aboutsummaryrefslogtreecommitdiff
path: root/base/bin/config/pam.d
diff options
context:
space:
mode:
Diffstat (limited to 'base/bin/config/pam.d')
-rw-r--r--base/bin/config/pam.d/Makefile17
-rw-r--r--base/bin/config/pam.d/chage6
-rw-r--r--base/bin/config/pam.d/chfn6
-rw-r--r--base/bin/config/pam.d/chgpasswd4
-rw-r--r--base/bin/config/pam.d/chpasswd6
-rw-r--r--base/bin/config/pam.d/chsh6
-rw-r--r--base/bin/config/pam.d/groupadd6
-rw-r--r--base/bin/config/pam.d/groupdel6
-rw-r--r--base/bin/config/pam.d/groupmems4
-rw-r--r--base/bin/config/pam.d/groupmod6
-rw-r--r--base/bin/config/pam.d/login7
-rw-r--r--base/bin/config/pam.d/newusers6
-rw-r--r--base/bin/config/pam.d/other5
-rw-r--r--base/bin/config/pam.d/passwd4
-rw-r--r--base/bin/config/pam.d/shadow6
-rw-r--r--base/bin/config/pam.d/su9
-rw-r--r--base/bin/config/pam.d/su-l9
-rw-r--r--base/bin/config/pam.d/system-auth17
-rw-r--r--base/bin/config/pam.d/system-local-login6
-rw-r--r--base/bin/config/pam.d/system-login19
-rw-r--r--base/bin/config/pam.d/system-remote-login6
-rw-r--r--base/bin/config/pam.d/system-services11
-rw-r--r--base/bin/config/pam.d/useradd6
-rw-r--r--base/bin/config/pam.d/userdel6
-rw-r--r--base/bin/config/pam.d/usermod6
25 files changed, 190 insertions, 0 deletions
diff --git a/base/bin/config/pam.d/Makefile b/base/bin/config/pam.d/Makefile
new file mode 100644
index 0000000..74076ab
--- /dev/null
+++ b/base/bin/config/pam.d/Makefile
@@ -0,0 +1,17 @@
+include ../common.mk
+
+FILES_BASE = other system-auth system-local-login system-login system-remote-login system-services
+FILES_UTIL = chage chfn chgpasswd chpasswd chsh groupadd groupdel groupmems groupmod login newusers passwd shadow su su-l useradd userdel usermod
+
+# $(INSTALLDAT) $(FILES_BASE) $(DESTDIR)$(PAMPOLICYDIR)
+
+install-pam-policy-dir:
+ $(INSTALLDIR) $(DESTDIR)$(PAMPOLICYDIR)
+
+install-pam-policy-base: install-pam-policy-dir
+ for file in $(FILES_BASE); do $(INSTALLDAT) $$file $(DESTDIR)$(PAMPOLICYDIR)/$$file$(EXT); done
+
+install-pam-policy-util: install-pam-policy-dir
+ for file in $(FILES_UTIL); do $(INSTALLDAT) $$file $(DESTDIR)$(PAMPOLICYDIR)/$$file$(EXT); done
+
+.PHONY: install-pam-policy-dir install-pam-policy-base install-pam-policy-util
diff --git a/base/bin/config/pam.d/chage b/base/bin/config/pam.d/chage
new file mode 100644
index 0000000..a7bf8a4
--- /dev/null
+++ b/base/bin/config/pam.d/chage
@@ -0,0 +1,6 @@
+#%PAM-1.0
+auth sufficient pam_rootok.so
+auth required pam_unix.so
+account required pam_unix.so
+session required pam_unix.so
+password required pam_permit.so
diff --git a/base/bin/config/pam.d/chfn b/base/bin/config/pam.d/chfn
new file mode 100644
index 0000000..a7bf8a4
--- /dev/null
+++ b/base/bin/config/pam.d/chfn
@@ -0,0 +1,6 @@
+#%PAM-1.0
+auth sufficient pam_rootok.so
+auth required pam_unix.so
+account required pam_unix.so
+session required pam_unix.so
+password required pam_permit.so
diff --git a/base/bin/config/pam.d/chgpasswd b/base/bin/config/pam.d/chgpasswd
new file mode 100644
index 0000000..8f49f5c
--- /dev/null
+++ b/base/bin/config/pam.d/chgpasswd
@@ -0,0 +1,4 @@
+#%PAM-1.0
+auth sufficient pam_rootok.so
+account required pam_permit.so
+password include system-auth
diff --git a/base/bin/config/pam.d/chpasswd b/base/bin/config/pam.d/chpasswd
new file mode 100644
index 0000000..5d44798
--- /dev/null
+++ b/base/bin/config/pam.d/chpasswd
@@ -0,0 +1,6 @@
+#%PAM-1.0
+auth sufficient pam_rootok.so
+auth required pam_unix.so
+account required pam_unix.so
+session required pam_unix.so
+password required pam_unix.so sha512 shadow
diff --git a/base/bin/config/pam.d/chsh b/base/bin/config/pam.d/chsh
new file mode 100644
index 0000000..a7bf8a4
--- /dev/null
+++ b/base/bin/config/pam.d/chsh
@@ -0,0 +1,6 @@
+#%PAM-1.0
+auth sufficient pam_rootok.so
+auth required pam_unix.so
+account required pam_unix.so
+session required pam_unix.so
+password required pam_permit.so
diff --git a/base/bin/config/pam.d/groupadd b/base/bin/config/pam.d/groupadd
new file mode 100644
index 0000000..a7bf8a4
--- /dev/null
+++ b/base/bin/config/pam.d/groupadd
@@ -0,0 +1,6 @@
+#%PAM-1.0
+auth sufficient pam_rootok.so
+auth required pam_unix.so
+account required pam_unix.so
+session required pam_unix.so
+password required pam_permit.so
diff --git a/base/bin/config/pam.d/groupdel b/base/bin/config/pam.d/groupdel
new file mode 100644
index 0000000..a7bf8a4
--- /dev/null
+++ b/base/bin/config/pam.d/groupdel
@@ -0,0 +1,6 @@
+#%PAM-1.0
+auth sufficient pam_rootok.so
+auth required pam_unix.so
+account required pam_unix.so
+session required pam_unix.so
+password required pam_permit.so
diff --git a/base/bin/config/pam.d/groupmems b/base/bin/config/pam.d/groupmems
new file mode 100644
index 0000000..8f49f5c
--- /dev/null
+++ b/base/bin/config/pam.d/groupmems
@@ -0,0 +1,4 @@
+#%PAM-1.0
+auth sufficient pam_rootok.so
+account required pam_permit.so
+password include system-auth
diff --git a/base/bin/config/pam.d/groupmod b/base/bin/config/pam.d/groupmod
new file mode 100644
index 0000000..a7bf8a4
--- /dev/null
+++ b/base/bin/config/pam.d/groupmod
@@ -0,0 +1,6 @@
+#%PAM-1.0
+auth sufficient pam_rootok.so
+auth required pam_unix.so
+account required pam_unix.so
+session required pam_unix.so
+password required pam_permit.so
diff --git a/base/bin/config/pam.d/login b/base/bin/config/pam.d/login
new file mode 100644
index 0000000..1960d94
--- /dev/null
+++ b/base/bin/config/pam.d/login
@@ -0,0 +1,7 @@
+#%PAM-1.0
+
+auth required pam_securetty.so
+auth requisite pam_nologin.so
+auth include system-local-login
+account include system-local-login
+session include system-local-login
diff --git a/base/bin/config/pam.d/newusers b/base/bin/config/pam.d/newusers
new file mode 100644
index 0000000..5d44798
--- /dev/null
+++ b/base/bin/config/pam.d/newusers
@@ -0,0 +1,6 @@
+#%PAM-1.0
+auth sufficient pam_rootok.so
+auth required pam_unix.so
+account required pam_unix.so
+session required pam_unix.so
+password required pam_unix.so sha512 shadow
diff --git a/base/bin/config/pam.d/other b/base/bin/config/pam.d/other
new file mode 100644
index 0000000..08498b4
--- /dev/null
+++ b/base/bin/config/pam.d/other
@@ -0,0 +1,5 @@
+#%PAM-1.0
+auth required pam_unix.so
+account required pam_unix.so
+password required pam_unix.so
+session required pam_unix.so
diff --git a/base/bin/config/pam.d/passwd b/base/bin/config/pam.d/passwd
new file mode 100644
index 0000000..ab56da4
--- /dev/null
+++ b/base/bin/config/pam.d/passwd
@@ -0,0 +1,4 @@
+#%PAM-1.0
+#password required pam_cracklib.so difok=2 minlen=8 dcredit=2 ocredit=2 retry=3
+#password required pam_unix.so sha512 shadow use_authtok
+password required pam_unix.so sha512 shadow nullok
diff --git a/base/bin/config/pam.d/shadow b/base/bin/config/pam.d/shadow
new file mode 100644
index 0000000..a7bf8a4
--- /dev/null
+++ b/base/bin/config/pam.d/shadow
@@ -0,0 +1,6 @@
+#%PAM-1.0
+auth sufficient pam_rootok.so
+auth required pam_unix.so
+account required pam_unix.so
+session required pam_unix.so
+password required pam_permit.so
diff --git a/base/bin/config/pam.d/su b/base/bin/config/pam.d/su
new file mode 100644
index 0000000..cf15f40
--- /dev/null
+++ b/base/bin/config/pam.d/su
@@ -0,0 +1,9 @@
+#%PAM-1.0
+auth sufficient pam_rootok.so
+# Uncomment the following line to implicitly trust users in the "wheel" group.
+#auth sufficient pam_wheel.so trust use_uid
+# Uncomment the following line to require a user to be in the "wheel" group.
+#auth required pam_wheel.so use_uid
+auth required pam_unix.so
+account required pam_unix.so
+session required pam_unix.so
diff --git a/base/bin/config/pam.d/su-l b/base/bin/config/pam.d/su-l
new file mode 100644
index 0000000..cf15f40
--- /dev/null
+++ b/base/bin/config/pam.d/su-l
@@ -0,0 +1,9 @@
+#%PAM-1.0
+auth sufficient pam_rootok.so
+# Uncomment the following line to implicitly trust users in the "wheel" group.
+#auth sufficient pam_wheel.so trust use_uid
+# Uncomment the following line to require a user to be in the "wheel" group.
+#auth required pam_wheel.so use_uid
+auth required pam_unix.so
+account required pam_unix.so
+session required pam_unix.so
diff --git a/base/bin/config/pam.d/system-auth b/base/bin/config/pam.d/system-auth
new file mode 100644
index 0000000..b28a7e9
--- /dev/null
+++ b/base/bin/config/pam.d/system-auth
@@ -0,0 +1,17 @@
+#%PAM-1.0
+
+auth required pam_env.so
+auth required pam_unix.so try_first_pass nullok
+auth optional pam_permit.so
+
+account required pam_unix.so
+account optional pam_permit.so
+account required pam_time.so
+
+password required pam_unix.so try_first_pass nullok sha512 shadow
+password optional pam_permit.so
+
+session required pam_limits.so
+session required pam_env.so
+session required pam_unix.so
+session optional pam_permit.so
diff --git a/base/bin/config/pam.d/system-local-login b/base/bin/config/pam.d/system-local-login
new file mode 100644
index 0000000..347b815
--- /dev/null
+++ b/base/bin/config/pam.d/system-local-login
@@ -0,0 +1,6 @@
+#%PAM-1.0
+
+auth include system-login
+account include system-login
+password include system-login
+session include system-login
diff --git a/base/bin/config/pam.d/system-login b/base/bin/config/pam.d/system-login
new file mode 100644
index 0000000..394419b
--- /dev/null
+++ b/base/bin/config/pam.d/system-login
@@ -0,0 +1,19 @@
+#%PAM-1.0
+
+auth required pam_tally2.so onerr=succeed file=/var/log/faillog
+auth required pam_shells.so
+auth requisite pam_nologin.so
+auth include system-auth
+
+account required pam_access.so
+account required pam_nologin.so
+account include system-auth
+
+password include system-auth
+
+session optional pam_loginuid.so
+session required pam_env.so
+session include system-auth
+session optional pam_motd.so motd=/etc/motd
+session optional pam_mail.so dir=/var/spool/mail standard quiet
+-session optional pam_systemd.so
diff --git a/base/bin/config/pam.d/system-remote-login b/base/bin/config/pam.d/system-remote-login
new file mode 100644
index 0000000..347b815
--- /dev/null
+++ b/base/bin/config/pam.d/system-remote-login
@@ -0,0 +1,6 @@
+#%PAM-1.0
+
+auth include system-login
+account include system-login
+password include system-login
+session include system-login
diff --git a/base/bin/config/pam.d/system-services b/base/bin/config/pam.d/system-services
new file mode 100644
index 0000000..311c0d6
--- /dev/null
+++ b/base/bin/config/pam.d/system-services
@@ -0,0 +1,11 @@
+#%PAM-1.0
+
+auth sufficient pam_permit.so
+
+account include system-auth
+
+session optional pam_loginuid.so
+session required pam_limits.so
+session required pam_env.so
+session required pam_unix.so
+session optional pam_permit.so
diff --git a/base/bin/config/pam.d/useradd b/base/bin/config/pam.d/useradd
new file mode 100644
index 0000000..a7bf8a4
--- /dev/null
+++ b/base/bin/config/pam.d/useradd
@@ -0,0 +1,6 @@
+#%PAM-1.0
+auth sufficient pam_rootok.so
+auth required pam_unix.so
+account required pam_unix.so
+session required pam_unix.so
+password required pam_permit.so
diff --git a/base/bin/config/pam.d/userdel b/base/bin/config/pam.d/userdel
new file mode 100644
index 0000000..a7bf8a4
--- /dev/null
+++ b/base/bin/config/pam.d/userdel
@@ -0,0 +1,6 @@
+#%PAM-1.0
+auth sufficient pam_rootok.so
+auth required pam_unix.so
+account required pam_unix.so
+session required pam_unix.so
+password required pam_permit.so
diff --git a/base/bin/config/pam.d/usermod b/base/bin/config/pam.d/usermod
new file mode 100644
index 0000000..a7bf8a4
--- /dev/null
+++ b/base/bin/config/pam.d/usermod
@@ -0,0 +1,6 @@
+#%PAM-1.0
+auth sufficient pam_rootok.so
+auth required pam_unix.so
+account required pam_unix.so
+session required pam_unix.so
+password required pam_permit.so
generated by cgit v1.2.3-70-g09d2 (git 2.47.0) at 2024-11-15 08:58:20 +0000