1*ce178b85Srobert# $OpenBSD: login.conf,v 1.20 2024/10/12 07:36:52 robert Exp $ 2cf9c8788Stedu 3cf9c8788Stedu# 4cf9c8788Stedu# Sample login.conf file. See login.conf(5) for details. 5cf9c8788Stedu# 6cf9c8788Stedu 7cf9c8788Stedu# 8cf9c8788Stedu# Standard authentication styles: 9cf9c8788Stedu# 10cf9c8788Stedu# passwd Use only the local password file 11791377deSjmc# chpass Do not authenticate, but change user's password (change 12cf9c8788Stedu# the YP password if the user has one, else change the 13cf9c8788Stedu# local password) 14cf9c8788Stedu# lchpass Do not login; change user's local password instead 1529ec0a10Sjmc# ldap Use LDAP authentication 1629ec0a10Sjmc# radius Use RADIUS authentication 17cf9c8788Stedu# reject Use rejected authentication 18cf9c8788Stedu# skey Use S/Key authentication 19cf9c8788Stedu# activ ActivCard X9.9 token authentication 20cf9c8788Stedu# crypto CRYPTOCard X9.9 token authentication 21cf9c8788Stedu# snk Digital Pathways SecureNet Key authentication 22cf9c8788Stedu# token Generic X9.9 token authentication 23cf9c8788Stedu# yubikey YubiKey authentication 24cf9c8788Stedu# 25cf9c8788Stedu 26cf9c8788Stedu# Default allowed authentication styles 27cf9c8788Steduauth-defaults:auth=passwd,skey: 28cf9c8788Stedu 29cf9c8788Stedu# Default allowed authentication styles for authentication type ftp 30cf9c8788Steduauth-ftp-defaults:auth-ftp=passwd: 31cf9c8788Stedu 32cf9c8788Stedu# 33cf9c8788Stedu# The default values 34cf9c8788Stedu# To alter the default authentication types change the line: 35cf9c8788Stedu# :tc=auth-defaults:\ 36791377deSjmc# to read something like: (enables passwd, "myauth", and activ) 37cf9c8788Stedu# :auth=passwd,myauth,activ:\ 38cf9c8788Stedu# Any value changed in the daemon class should be reset in default 39cf9c8788Stedu# class. 40cf9c8788Stedu# 41cf9c8788Stedudefault:\ 42cf9c8788Stedu :path=/usr/bin /bin /usr/sbin /sbin /usr/X11R6/bin /usr/local/bin /usr/local/sbin:\ 43cf9c8788Stedu :umask=022:\ 44592bd543Smiod :datasize-max=1536M:\ 45592bd543Smiod :datasize-cur=1536M:\ 46cf9c8788Stedu :maxproc-max=256:\ 47cf9c8788Stedu :maxproc-cur=128:\ 4880f9238aSsthen :openfiles-max=1024:\ 49cf9c8788Stedu :openfiles-cur=512:\ 50cf9c8788Stedu :stacksize-cur=4M:\ 51cf9c8788Stedu :localcipher=blowfish,8:\ 52cf9c8788Stedu :tc=auth-defaults:\ 53cf9c8788Stedu :tc=auth-ftp-defaults: 54cf9c8788Stedu 55cf9c8788Stedu# 56cf9c8788Stedu# Settings used by /etc/rc and root 57cf9c8788Stedu# This must be set properly for daemons started as root by inetd as well. 58791377deSjmc# Be sure to reset these values to system defaults in the default class! 59cf9c8788Stedu# 60cf9c8788Stedudaemon:\ 61cf9c8788Stedu :ignorenologin:\ 62592bd543Smiod :datasize=4096M:\ 63cf9c8788Stedu :maxproc=infinity:\ 6480f9238aSsthen :openfiles-max=1024:\ 65cf9c8788Stedu :openfiles-cur=128:\ 66cf9c8788Stedu :stacksize-cur=8M:\ 67cf9c8788Stedu :localcipher=blowfish,9:\ 68cf9c8788Stedu :tc=default: 69cf9c8788Stedu 70cf9c8788Stedu# 71cf9c8788Stedu# Staff have fewer restrictions and can login even when nologins are set. 72cf9c8788Stedu# 73cf9c8788Stedustaff:\ 74592bd543Smiod :datasize-cur=1536M:\ 75cf9c8788Stedu :datasize-max=infinity:\ 76cf9c8788Stedu :maxproc-max=512:\ 77cf9c8788Stedu :maxproc-cur=128:\ 78cf9c8788Stedu :ignorenologin:\ 79cf9c8788Stedu :requirehome@:\ 80cf9c8788Stedu :tc=default: 81cf9c8788Stedu 82cf9c8788Stedu# 83cf9c8788Stedu# Authpf accounts get a special motd and shell 84cf9c8788Stedu# 85cf9c8788Steduauthpf:\ 86cf9c8788Stedu :welcome=/etc/motd.authpf:\ 87cf9c8788Stedu :shell=/usr/sbin/authpf:\ 88cf9c8788Stedu :tc=default: 89cf9c8788Stedu 90cf9c8788Stedu# 91*ce178b85Srobert# Building LLVM in base requires higher limits 92*ce178b85Srobert# 93*ce178b85Srobertbuild:\ 94*ce178b85Srobert :datasize-max=1843M:\ 95*ce178b85Srobert :datasize-cur=1843M:\ 96*ce178b85Srobert :tc=default: 97*ce178b85Srobert 98*ce178b85Srobert# 99acb92636Ssthen# Building ports with DPB uses raised limits 100acb92636Ssthen# 101acb92636Ssthenpbuild:\ 102acb92636Ssthen :datasize-max=infinity:\ 1036925afb9Svisa :datasize-cur=4096M:\ 104acb92636Ssthen :maxproc-max=1024:\ 105acb92636Ssthen :maxproc-cur=256:\ 106af6a71feSmortimer :stacksize-cur=8M:\ 10738dc29e6Ssolene :priority=5:\ 108acb92636Ssthen :tc=default: 109acb92636Ssthen 110acb92636Ssthen# 111cf9c8788Stedu# Override resource limits for certain daemons started by rc.d(8) 112cf9c8788Stedu# 113cf9c8788Stedubgpd:\ 114592bd543Smiod :datasize=16384M:\ 11580f9238aSsthen :openfiles=512:\ 116cf9c8788Stedu :tc=daemon: 117fe51f237Ssthen 118fe51f237Ssthenunbound:\ 11980f9238aSsthen :openfiles=512:\ 120fe51f237Ssthen :tc=daemon: 121521e6185Srobert 122521e6185Srobertxenodm:\ 123521e6185Srobert :openfiles=512:\ 124521e6185Srobert :tc=daemon: 125