# 
# this example is for using kerberos to authenticate. Has been used with
# nss-updatedb, libpam-heimdal and libpam-ccreds.  This is only an example,
# and you will most likely have to create your own profiles to authenticate
# with your system.
# 
[kerberos_example]
nss_passwd=passwd: files db
nss_group=group: files db
nss_shadow=shadow: files
pam_auth=auth    [success=done default=ignore]   pam_unix.so nullok_secure debug
	auth    [authinfo_unavail=ignore success=1 default=2] pam_krb5.so use_first_pass debug
	auth    [default=done]  pam_ccreds.so action=validate use_first_pass
	auth    [default=done]  pam_ccreds.so action=store
	auth    [default=bad]   pam_ccreds.so action=update
pam_account=account sufficient      pam_krb5.so debug
	account sufficient      pam_unix.so debug
	account required        pam_permit.so
pam_password=password sufficient     pam_unix.so nullok obscure min=4 max=8 md5 debug
	password sufficient     pam_krb5.so debug try_first_pass
	password required       pam_deny.so
pam_session=session required        pam_mkhomedir.so umask=0022 skel=/etc/skel
	session optional        pam_foreground.so
	session optional        pam_krb5.so debug
	session required        pam_unix.so debug

#
# this example is for using ldap to authenticate and authorize.  This is only
# an example, and you will most likely have to # create your own profiles to
# authenticate with your system.
# 
[ldap_example]
nss_passwd=passwd: files ldap
nss_group=group: files ldap
nss_shadow=shadow: files ldap
pam_auth=auth       required     pam_env.so
	auth       sufficient   pam_unix.so likeauth nullok
	auth       sufficient   pam_ldap.so use_first_pass
	auth       required     pam_deny.so
pam_account=account    sufficient   pam_unix.so
	account    sufficient   pam_ldap.so
	account    required     pam_deny.so
pam_password=password   required     pam_cracklib.so difok=2 minlen=8 dcredit=2 ocredit=2 retry=3
	password   sufficient   pam_unix.so nullok md5 shadow use_authtok
	password   sufficient   pam_ldap.so use_first_pass
	password   required     pam_deny.so
pam_session=session    required     pam_limits.so
	session    required     pam_unix.so
	session    optional     pam_ldap.so

