# $OpenBSD: login.conf.in,v 1.6 2012/02/06 21:25:13 sobrado Exp $ # # Sample login.conf file. See login.conf(5) for details. # # # Standard authentication styles: # # krb5-or-pwd First try Kerberos V password, then local password file # passwd Use only the local password file # krb5 Use only the Kerberos V password # chpass Do not authenticate, but change users password (change # the YP password if the user has one, else change the # local password) # lchpass Do not login; change user's local password instead # radius Use radius authentication # reject Use rejected authentication # skey Use S/Key authentication # activ ActivCard X9.9 token authentication # crypto CRYPTOCard X9.9 token authentication # snk Digital Pathways SecureNet Key authentication # tis TIS Firewall Toolkit authentication # token Generic X9.9 token authentication # yubikey YubiKey authentication # # Default allowed authentication styles auth-defaults:auth=passwd,skey: # Default allowed authentication styles for authentication type ftp auth-ftp-defaults:auth-ftp=passwd: # # The default values # To alter the default authentication types change the line: # :tc=auth-defaults:\ # to be read something like: (enables passwd, "myauth", and activ) # :auth=passwd,myauth,activ:\ # Any value changed in the daemon class should be reset in default # class. # default:\ :path=/usr/bin /bin /usr/sbin /sbin /usr/X11R6/bin /usr/local/bin /usr/local/sbin:\ :umask=022:\ :datasize-max=@DEF_DATASIZE_MAX@:\ :datasize-cur=@DEF_DATASIZE_CUR@:\ :maxproc-max=@DEF_MAXPROC_MAX@:\ :maxproc-cur=@DEF_MAXPROC_CUR@:\ :openfiles-cur=@DEF_OPENFILES_CUR@:\ :stacksize-cur=4M:\ :localcipher=blowfish,@DEF_BLOWFISH_RNDS@:\ :ypcipher=old:\ :tc=auth-defaults:\ :tc=auth-ftp-defaults: # # Settings used by /etc/rc and root # This must be set properly for daemons started as root by inetd as well. # Be sure reset these values back to system defaults in the default class! # daemon:\ :ignorenologin:\ :datasize=infinity:\ :maxproc=infinity:\ :openfiles-cur=128:\ :stacksize-cur=8M:\ :localcipher=blowfish,@ROOT_BLOWFISH_RNDS@:\ :tc=default: # # Staff have fewer restrictions and can login even when nologins are set. # staff:\ :datasize-cur=@STAFF_DATASIZE_CUR@:\ :datasize-max=@STAFF_DATASIZE_MAX@:\ :maxproc-max=@STAFF_MAXPROC_MAX@:\ :maxproc-cur=@STAFF_MAXPROC_CUR@:\ :ignorenologin:\ :requirehome@:\ :tc=default: # # Authpf accounts get a special motd and shell # authpf:\ :welcome=/etc/motd.authpf:\ :shell=/usr/sbin/authpf:\ :tc=default: # # Override resource limits for certain daemons started by rc.d(8) # bgpd:\ :openfiles-cur=512:\ :tc=daemon: