Browse code
better pam config in readme
Greg Wiley authored on 05/05/2017 21:40:22Showing 1 changed files
| ... | ... |
@@ -15,14 +15,20 @@ use a time-based OTP. |
| 15 | 15 |
- Obtain and install the RPM |
| 16 | 16 |
- build yourself using the code in /cjdev/dual-control-rpm |
| 17 | 17 |
- get it from a developer |
| 18 |
-- Edit the `/etc/pam.d/sudo` (CentOS 7) |
|
| 18 |
+- Edit the `/etc/pam.d/sudo` (this is for CentOS 7, others may be different) |
|
| 19 | 19 |
- replace the existing auth lines with |
| 20 | 20 |
``` |
| 21 |
+#%PAM-1.0 |
|
| 22 |
+# auth include system-auth |
|
| 21 | 23 |
auth required pam_env.so |
| 22 | 24 |
auth required pam_unix.so |
| 23 | 25 |
auth sufficient pam_dual_control.so |
| 24 | 26 |
auth requisite pam_succeed_if.so uid >= 1000 quiet_success |
| 25 | 27 |
auth required pam_deny.so |
| 28 |
+account include system-auth |
|
| 29 |
+password include system-auth |
|
| 30 |
+session optional pam_keyinit.so revoke |
|
| 31 |
+session required pam_limits.so |
|
| 26 | 32 |
``` |
| 27 | 33 |
|
| 28 | 34 |
## Add a dual control token |