# # $FreeBSD$ # # System-wide defaults # # auth auth sufficient pam_opie.so no_warn no_fake_prompts auth requisite pam_opieaccess.so no_warn allow_local #auth sufficient pam_krb5.so no_warn try_first_pass #auth sufficient pam_ssh.so no_warn try_first_pass {% if system.disableintegratedauth|default('0') == '0' %} auth sufficient pam_opnsense.so {% endif %} auth required pam_unix.so no_warn try_first_pass nullok # account #account required pam_krb5.so account required pam_login_access.so {% if system.disableintegratedauth|default('0') == '0' %} account sufficient pam_opnsense.so {% endif %} account required pam_unix.so # session #session optional pam_ssh.so want_agent session required pam_lastlog.so no_fail # password #password sufficient pam_krb5.so no_warn try_first_pass password required pam_unix.so no_warn try_first_pass