head	1.19;
access;
symbols
	RELENG_8_4:1.19.0.2
	RELENG_9_1_0_RELEASE:1.18.2.1.4.2
	RELENG_9_1:1.18.2.1.0.4
	RELENG_9_1_BP:1.18.2.1
	RELENG_8_3_0_RELEASE:1.16.10.1.8.1
	RELENG_8_3:1.16.10.1.0.8
	RELENG_8_3_BP:1.16.10.1
	RELENG_9_0_0_RELEASE:1.18.2.1.2.1
	RELENG_9_0:1.18.2.1.0.2
	RELENG_9_0_BP:1.18.2.1
	RELENG_9:1.18.0.2
	RELENG_9_BP:1.18
	RELENG_7_4_0_RELEASE:1.16.14.1
	RELENG_8_2_0_RELEASE:1.16.10.1.6.1
	RELENG_7_4:1.16.0.14
	RELENG_7_4_BP:1.16
	RELENG_8_2:1.16.10.1.0.6
	RELENG_8_2_BP:1.16.10.1
	RELENG_8_1_0_RELEASE:1.16.10.1.4.1
	RELENG_8_1:1.16.10.1.0.4
	RELENG_8_1_BP:1.16.10.1
	RELENG_7_3_0_RELEASE:1.16.12.1
	RELENG_7_3:1.16.0.12
	RELENG_7_3_BP:1.16
	RELENG_8_0_0_RELEASE:1.16.10.1.2.1
	RELENG_8_0:1.16.10.1.0.2
	RELENG_8_0_BP:1.16.10.1
	RELENG_8:1.16.0.10
	RELENG_8_BP:1.16
	RELENG_7_2_0_RELEASE:1.16.8.1
	RELENG_7_2:1.16.0.8
	RELENG_7_2_BP:1.16
	RELENG_7_1_0_RELEASE:1.16.6.1
	RELENG_6_4_0_RELEASE:1.15.12.1.4.1
	RELENG_7_1:1.16.0.6
	RELENG_7_1_BP:1.16
	RELENG_6_4:1.15.12.1.0.4
	RELENG_6_4_BP:1.15.12.1
	RELENG_7_0_0_RELEASE:1.16
	RELENG_6_3_0_RELEASE:1.15.12.1
	RELENG_7_0:1.16.0.4
	RELENG_7_0_BP:1.16
	RELENG_6_3:1.15.12.1.0.2
	RELENG_6_3_BP:1.15.12.1
	RELENG_7:1.16.0.2
	RELENG_7_BP:1.16
	RELENG_6_2_0_RELEASE:1.15
	RELENG_6_2:1.15.0.20
	RELENG_6_2_BP:1.15
	RELENG_5_5_0_RELEASE:1.15
	RELENG_5_5:1.15.0.18
	RELENG_5_5_BP:1.15
	RELENG_6_1_0_RELEASE:1.15
	RELENG_6_1:1.15.0.16
	RELENG_6_1_BP:1.15
	RELENG_6_0_0_RELEASE:1.15
	RELENG_6_0:1.15.0.14
	RELENG_6_0_BP:1.15
	RELENG_6:1.15.0.12
	RELENG_6_BP:1.15
	RELENG_5_4_0_RELEASE:1.15
	RELENG_5_4:1.15.0.10
	RELENG_5_4_BP:1.15
	RELENG_5_3_0_RELEASE:1.15
	RELENG_5_3:1.15.0.8
	RELENG_5_3_BP:1.15
	RELENG_5:1.15.0.6
	RELENG_5_BP:1.15
	RELENG_5_2_1_RELEASE:1.15
	RELENG_5_2_0_RELEASE:1.15
	RELENG_5_2:1.15.0.4
	RELENG_5_2_BP:1.15
	RELENG_5_1_0_RELEASE:1.15
	RELENG_5_1:1.15.0.2
	RELENG_5_1_BP:1.15
	RELENG_5_0_0_RELEASE:1.9
	RELENG_5_0:1.9.0.2
	RELENG_5_0_BP:1.9;
locks; strict;
comment	@# @;


1.19
date	2012.11.17.01.49.03;	author svnexp;	state Exp;
branches
	1.19.2.1;
next	1.18;

1.18
date	2009.10.05.09.28.54;	author des;	state Exp;
branches
	1.18.2.1;
next	1.17;

1.17
date	2009.10.05.09.26.22;	author des;	state Exp;
branches;
next	1.16;

1.16
date	2007.06.10.18.57.20;	author yar;	state Exp;
branches
	1.16.2.1
	1.16.6.1
	1.16.8.1
	1.16.10.1
	1.16.12.1
	1.16.14.1;
next	1.15;

1.15
date	2003.04.30.21.57.54;	author markm;	state Exp;
branches
	1.15.12.1;
next	1.14;

1.14
date	2003.03.08.09.50.11;	author markm;	state Exp;
branches;
next	1.13;

1.13
date	2003.02.16.13.02.39;	author des;	state Exp;
branches;
next	1.12;

1.12
date	2003.02.10.00.50.03;	author des;	state Exp;
branches;
next	1.11;

1.11
date	2003.02.03.14.45.02;	author des;	state Exp;
branches;
next	1.10;

1.10
date	2003.02.02.18.41.26;	author des;	state Exp;
branches;
next	1.9;

1.9
date	2002.12.03.15.48.11;	author des;	state Exp;
branches;
next	1.8;

1.8
date	2002.07.07.10.00.43;	author des;	state Exp;
branches;
next	1.7;

1.7
date	2002.06.19.20.00.43;	author des;	state Exp;
branches;
next	1.6;

1.6
date	2002.05.08.00.33.02;	author des;	state Exp;
branches;
next	1.5;

1.5
date	2002.04.18.17.40.27;	author des;	state Exp;
branches;
next	1.4;

1.4
date	2002.04.15.02.46.24;	author des;	state Exp;
branches;
next	1.3;

1.3
date	2002.03.26.12.52.27;	author ru;	state Exp;
branches;
next	1.2;

1.2
date	2001.12.05.21.26.00;	author des;	state Exp;
branches;
next	1.1;

1.1
date	2001.12.05.21.06.21;	author des;	state Exp;
branches;
next	;

1.19.2.1
date	2012.11.17.01.49.03;	author svnexp;	state dead;
branches;
next	1.19.2.2;

1.19.2.2
date	2013.03.28.13.02.42;	author svnexp;	state Exp;
branches;
next	;

1.18.2.1
date	2011.09.23.00.51.37;	author kensmith;	state Exp;
branches
	1.18.2.1.2.1
	1.18.2.1.4.1;
next	1.18.2.2;

1.18.2.2
date	2012.11.17.11.36.11;	author svnexp;	state Exp;
branches;
next	;

1.18.2.1.2.1
date	2011.11.11.04.20.22;	author kensmith;	state Exp;
branches;
next	1.18.2.1.2.2;

1.18.2.1.2.2
date	2012.11.17.08.36.11;	author svnexp;	state Exp;
branches;
next	;

1.18.2.1.4.1
date	2012.08.05.23.54.33;	author kensmith;	state Exp;
branches;
next	1.18.2.1.4.2;

1.18.2.1.4.2
date	2012.11.17.08.47.00;	author svnexp;	state Exp;
branches;
next	;

1.16.2.1
date	2012.11.17.08.01.18;	author svnexp;	state Exp;
branches;
next	;

1.16.6.1
date	2008.11.25.02.59.29;	author kensmith;	state Exp;
branches;
next	;

1.16.8.1
date	2009.04.15.03.14.26;	author kensmith;	state Exp;
branches;
next	;

1.16.10.1
date	2009.08.03.08.13.06;	author kensmith;	state Exp;
branches
	1.16.10.1.2.1
	1.16.10.1.4.1
	1.16.10.1.6.1
	1.16.10.1.8.1;
next	1.16.10.2;

1.16.10.2
date	2012.11.17.10.35.56;	author svnexp;	state Exp;
branches;
next	;

1.16.10.1.2.1
date	2009.10.25.01.10.29;	author kensmith;	state Exp;
branches;
next	;

1.16.10.1.4.1
date	2010.06.14.02.09.06;	author kensmith;	state Exp;
branches;
next	;

1.16.10.1.6.1
date	2010.12.21.17.09.25;	author kensmith;	state Exp;
branches;
next	;

1.16.10.1.8.1
date	2012.03.03.06.15.13;	author kensmith;	state Exp;
branches;
next	1.16.10.1.8.2;

1.16.10.1.8.2
date	2012.11.17.08.24.38;	author svnexp;	state Exp;
branches;
next	;

1.16.12.1
date	2010.02.10.00.26.20;	author kensmith;	state Exp;
branches;
next	;

1.16.14.1
date	2010.12.21.17.10.29;	author kensmith;	state Exp;
branches;
next	1.16.14.2;

1.16.14.2
date	2012.11.17.08.16.37;	author svnexp;	state Exp;
branches;
next	;

1.15.12.1
date	2007.08.17.11.28.25;	author yar;	state Exp;
branches
	1.15.12.1.4.1;
next	1.15.12.2;

1.15.12.2
date	2012.11.17.07.39.04;	author svnexp;	state Exp;
branches;
next	;

1.15.12.1.4.1
date	2008.10.02.02.57.24;	author kensmith;	state Exp;
branches;
next	;


desc
@@


1.19
log
@Switching exporter and resync
@
text
@#
# $FreeBSD: head/etc/pam.d/sshd 197769 2009-10-05 09:28:54Z des $
#
# PAM configuration for the "sshd" service
#

# auth
auth		sufficient	pam_opie.so		no_warn no_fake_prompts
auth		requisite	pam_opieaccess.so	no_warn allow_local
#auth		sufficient	pam_krb5.so		no_warn try_first_pass
#auth		sufficient	pam_ssh.so		no_warn try_first_pass
auth		required	pam_unix.so		no_warn try_first_pass

# account
account		required	pam_nologin.so
#account	required	pam_krb5.so
account		required	pam_login_access.so
account		required	pam_unix.so

# session
#session	optional	pam_ssh.so		want_agent
session		required	pam_permit.so

# password
#password	sufficient	pam_krb5.so		no_warn try_first_pass
password	required	pam_unix.so		no_warn try_first_pass
@


1.19.2.1
log
@file sshd was added on branch RELENG_8_4 on 2013-03-28 13:02:42 +0000
@
text
@d1 26
@


1.19.2.2
log
@## SVN ## Exported commit - http://svnweb.freebsd.org/changeset/base/248810
## SVN ## CVS IS DEPRECATED: http://wiki.freebsd.org/CvsIsDeprecated
@
text
@a0 26
#
# $FreeBSD: releng/8.4/etc/pam.d/sshd 170510 2007-06-10 18:57:20Z yar $
#
# PAM configuration for the "sshd" service
#

# auth
auth		sufficient	pam_opie.so		no_warn no_fake_prompts
auth		requisite	pam_opieaccess.so	no_warn allow_local
#auth		sufficient	pam_krb5.so		no_warn try_first_pass
#auth		sufficient	pam_ssh.so		no_warn try_first_pass
auth		required	pam_unix.so		no_warn try_first_pass

# account
account		required	pam_nologin.so
#account 	required	pam_krb5.so
account		required	pam_login_access.so
account		required	pam_unix.so

# session
#session 	optional	pam_ssh.so
session		required	pam_permit.so

# password
#password	sufficient	pam_krb5.so		no_warn try_first_pass
password	required	pam_unix.so		no_warn try_first_pass
@


1.18
log
@SVN rev 197769 on 2009-10-05 09:28:54Z by des

tabify

MFC after:	3 weeks
@
text
@d2 1
a2 1
# $FreeBSD$
@


1.18.2.1
log
@SVN rev 225736 on 2011-09-23 00:51:37Z by kensmith

Copy head to stable/9 as part of 9.0-RELEASE release cycle.

Approved by:	re (implicit)
@
text
@@


1.18.2.2
log
@## SVN ##
## SVN ## Exported commit - http://svnweb.freebsd.org/changeset/base/ 242902
## SVN ## CVS IS DEPRECATED: http://wiki.freebsd.org/CvsIsDeprecated
## SVN ##
## SVN ## ------------------------------------------------------------------------
## SVN ## r242902 | dteske | 2012-11-11 23:29:45 +0000 (Sun, 11 Nov 2012) | 10 lines
## SVN ##
## SVN ## Fix a regression introduced by SVN r211417 that saw the breakage of a feature
## SVN ## documented in usr.sbin/sysinstall/help/shortcuts.hlp (reproduced below):
## SVN ##
## SVN ## If /usr/sbin/sysinstall is linked to another filename, say
## SVN ## `/usr/local/bin/configPackages', then the basename will be used
## SVN ## as an implicit command name.
## SVN ##
## SVN ## Reviewed by:	adrian (co-mentor)
## SVN ## Approved by:	adrian (co-mentor)
## SVN ##
## SVN ## ------------------------------------------------------------------------
## SVN ##
@
text
@d2 1
a2 1
# $FreeBSD: stable/9/etc/pam.d/sshd 197769 2009-10-05 09:28:54Z des $
@


1.18.2.1.4.1
log
@SVN rev 239080 on 2012-08-05 23:54:33Z by kensmith

Copy stable/9 to releng/9.1 as part of the 9.1-RELEASE release process.

Approved by:	re (implicit)
@
text
@@


1.18.2.1.4.2
log
@Switch importer
@
text
@d2 1
a2 1
# $FreeBSD: releng/9.1/etc/pam.d/sshd 197769 2009-10-05 09:28:54Z des $
@


1.18.2.1.2.1
log
@SVN rev 227445 on 2011-11-11 04:20:22Z by kensmith

Copy stable/9 to releng/9.0 as part of the FreeBSD 9.0-RELEASE release
cycle.

Approved by:	re (implicit)
@
text
@@


1.18.2.1.2.2
log
@Switch importer
@
text
@d2 1
a2 1
# $FreeBSD: releng/9.0/etc/pam.d/sshd 197769 2009-10-05 09:28:54Z des $
@


1.17
log
@SVN rev 197768 on 2009-10-05 09:26:22Z by des

Change the pam_ssh examples: if you use it, you probably want want_agent.

MFC after:	3 weeks
@
text
@d16 1
a16 1
#account 	required	pam_krb5.so
d21 1
a21 1
#session 	optional	pam_ssh.so		want_agent
@


1.16
log
@Now pam_nologin(8) will provide an account management function
instead of an authentication function.  There are a design reason
and a practical reason for that.  First, the module belongs in
account management because it checks availability of the account
and does no authentication.  Second, there are existing and potential
PAM consumers that skip PAM authentication for good or for bad.
E.g., sshd(8) just prefers internal routines for public key auth;
OTOH, cron(8) and atrun(8) do implicit authentication when running
a job on behalf of its owner, so their inability to use PAM auth
is fundamental, but they can benefit from PAM account management.

Document this change in the manpage.

Modify /etc/pam.d files accordingly, so that pam_nologin.so is listed
under the "account" function class.

Bump __FreeBSD_version (mostly for ports, as this change should be
invisible to C code outside pam_nologin.)

PR:		bin/112574
Approved by:	des, re
@
text
@d21 1
a21 1
#session 	optional	pam_ssh.so
@


1.16.2.1
log
@Switch importer
@
text
@d2 1
a2 1
# $FreeBSD: stable/7/etc/pam.d/sshd 170510 2007-06-10 18:57:20Z yar $
@


1.16.14.1
log
@SVN rev 216618 on 2010-12-21 17:10:29Z by kensmith

Copy stable/7 to releng/7.4 in preparation for FreeBSD-7.4 release.

Approved by:	re (implicit)
@
text
@@


1.16.14.2
log
@Switch importer
@
text
@d2 1
a2 1
# $FreeBSD: releng/7.4/etc/pam.d/sshd 170510 2007-06-10 18:57:20Z yar $
@


1.16.12.1
log
@SVN rev 203736 on 2010-02-10 00:26:20Z by kensmith

Copy stable/7 to releng/7.3 as part of the 7.3-RELEASE process.

Approved by:	re (implicit)
@
text
@@


1.16.10.1
log
@SVN rev 196045 on 2009-08-03 08:13:06Z by kensmith

Copy head to stable/8 as part of 8.0 Release cycle.

Approved by:	re (Implicit)
@
text
@@


1.16.10.2
log
@## SVN ##
## SVN ## Exported commit - http://svnweb.freebsd.org/changeset/base/ 242909
## SVN ## CVS IS DEPRECATED: http://wiki.freebsd.org/CvsIsDeprecated
## SVN ##
## SVN ## ------------------------------------------------------------------------
## SVN ## r242909 | dim | 2012-11-12 07:47:19 +0000 (Mon, 12 Nov 2012) | 20 lines
## SVN ##
## SVN ## MFC r242625:
## SVN ##
## SVN ## Remove duplicate const specifiers in many drivers (I hope I got all of
## SVN ## them, please let me know if not).  Most of these are of the form:
## SVN ##
## SVN ## static const struct bzzt_type {
## SVN ##       [...list of members...]
## SVN ## } const bzzt_devs[] = {
## SVN ##       [...list of initializers...]
## SVN ## };
## SVN ##
## SVN ## The second const is unnecessary, as arrays cannot be modified anyway,
## SVN ## and if the elements are const, the whole thing is const automatically
## SVN ## (e.g. it is placed in .rodata).
## SVN ##
## SVN ## I have verified this does not change the binary output of a full kernel
## SVN ## build (except for build timestamps embedded in the object files).
## SVN ##
## SVN ## Reviewed by:	yongari, marius
## SVN ##
## SVN ## ------------------------------------------------------------------------
## SVN ##
@
text
@d2 1
a2 1
# $FreeBSD: stable/8/etc/pam.d/sshd 170510 2007-06-10 18:57:20Z yar $
@


1.16.10.1.8.1
log
@SVN rev 232438 on 2012-03-03 06:15:13Z by kensmith

Copy stable/8 to releng/8.3 as part of 8.3-RELEASE release cycle.

Approved by:	re (implicit)
@
text
@@


1.16.10.1.8.2
log
@Switch importer
@
text
@d2 1
a2 1
# $FreeBSD: releng/8.3/etc/pam.d/sshd 170510 2007-06-10 18:57:20Z yar $
@


1.16.10.1.6.1
log
@SVN rev 216617 on 2010-12-21 17:09:25Z by kensmith

Copy stable/8 to releng/8.2 in preparation for FreeBSD-8.2 release.

Approved by:	re (implicit)
@
text
@@


1.16.10.1.4.1
log
@SVN rev 209145 on 2010-06-14 02:09:06Z by kensmith

Copy stable/8 to releng/8.1 in preparation for 8.1-RC1.

Approved by:	re (implicit)
@
text
@@


1.16.10.1.2.1
log
@SVN rev 198460 on 2009-10-25 01:10:29Z by kensmith

Copy stable/8 to releng/8.0 as part of 8.0-RELEASE release procedure.

Approved by:	re (implicit)
@
text
@@


1.16.8.1
log
@SVN rev 191087 on 2009-04-15 03:14:26Z by kensmith

Create releng/7.2 from stable/7 in preparation for 7.2-RELEASE.

Approved by:	re (implicit)
@
text
@@


1.16.6.1
log
@SVN rev 185281 on 2008-11-25 02:59:29Z by kensmith

Create releng/7.1 in preparation for moving into RC phase of 7.1 release
cycle.

Approved by:	re (implicit)
@
text
@@


1.15
log
@The PAM module pam_krb5 does not have "session" capabilities.
Don't give examples of such use, this is bogus.
@
text
@a7 1
auth		required	pam_nologin.so		no_warn
d15 1
@


1.15.12.1
log
@MFC with compatibility shims:

pam_nologin(8) starts to provide an account management function in
addition to the existing authentication function so that sshd(8) can
respect nologin(5) while the rest of PAM consumers work as earlier.
In turn, sshd(8) starts to use the new account management function
in pam_nologin(8) and thus respect nologin(5) even when doing public
key authentication with sshd's internal routines (PAM authentication
isn't called at all in that case).

Based on:

  1.12      +2 -10     src/lib/libpam/modules/pam_nologin/pam_nologin.c
  1.6       +10 -11    src/lib/libpam/modules/pam_nologin/pam_nologin.8
  1.16      +1 -1      src/etc/pam.d/sshd

Approved by:	des
PR:		bin/112574
@
text
@d8 1
a15 1
account		required	pam_nologin.so
@


1.15.12.2
log
@Switch importer
@
text
@d2 1
a2 1
# $FreeBSD: stable/6/etc/pam.d/sshd 171872 2007-08-17 11:28:25Z yar $
@


1.15.12.1.4.1
log
@SVN rev 183531 on 2008-10-02 02:57:24Z by kensmith

Create releng/6.4 from stable/6 in preparation for 6.4-RC1.

Approved by:	re (implicit)
@
text
@@


1.14
log
@Initiate KerberosIV de-orbit burn. Disconnect the /etc configs.
@
text
@a20 1
#session 	required	pam_krb5.so
@


1.13
log
@Add the allow_local option to all pam_opieaccess entries.
@
text
@a10 1
#auth		sufficient	pam_kerberosIV.so	no_warn try_first_pass
a15 1
#account 	required	pam_kerberosIV.so
a20 1
#session 	required	pam_kerberosIV.so
a25 1
#password	sufficient	pam_kerberosIV.so	no_warn try_first_pass
@


1.12
log
@Major cleanup & homogenization.
@
text
@d10 1
a10 1
auth		requisite	pam_opieaccess.so	no_warn
@


1.11
log
@Don't enable pam_krb5 by default - most people don't have it since most
people don't build with MAKE_KERBEROS5 defined.  Provide commented-out
usage examples instead, like we do everywhere else.

Pointy hat to:	des
@
text
@d8 7
a14 5
auth		required	pam_nologin.so	no_warn
auth		sufficient	pam_opie.so	no_warn no_fake_prompts
auth		required	pam_opieaccess.so	no_warn
#auth		sufficient	pam_krb5.so	no_warn try_first_pass
auth		required	pam_unix.so	no_warn try_first_pass
d17 2
a19 1
#account		required	pam_krb5.so
d23 3
d29 3
a31 1
password	required	pam_permit.so
@


1.10
log
@Enable pam_krb5 for sshd.  I've had this in my tree for ages.
@
text
@d11 1
a11 1
auth		sufficient	pam_krb5.so	no_warn try_first_pass
d16 1
a16 1
account		required	pam_krb5.so
@


1.9
log
@Since OpenSSH drops privileges before calling pam_open_session(3),
pam_lastlog(8) can't possibly work, so let OpenSSH handle lastlog.

Approved by:	re (rwatson)
@
text
@d11 1
d16 1
@


1.8
log
@Silence pam_lastlog for now.
@
text
@d18 1
a18 1
session		required	pam_lastlog.so	no_warn no_fail
@


1.7
log
@Enable OPIE for sshd and telnetd.  I thought I'd done this a long time
ago...

Sponsored by:	DARPA, NAI Labs
@
text
@d18 1
a18 1
session		required	pam_lastlog.so	no_fail
@


1.6
log
@Use pam_lastlog(8)'s new no_fail option.

Sponsored by:	DARPA, NAI Labs
@
text
@d2 1
a2 1
# $FreeBSD: src/etc/pam.d/sshd,v 1.5 2002/04/18 17:40:27 des Exp $
d9 2
@


1.5
log
@Don't list pam_unix in the session chain, since it does not provide any
session management services.

Sponsored by:	DARPA, NAI Labs
@
text
@d2 1
a2 1
# $FreeBSD: src/etc/pam.d/sshd,v 1.4 2002/04/15 02:46:24 des Exp $
d16 1
a16 1
session		required	pam_lastlog.so
@


1.4
log
@Add pam_lastlog(8) here since I removed lastlog support from sshd.

Sponsored by:	DARPA, NAI Labs
@
text
@d2 1
a2 1
# $FreeBSD: src/etc/pam.d/sshd,v 1.3 2002/03/26 12:52:27 ru Exp $
a16 1
session		required	pam_permit.so
@


1.3
log
@Switch over to using pam_login_access(8) module in sshd(8).
(Fixes static compilation.  Reduces diffs to OpenSSH.)

Reviewed by:	bde
@
text
@d2 1
a2 1
# $FreeBSD: src/etc/pam.d/sshd,v 1.2 2001/12/05 21:26:00 des Exp $
d16 1
@


1.2
log
@Awright, egg on my face.  I should have taken more time with this.  The
conversion script generated the wrong format, so the configuration files
didn't actually work.  Good thing I hadn't thrown the switch yet...

Sponsored by:	DARPA, NAI Labs (but the f***ups are all mine)
@
text
@d2 1
a2 1
# $FreeBSD$
d12 1
@


1.1
log
@pam.d-style configuration, auto-generated from pam.conf.

Sponsored by:	DARPA, NAI Labs
@
text
@d8 2
a9 2
sshd	auth	required	pam_nologin.so	no_warn
sshd	auth	required	pam_unix.so	no_warn try_first_pass
d12 1
a12 1
sshd	account	required	pam_unix.so
d15 1
a15 1
sshd	session	required	pam_permit.so
d18 1
a18 1
sshd	password required	pam_permit.so
@

