summaryrefslogtreecommitdiff
path: root/etc/login.conf
blob: 1e9bc41f54d49f56c71376220226860e92aa8c2a (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
# $OpenBSD: login.conf,v 1.10 2001/11/19 03:03:33 deraadt Exp $

#
# Sample login.conf file.  See login.conf(5) for details.
#

#
# Standard authentication types:
#
# krb4-or-pwd	First try Kerberos IV password, then local password file
# krb5-or-pwd	First try Kerberos V password, then local password file
# passwd	Use only the local password file
# krb4		Use only the Kerberos IV password
# krb5		Use only the Kerberos V password
# chpass	Do not authenticate, but change users password (change
#		the kerberos password if the user has one, else change
#		the local password)
# lchpass	Do not login; change user's local password instead
# radius	Use radius authentication
# skey		Use S/Key authentication
# activ		ActivCard X9.9 token authentication
# crypto	CRYPTOCard X9.9 token authentication
# snk		Digital Pathways SecureNet Key authentication
# token		Generic X9.9 token authentication
#

# Default authentication methods (krb4-or-pwd by default)
auth-defaults:auth=krb4-or-pwd,krb4,krb5-or-pwd,krb5,passwd,skey,activ,crypto,snk,chpass,lchpass,token:

# Default authentication methods for ftp (krb4-or-pwd by default)
auth-ftp-defaults:auth-ftp=krb4-or-pwd,krb4,krb5-or-pwd,krb5,passwd,skey,activ,crypto,snk,token:

#
# The default values
# To alter the default authentication types change the line:
#	:tc=auth-defaults:\
# to be read something like: (enables passwd, "myauth", and activ)
#	:auth=passwd,myauth,activ:\
# Any value changed in the daemon class should be reset in default
# class.
#
default:\
	:path=/usr/bin /bin /usr/sbin /sbin /usr/X11R6/bin /usr/local/bin:\
	:umask=022:\
	:datasize-max=256M:\
	:datasize-cur=64M:\
	:maxproc-max=128:\
	:maxproc-cur=64:\
	:openfiles-cur=64:\
	:stacksize-cur=4M:\
	:localcipher=blowfish,6:\
	:ypcipher=old:\
	:tc=auth-defaults:\
	:tc=auth-ftp-defaults:

#
# Settings used by /etc/rc and root
# This must be set properly for daemons started as root by inetd as well.
# Be sure reset these values back to system defaults in the default class!
#
daemon:\
	:ignorenologin:\
	:datasize=infinity:\
	:maxproc=infinity:\
	:openfiles-cur=128:\
	:stacksize-cur=8M:\
	:localcipher=blowfish,8:\
	:tc=default:

#
# Staff have fewer restrictions and can login even when nologins are set.
#
staff:\
	:datasize-cur=64M:\
	:datasize-max=infinity:\
	:maxproc-max=256:\
	:maxproc-cur=128:\
	:ignorenologin:\
	:requirehome@:\
	:tc=default: