login.conf revision 1.22
1# $OpenBSD: login.conf,v 1.22 2022/02/21 06:38:57 robert Exp $ 2 3# 4# Sample login.conf file. See login.conf(5) for details. 5# 6 7# 8# Standard authentication styles: 9# 10# passwd Use only the local password file 11# chpass Do not authenticate, but change user's password (change 12# the YP password if the user has one, else change the 13# local password) 14# lchpass Do not login; change user's local password instead 15# ldap Use LDAP authentication 16# radius Use RADIUS authentication 17# reject Use rejected authentication 18# skey Use S/Key authentication 19# activ ActivCard X9.9 token authentication 20# crypto CRYPTOCard X9.9 token authentication 21# snk Digital Pathways SecureNet Key authentication 22# token Generic X9.9 token authentication 23# yubikey YubiKey authentication 24# 25 26# Default allowed authentication styles 27auth-defaults:auth=passwd,skey: 28 29# Default allowed authentication styles for authentication type ftp 30auth-ftp-defaults:auth-ftp=passwd: 31 32# 33# The default values 34# To alter the default authentication types change the line: 35# :tc=auth-defaults:\ 36# to read something like: (enables passwd, "myauth", and activ) 37# :auth=passwd,myauth,activ:\ 38# Any value changed in the daemon class should be reset in default 39# class. 40# 41default:\ 42 :path=/usr/bin /bin /usr/sbin /sbin /usr/X11R6/bin /usr/local/bin /usr/local/sbin:\ 43 :umask=022:\ 44 :datasize-max=1024M:\ 45 :datasize-cur=1024M:\ 46 :maxproc-max=256:\ 47 :maxproc-cur=128:\ 48 :openfiles-max=1024:\ 49 :openfiles-cur=512:\ 50 :stacksize-cur=4M:\ 51 :localcipher=blowfish,a:\ 52 :tc=auth-defaults:\ 53 :tc=auth-ftp-defaults: 54 55# 56# Settings used by /etc/rc and root 57# This must be set properly for daemons started as root by inetd as well. 58# Be sure to reset these values to system defaults in the default class! 59# 60daemon:\ 61 :ignorenologin:\ 62 :datasize=4096M:\ 63 :maxproc=infinity:\ 64 :openfiles-max=1024:\ 65 :openfiles-cur=128:\ 66 :stacksize-cur=8M:\ 67 :tc=default: 68 69# 70# Staff have fewer restrictions and can login even when nologins are set. 71# 72staff:\ 73 :datasize-cur=1536M:\ 74 :datasize-max=infinity:\ 75 :maxproc-max=512:\ 76 :maxproc-cur=256:\ 77 :ignorenologin:\ 78 :requirehome@:\ 79 :tc=default: 80 81# 82# Authpf accounts get a special motd and shell 83# 84authpf:\ 85 :welcome=/etc/motd.authpf:\ 86 :shell=/usr/sbin/authpf:\ 87 :tc=default: 88 89# 90# Building ports with DPB uses raised limits 91# 92pbuild:\ 93 :datasize-max=infinity:\ 94 :datasize-cur=8192M:\ 95 :maxproc-max=1024:\ 96 :maxproc-cur=512:\ 97 :stacksize-cur=8M:\ 98 :priority=5:\ 99 :tc=default: 100 101# 102# Override resource limits for certain daemons started by rc.d(8) 103# 104bgpd:\ 105 :datasize=16384M:\ 106 :openfiles=512:\ 107 :tc=daemon: 108 109unbound:\ 110 :openfiles=512:\ 111 :tc=daemon: 112 113xenodm:\ 114 :openfiles=512:\ 115 :tc=daemon: 116