1 files changed, 21 insertions, 0 deletions
diff --git a/meta-openstack/recipes-extended/libpam/files/common-auth b/meta-openstack/recipes-extended/libpam/files/common-auth
new file mode 100644
index 0000000..e5b429d
--- /dev/null
+++ b/meta-openstack/recipes-extended/libpam/files/common-auth
@@ -0,0 +1,21 @@
+#
+# /etc/pam.d/common-auth - authentication settings common to all services
+#
+# This file is included from other service-specific PAM config files,
+# and should contain a list of the authentication modules that define
+# the central authentication scheme for use on the system
+# (e.g., /etc/shadow, LDAP, Kerberos, etc.).  The default is to use the
+# traditional Unix authentication mechanisms.
+# here are the per-package modules (the "Primary" block)
+auth    [success=2 default=ignore]      pam_unix.so nullok_secure
+auth    [success=1 default=ignore]      pam_ldap.so minimum_uid=1000 use_first_pass
+# here's the fallback if no module succeeds
+auth    requisite                       pam_deny.so
+# prime the stack with a positive return value if there isn't one already;
+# this avoids us returning an error just because nothing sets a success code
+# since the modules above will each just jump around
+auth    required                        pam_permit.so
+# and here are more per-package modules (the "Additional" block)
+auth    optional                        pam_cap.so 
+# end of pam-auth-update config

diff --git a/meta-openstack/recipes-extended/libpam/files/common-auth b/meta-openstack/recipes-extended/libpam/files/common-auth new file mode 100644 index 0000000..e5b429d --- /dev/null +++ b/meta-openstack/recipes-extended/libpam/files/common-auth
@@ -0,0 +1,21 @@
	1	#
	2	# /etc/pam.d/common-auth - authentication settings common to all services
	3	#
	4	# This file is included from other service-specific PAM config files,
	5	# and should contain a list of the authentication modules that define
	6	# the central authentication scheme for use on the system
	7	# (e.g., /etc/shadow, LDAP, Kerberos, etc.). The default is to use the
	8	# traditional Unix authentication mechanisms.
	9
	10	# here are the per-package modules (the "Primary" block)
	11	auth [success=2 default=ignore] pam_unix.so nullok_secure
	12	auth [success=1 default=ignore] pam_ldap.so minimum_uid=1000 use_first_pass
	13	# here's the fallback if no module succeeds
	14	auth requisite pam_deny.so
	15	# prime the stack with a positive return value if there isn't one already;
	16	# this avoids us returning an error just because nothing sets a success code
	17	# since the modules above will each just jump around
	18	auth required pam_permit.so
	19	# and here are more per-package modules (the "Additional" block)
	20	auth optional pam_cap.so
	21	# end of pam-auth-update config