login.conf revision 1.1 
1# $OpenBSD: login.conf,v 1.1 2014/03/26 20:17:00 tedu Exp $
2
3#
4# Sample login.conf file.  See login.conf(5) for details.
5#
6
7#
8# Standard authentication styles:
9#
10# krb5-or-pwd	First try Kerberos V password, then local password file
11# passwd	Use only the local password file
12# krb5		Use only the Kerberos V password
13# chpass	Do not authenticate, but change users password (change
14#		the YP password if the user has one, else change the
15#		local password)
16# lchpass	Do not login; change user's local password instead
17# radius	Use radius authentication
18# reject	Use rejected authentication
19# skey		Use S/Key authentication
20# activ		ActivCard X9.9 token authentication
21# crypto	CRYPTOCard X9.9 token authentication
22# snk		Digital Pathways SecureNet Key authentication
23# tis		TIS Firewall Toolkit authentication
24# token		Generic X9.9 token authentication
25# yubikey	YubiKey authentication
26#
27
28# Default allowed authentication styles
29auth-defaults:auth=passwd,skey:
30
31# Default allowed authentication styles for authentication type ftp
32auth-ftp-defaults:auth-ftp=passwd:
33
34#
35# The default values
36# To alter the default authentication types change the line:
37#	:tc=auth-defaults:\
38# to be read something like: (enables passwd, "myauth", and activ)
39#	:auth=passwd,myauth,activ:\
40# Any value changed in the daemon class should be reset in default
41# class.
42#
43default:\
44	:path=/usr/bin /bin /usr/sbin /sbin /usr/X11R6/bin /usr/local/bin /usr/local/sbin:\
45	:umask=022:\
46	:datasize-max=512M:\
47	:datasize-cur=512M:\
48	:maxproc-max=256:\
49	:maxproc-cur=128:\
50	:openfiles-cur=512:\
51	:stacksize-cur=4M:\
52	:localcipher=blowfish,8:\
53	:ypcipher=old:\
54	:tc=auth-defaults:\
55	:tc=auth-ftp-defaults:
56
57#
58# Settings used by /etc/rc and root
59# This must be set properly for daemons started as root by inetd as well.
60# Be sure reset these values back to system defaults in the default class!
61#
62daemon:\
63	:ignorenologin:\
64	:datasize=infinity:\
65	:maxproc=infinity:\
66	:openfiles-cur=128:\
67	:stacksize-cur=8M:\
68	:localcipher=blowfish,9:\
69	:tc=default:
70
71#
72# Staff have fewer restrictions and can login even when nologins are set.
73#
74staff:\
75	:datasize-cur=512M:\
76	:datasize-max=infinity:\
77	:maxproc-max=512:\
78	:maxproc-cur=128:\
79	:ignorenologin:\
80	:requirehome@:\
81	:tc=default:
82
83#
84# Authpf accounts get a special motd and shell
85#
86authpf:\
87	:welcome=/etc/motd.authpf:\
88	:shell=/usr/sbin/authpf:\
89	:tc=default:
90
91#
92# Override resource limits for certain daemons started by rc.d(8)
93#
94bgpd:\
95	:openfiles-cur=512:\
96	:tc=daemon:
97