cockpit/cockpit.pam
Adam Majer 30d7523ce5 - cockpit.pam: respect /etc/cockpit/disallowed-users
This means by default root cannot login with password to cockpit
  (bsc#1216080)

- Remove SELinux file context for /usr/bin/cockpit-bridge, this
  is already defined in the main selinux-policy package (bsc#1220385).
  Modified selinux_libdir.patch

OBS-URL: https://build.opensuse.org/package/show/systemsmanagement:cockpit/cockpit?expand=0&rev=165
2024-03-04 13:33:34 +00:00

11 lines
416 B
Plaintext

#%PAM-1.0
auth substack common-auth
# List of users to deny access to Cockpit, by default root is included.
auth required pam_listfile.so item=user sense=deny file=/etc/cockpit/disallowed-users onerr=succeed
account required pam_nologin.so
account include common-account
password include common-password
session required pam_loginuid.so
session optional pam_keyinit.so force revoke
session include common-session