1# $OpenBSD: login.conf,v 1.12 2022/02/21 06:38:57 robert Exp $
2
3#
4# Sample login.conf file.  See login.conf(5) for details.
5#
6
7#
8# Standard authentication styles:
9#
10# passwd	Use only the local password file
11# chpass	Do not authenticate, but change user's password (change
12#		the YP password if the user has one, else change the
13#		local password)
14# lchpass	Do not login; change user's local password instead
15# ldap		Use LDAP authentication
16# radius	Use RADIUS authentication
17# reject	Use rejected authentication
18# skey		Use S/Key authentication
19# activ		ActivCard X9.9 token authentication
20# crypto	CRYPTOCard X9.9 token authentication
21# snk		Digital Pathways SecureNet Key authentication
22# token		Generic X9.9 token authentication
23# yubikey	YubiKey authentication
24#
25
26# Default allowed authentication styles
27auth-defaults:auth=passwd,skey:
28
29# Default allowed authentication styles for authentication type ftp
30auth-ftp-defaults:auth-ftp=passwd:
31
32#
33# The default values
34# To alter the default authentication types change the line:
35#	:tc=auth-defaults:\
36# to read something like: (enables passwd, "myauth", and activ)
37#	:auth=passwd,myauth,activ:\
38# Any value changed in the daemon class should be reset in default
39# class.
40#
41default:\
42	:path=/usr/bin /bin /usr/sbin /sbin /usr/X11R6/bin /usr/local/bin /usr/local/sbin:\
43	:umask=022:\
44	:datasize-max=512M:\
45	:datasize-cur=512M:\
46	:maxproc-max=256:\
47	:maxproc-cur=128:\
48	:openfiles-max=1024:\
49	:openfiles-cur=512:\
50	:stacksize-cur=4M:\
51	:localcipher=blowfish,8:\
52	:tc=auth-defaults:\
53	:tc=auth-ftp-defaults:
54
55#
56# Settings used by /etc/rc and root
57# This must be set properly for daemons started as root by inetd as well.
58# Be sure to reset these values to system defaults in the default class!
59#
60daemon:\
61	:ignorenologin:\
62	:datasize=1024M:\
63	:maxproc=infinity:\
64	:openfiles-max=1024:\
65	:openfiles-cur=128:\
66	:stacksize-cur=8M:\
67	:localcipher=blowfish,9:\
68	:tc=default:
69
70#
71# Staff have fewer restrictions and can login even when nologins are set.
72#
73staff:\
74	:datasize-cur=512M:\
75	:datasize-max=infinity:\
76	:maxproc-max=512:\
77	:maxproc-cur=128:\
78	:ignorenologin:\
79	:requirehome@:\
80	:tc=default:
81
82#
83# Authpf accounts get a special motd and shell
84#
85authpf:\
86	:welcome=/etc/motd.authpf:\
87	:shell=/usr/sbin/authpf:\
88	:tc=default:
89
90#
91# Building ports with DPB uses raised limits
92#
93pbuild:\
94	:datasize-max=infinity:\
95	:datasize-cur=1024M:\
96	:maxproc-max=1024:\
97	:maxproc-cur=256:\
98	:stacksize-cur=8M:\
99	:priority=5:\
100	:tc=default:
101
102#
103# Override resource limits for certain daemons started by rc.d(8)
104#
105bgpd:\
106	:datasize=1024M:\
107	:openfiles=512:\
108	:tc=daemon:
109
110unbound:\
111	:openfiles=512:\
112	:tc=daemon:
113
114xenodm:\
115	:openfiles=512:\
116	:tc=daemon:
117