login.conf revision 1.1
1# $OpenBSD: login.conf,v 1.1 2014/03/26 20:17:00 tedu Exp $ 2 3# 4# Sample login.conf file. See login.conf(5) for details. 5# 6 7# 8# Standard authentication styles: 9# 10# krb5-or-pwd First try Kerberos V password, then local password file 11# passwd Use only the local password file 12# krb5 Use only the Kerberos V password 13# chpass Do not authenticate, but change users password (change 14# the YP password if the user has one, else change the 15# local password) 16# lchpass Do not login; change user's local password instead 17# radius Use radius authentication 18# reject Use rejected authentication 19# skey Use S/Key authentication 20# activ ActivCard X9.9 token authentication 21# crypto CRYPTOCard X9.9 token authentication 22# snk Digital Pathways SecureNet Key authentication 23# tis TIS Firewall Toolkit authentication 24# token Generic X9.9 token authentication 25# yubikey YubiKey authentication 26# 27 28# Default allowed authentication styles 29auth-defaults:auth=passwd,skey: 30 31# Default allowed authentication styles for authentication type ftp 32auth-ftp-defaults:auth-ftp=passwd: 33 34# 35# The default values 36# To alter the default authentication types change the line: 37# :tc=auth-defaults:\ 38# to be read something like: (enables passwd, "myauth", and activ) 39# :auth=passwd,myauth,activ:\ 40# Any value changed in the daemon class should be reset in default 41# class. 42# 43default:\ 44 :path=/usr/bin /bin /usr/sbin /sbin /usr/X11R6/bin /usr/local/bin /usr/local/sbin:\ 45 :umask=022:\ 46 :datasize-max=512M:\ 47 :datasize-cur=512M:\ 48 :maxproc-max=256:\ 49 :maxproc-cur=128:\ 50 :openfiles-cur=512:\ 51 :stacksize-cur=4M:\ 52 :localcipher=blowfish,8:\ 53 :ypcipher=old:\ 54 :tc=auth-defaults:\ 55 :tc=auth-ftp-defaults: 56 57# 58# Settings used by /etc/rc and root 59# This must be set properly for daemons started as root by inetd as well. 60# Be sure reset these values back to system defaults in the default class! 61# 62daemon:\ 63 :ignorenologin:\ 64 :datasize=infinity:\ 65 :maxproc=infinity:\ 66 :openfiles-cur=128:\ 67 :stacksize-cur=8M:\ 68 :localcipher=blowfish,9:\ 69 :tc=default: 70 71# 72# Staff have fewer restrictions and can login even when nologins are set. 73# 74staff:\ 75 :datasize-cur=512M:\ 76 :datasize-max=infinity:\ 77 :maxproc-max=512:\ 78 :maxproc-cur=128:\ 79 :ignorenologin:\ 80 :requirehome@:\ 81 :tc=default: 82 83# 84# Authpf accounts get a special motd and shell 85# 86authpf:\ 87 :welcome=/etc/motd.authpf:\ 88 :shell=/usr/sbin/authpf:\ 89 :tc=default: 90 91# 92# Override resource limits for certain daemons started by rc.d(8) 93# 94bgpd:\ 95 :openfiles-cur=512:\ 96 :tc=daemon: 97