb5.so		no_warn try_first_pass
+#auth		sufficient	pam_ssh.so		no_warn try_first_pass
+auth		required	pam_unix.so		no_warn try_first_pass
+
+# account
+#account 	required	pam_krb5.so
+account		required	pam_login_access.so
+account		required	pam_unix.so
+
+# session
+#session 	optional	pam_ssh.so
+session		required	pam_permit.so
+
+# password
+password	required	pam_permit.so

etc/pam.d/passwd

@@ -0,0 +1,11 @@
+#
+# $FreeBSD: src/etc/pam.d/passwd,v 1.3 2003/04/24 12:22:42 des Exp $
+#
+# PAM configuration for the "passwd" service
+#
+
+# passwd(1) does not use the auth, account or session services.
+
+# password
+#password	requisite	pam_passwdqc.so		enforce=users
+password	required	pam_unix.so		no_warn try_first_pass nullok

etc/pam.d/pop3

@@ -0,0 +1,11 @@
+#
+# $FreeBSD: src/etc/pam.d/pop3,v 1.5 2003/03/08 09:50:11 markm Exp $
+#
+# PAM configuration for the "pop3" service
+#
+
+# auth
+#auth		required	pam_nologin.so		no_warn
+#auth		sufficient	pam_krb5.so		no_warn try_first_pass
+#auth		sufficient	pam_ssh.so		no_warn try_first_pass
+auth		required	pam_unix.so		no_warn try_first_pass

etc/pam.d/rexecd

@@ -0,0 +1,19 @@
+#
+# $FreeBSD: src/etc/pam.d/rexecd,v 1.2 2003/02/10 00:50:03 des Exp $
+#
+# PAM configuration for the "rexecd" service
+#
+
+# auth
+auth		required	pam_nologin.so		no_warn
+auth		required	pam_unix.so		no_warn use_first_pass
+
+# account
+account		required	pam_ftpusers.so		no_warn disallow
+account		required	pam_unix.so		no_warn
+
+# session
+session		required	pam_permit.so
+
+# password
+password	required	pam_deny.so

etc/pam.d/rsh

@@ -0,0 +1,18 @@
+#
+# $FreeBSD: src/etc/pam.d/rsh,v 1.5 2003/02/10 00:50:03 des Exp $
+#
+# PAM configuration for the "rsh" service
+#
+
+# auth
+auth		required	pam_nologin.so		no_warn
+auth		required	pam_rhosts.so		no_warn
+
+# account
+account		required	pam_unix.so
+
+# session
+session		required	pam_permit.so
+
+# password
+password	required	pam_deny.so

etc/pam.d/sshd

@@ -0,0 +1,26 @@
+#
+# $FreeBSD: src/etc/pam.d/sshd,v 1.15 2003/04/30 21:57:54 markm Exp $
+#
+# PAM configuration for the "sshd" service
+#
+
+# auth
+auth		required	pam_nologin.so		no_warn
+auth		sufficient	pam_opie.so		no_warn no_fake_prompts
+auth		requisite	pam_opieaccess.so	no_warn allow_local
+#auth		sufficient	pam_krb5.so		no_warn try_first_pass
+#auth		sufficient	pam_ssh.so		no_warn try_first_pass
+auth		required	pam_unix.so		no_warn try_first_pass
+
+# account
+#account 	required	pam_krb5.so
+account		required	pam_login_access.so
+account		required	pam_unix.so
+
+# session
+#session 	optional	pam_ssh.so
+session		required	pam_permit.so
+
+# password
+#password	sufficient	pam_krb5.so		no_warn try_first_pass
+password	required	pam_unix.so		no_warn try_first_pass

etc/pam.d/su

@@ -0,0 +1,17 @@
+#
+# $FreeBSD: src/etc/pam.d/su,v 1.16 2003/07/09 18:40:49 des Exp $
+#
+# PAM configuration for the "su" service
+#
+
+# auth
+auth		sufficient	pam_rootok.so		no_warn
+auth		sufficient	pam_self.so		no_warn
+auth		requisite	pam_group.so		no_warn group=wheel root_only fail_safe
+auth		include		system
+
+# account
+account		include		system
+
+# session
+session		required	pam_permit.so

etc/pam.d/system

@@ -0,0 +1,25 @@
+#
+# $FreeBSD: src/etc/pam.d/system,v 1.1 2003/06/14 12:35:05 des Exp $
+#
+# System-wide defaults
+#
+
+# auth
+auth		sufficient	pam_opie.so		no_warn no_fake_prompts
+auth		requisite	pam_opieaccess.so	no_warn allow_local
+#auth		sufficient	pam_krb5.so		no_warn try_first_pass
+#auth		sufficient	pam_ssh.so		no_warn try_first_pass
+auth		required	pam_unix.so		no_warn try_first_pass nullok
+
+# account
+#account 	required	pam_krb5.so
+account		required	pam_login_access.so
+account		required	pam_unix.so
+
+# session
+#session 	optional	pam_ssh.so
+session		required	pam_lastlog.so		no_fail
+
+# password
+#password	sufficient	pam_krb5.so		no_warn try_first_pass
+password	required	pam_unix.so		no_warn try_first_pass

etc/pam.d/telnetd

@@ -0,0 +1,26 @@
+#
+# $FreeBSD: src/etc/pam.d/telnetd,v 1.7 2003/04/30 21:57:54 markm Exp $
+#
+# PAM configuration for the "telnetd" service
+#
+
+# auth
+auth		required	pam_nologin.so		no_warn
+auth		sufficient	pam_opie.so		no_warn no_fake_prompts
+auth		requisite	pam_opieaccess.so	no_warn allow_local
+#auth		sufficient	pam_krb5.so		no_warn try_first_pass
+#auth		sufficient	pam_ssh.so		no_warn try_first_pass
+auth		required	pam_unix.so		no_warn try_first_pass
+
+# account
+#account 	required	pam_krb5.so
+account		required	pam_login_access.so
+account		required	pam_unix.so
+
+# session
+#session 	optional	pam_ssh.so
+session		required	pam_lastlog.so		no_fail
+
+# password
+#password	sufficient	pam_krb5.so		no_warn try_first_pass
+password	required	pam_unix.so		no_warn try_first_pass

etc/pam.d/xdm

@@ -0,0 +1,22 @@
+#
+# $FreeBSD: src/etc/pam.d/xdm,v 1.9 2004/02/20 21:59:51 des Exp $
+#
+# PAM configuration for the "xdm" service
+#
+
+# auth
+auth		required	pam_nologin.so		no_warn
+#auth		sufficient	pam_krb5.so		no_warn try_first_pass
+#auth		sufficient	pam_ssh.so		no_warn try_first_pass
+auth		required	pam_unix.so		no_warn try_first_pass
+
+# account
+#account 	required	pam_krb5.so
+account		required	pam_unix.so
+
+# session
+#session 	required	pam_ssh.so		want_agent
+session		required	pam_permit.so
+
+# password
+password	required	pam_deny.so