Browse code
better pam config in readme
Greg Wiley authored on 05/05/2017 21:40:22
Showing 1 changed files
Showing 1 changed files
... | ... |
@@ -15,14 +15,20 @@ use a time-based OTP. |
15 | 15 |
- Obtain and install the RPM |
16 | 16 |
- build yourself using the code in /cjdev/dual-control-rpm |
17 | 17 |
- get it from a developer |
18 |
-- Edit the `/etc/pam.d/sudo` (CentOS 7) |
|
18 |
+- Edit the `/etc/pam.d/sudo` (this is for CentOS 7, others may be different) |
|
19 | 19 |
- replace the existing auth lines with |
20 | 20 |
``` |
21 |
+#%PAM-1.0 |
|
22 |
+# auth include system-auth |
|
21 | 23 |
auth required pam_env.so |
22 | 24 |
auth required pam_unix.so |
23 | 25 |
auth sufficient pam_dual_control.so |
24 | 26 |
auth requisite pam_succeed_if.so uid >= 1000 quiet_success |
25 | 27 |
auth required pam_deny.so |
28 |
+account include system-auth |
|
29 |
+password include system-auth |
|
30 |
+session optional pam_keyinit.so revoke |
|
31 |
+session required pam_limits.so |
|
26 | 32 |
``` |
27 | 33 |
|
28 | 34 |
## Add a dual control token |