X-Git-Url: https://git.arvados.org/arvados.git/blobdiff_plain/94bd8cbba915c9a55a7822dac66ca01d3b717f66..c9f861e832edf6dd03433b576218f2e56d9e3a36:/tools/salt-install/config_examples/multi_host/aws/tofs/arvados/shell/config/files/default/shell-pam-shellinabox.tmpl.jinja

diff --git a/tools/salt-install/config_examples/multi_host/aws/tofs/arvados/shell/config/files/default/shell-pam-shellinabox.tmpl.jinja b/tools/salt-install/config_examples/multi_host/aws/tofs/arvados/shell/config/files/default/shell-pam-shellinabox.tmpl.jinja
new file mode 100644
index 0000000000..f42bde7a3c
--- /dev/null
+++ b/tools/salt-install/config_examples/multi_host/aws/tofs/arvados/shell/config/files/default/shell-pam-shellinabox.tmpl.jinja
@@ -0,0 +1,35 @@
+{#
+##########################################################
+# Copyright (C) The Arvados Authors. All rights reserved.
+#
+# SPDX-License-Identifier: CC-BY-SA-3.0
+#}
+########################################################################
+# File managed by Salt at <{{ source }}>.
+# Your changes will be overwritten.
+########################################################################
+auth       optional   pam_faildelay.so  delay=3000000
+auth [success=ok new_authtok_reqd=ok ignore=ignore user_unknown=bad default=die] pam_securetty.so
+auth       requisite  pam_nologin.so
+session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so close
+session       required   pam_env.so readenv=1
+session       required   pam_env.so readenv=1 envfile=/etc/default/locale
+
+# yamllint disable rule:line-length
+auth [success=1 default=ignore] /usr/lib/pam_arvados.so {{ arvados.cluster.domain }} shell.{{ arvados.cluster.domain }}
+# yamllint enable rule:line-length
+auth    requisite            pam_deny.so
+auth    required            pam_permit.so
+
+auth       optional   pam_group.so
+session    required   pam_limits.so
+session    optional   pam_lastlog.so
+session    optional   pam_motd.so  motd=/run/motd.dynamic
+session    optional   pam_motd.so
+session    optional   pam_mail.so standard
+
+@include common-account
+@include common-session
+@include common-password
+
+session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so open