login.conf revision 1.15
1# $OpenBSD: login.conf,v 1.15 2020/05/23 13:16:03 danj Exp $ 2 3# 4# Sample login.conf file. See login.conf(5) for details. 5# 6 7# 8# Standard authentication styles: 9# 10# passwd Use only the local password file 11# chpass Do not authenticate, but change user's password (change 12# the YP password if the user has one, else change the 13# local password) 14# lchpass Do not login; change user's local password instead 15# radius Use radius authentication 16# reject Use rejected authentication 17# skey Use S/Key authentication 18# activ ActivCard X9.9 token authentication 19# crypto CRYPTOCard X9.9 token authentication 20# snk Digital Pathways SecureNet Key authentication 21# tis TIS Firewall Toolkit authentication 22# token Generic X9.9 token authentication 23# yubikey YubiKey authentication 24# 25 26# Default allowed authentication styles 27auth-defaults:auth=passwd,skey: 28 29# Default allowed authentication styles for authentication type ftp 30auth-ftp-defaults:auth-ftp=passwd: 31 32# 33# The default values 34# To alter the default authentication types change the line: 35# :tc=auth-defaults:\ 36# to read something like: (enables passwd, "myauth", and activ) 37# :auth=passwd,myauth,activ:\ 38# Any value changed in the daemon class should be reset in default 39# class. 40# 41default:\ 42 :path=/usr/bin /bin /usr/sbin /sbin /usr/X11R6/bin /usr/local/bin /usr/local/sbin:\ 43 :umask=022:\ 44 :datasize-max=768M:\ 45 :datasize-cur=768M:\ 46 :maxproc-max=256:\ 47 :maxproc-cur=128:\ 48 :openfiles-max=1024:\ 49 :openfiles-cur=512:\ 50 :stacksize-cur=4M:\ 51 :localcipher=blowfish,a:\ 52 :tc=auth-defaults:\ 53 :tc=auth-ftp-defaults: 54 55# 56# Settings used by /etc/rc and root 57# This must be set properly for daemons started as root by inetd as well. 58# Be sure to reset these values to system defaults in the default class! 59# 60daemon:\ 61 :ignorenologin:\ 62 :datasize=infinity:\ 63 :maxproc=infinity:\ 64 :openfiles-max=1024:\ 65 :openfiles-cur=128:\ 66 :stacksize-cur=8M:\ 67 :tc=default: 68 69# 70# Staff have fewer restrictions and can login even when nologins are set. 71# 72staff:\ 73 :datasize-cur=1536M:\ 74 :datasize-max=infinity:\ 75 :maxproc-max=512:\ 76 :maxproc-cur=256:\ 77 :ignorenologin:\ 78 :requirehome@:\ 79 :tc=default: 80 81# 82# Authpf accounts get a special motd and shell 83# 84authpf:\ 85 :welcome=/etc/motd.authpf:\ 86 :shell=/usr/sbin/authpf:\ 87 :tc=default: 88 89# 90# Building ports with DPB uses raised limits 91# 92pbuild:\ 93 :datasize-max=infinity:\ 94 :datasize-cur=7168M:\ 95 :maxproc-max=1024:\ 96 :maxproc-cur=384:\ 97 :priority=5:\ 98 :tc=default: 99 100# 101# Override resource limits for certain daemons started by rc.d(8) 102# 103bgpd:\ 104 :openfiles=512:\ 105 :tc=daemon: 106 107unbound:\ 108 :openfiles=512:\ 109 :tc=daemon: 110