login.conf revision 1.8
1# $OpenBSD: login.conf,v 1.8 2016/11/25 21:51:29 bluhm Exp $ 2 3# 4# Sample login.conf file. See login.conf(5) for details. 5# 6 7# 8# Standard authentication styles: 9# 10# passwd Use only the local password file 11# chpass Do not authenticate, but change users password (change 12# the YP password if the user has one, else change the 13# local password) 14# lchpass Do not login; change user's local password instead 15# radius Use radius authentication 16# reject Use rejected authentication 17# skey Use S/Key authentication 18# activ ActivCard X9.9 token authentication 19# crypto CRYPTOCard X9.9 token authentication 20# snk Digital Pathways SecureNet Key authentication 21# tis TIS Firewall Toolkit authentication 22# token Generic X9.9 token authentication 23# yubikey YubiKey authentication 24# 25 26# Default allowed authentication styles 27auth-defaults:auth=passwd,skey: 28 29# Default allowed authentication styles for authentication type ftp 30auth-ftp-defaults:auth-ftp=passwd: 31 32# 33# The default values 34# To alter the default authentication types change the line: 35# :tc=auth-defaults:\ 36# to be read something like: (enables passwd, "myauth", and activ) 37# :auth=passwd,myauth,activ:\ 38# Any value changed in the daemon class should be reset in default 39# class. 40# 41default:\ 42 :path=/usr/bin /bin /usr/sbin /sbin /usr/X11R6/bin /usr/local/bin /usr/local/sbin:\ 43 :umask=022:\ 44 :datasize-max=768M:\ 45 :datasize-cur=768M:\ 46 :maxproc-max=256:\ 47 :maxproc-cur=128:\ 48 :openfiles-cur=512:\ 49 :stacksize-cur=4M:\ 50 :localcipher=blowfish,a:\ 51 :tc=auth-defaults:\ 52 :tc=auth-ftp-defaults: 53 54# 55# Settings used by /etc/rc and root 56# This must be set properly for daemons started as root by inetd as well. 57# Be sure reset these values back to system defaults in the default class! 58# 59daemon:\ 60 :ignorenologin:\ 61 :datasize=infinity:\ 62 :maxproc=infinity:\ 63 :openfiles-cur=128:\ 64 :stacksize-cur=8M:\ 65 :localcipher=blowfish,a:\ 66 :tc=default: 67 68# 69# Staff have fewer restrictions and can login even when nologins are set. 70# 71staff:\ 72 :datasize-cur=1536M:\ 73 :datasize-max=infinity:\ 74 :maxproc-max=512:\ 75 :maxproc-cur=256:\ 76 :ignorenologin:\ 77 :requirehome@:\ 78 :tc=default: 79 80# 81# Authpf accounts get a special motd and shell 82# 83authpf:\ 84 :welcome=/etc/motd.authpf:\ 85 :shell=/usr/sbin/authpf:\ 86 :tc=default: 87 88# 89# Building ports with DPB uses raised limits 90# 91pbuild:\ 92 :datasize-max=infinity:\ 93 :datasize-cur=4096M:\ 94 :maxproc-max=1024:\ 95 :maxproc-cur=256:\ 96 :tc=default: 97 98# 99# Override resource limits for certain daemons started by rc.d(8) 100# 101bgpd:\ 102 :openfiles-cur=512:\ 103 :tc=daemon: 104 105unbound:\ 106 :openfiles-cur=512:\ 107 :tc=daemon: 108