diff options
author | Patrick J Volkerding <volkerdi@slackware.com> | 2020-02-07 22:32:38 +0000 |
---|---|---|
committer | Eric Hameleers <alien@slackware.com> | 2020-02-08 08:59:48 +0100 |
commit | 080300e1e7dec7bb1a6297b5a4406e2c0be46048 (patch) | |
tree | 4ca397920d9a177af9eb3ca6781e2c8498b3672d /source/a/shadow/pam.d | |
parent | 194ec853e8f20fd32d5a91eec74ff77383093f4e (diff) | |
download | current-080300e1e7dec7bb1a6297b5a4406e2c0be46048.tar.gz current-080300e1e7dec7bb1a6297b5a4406e2c0be46048.tar.xz |
Fri Feb 7 22:32:38 UTC 202020200207223238
a/kernel-firmware-20200206_5351afe-noarch-1.txz: Upgraded.
ap/ghostscript-9.50-x86_64-2.txz: Rebuilt.
Recompiled against krb5-1.17.1.
ap/gutenprint-5.3.3-x86_64-2.txz: Rebuilt.
Recompiled against krb5-1.17.1.
ap/nano-4.8-x86_64-1.txz: Upgraded.
ap/screen-4.8.0-x86_64-1.txz: Upgraded.
ap/vim-8.2.0224-x86_64-1.txz: Upgraded.
d/cvs-1.11.23-x86_64-4.txz: Rebuilt.
Recompiled against krb5-1.17.1.
d/strace-5.5-x86_64-1.txz: Upgraded.
kde/kdelibs-4.14.38-x86_64-6.txz: Rebuilt.
Recompiled against krb5-1.17.1.
l/gtk+2-2.24.32-x86_64-3.txz: Rebuilt.
Recompiled against krb5-1.17.1.
l/gtk+3-3.24.13-x86_64-2.txz: Rebuilt.
Recompiled against krb5-1.17.1.
l/libsoup-2.68.3-x86_64-2.txz: Rebuilt.
Recompiled against krb5-1.17.1.
l/libssh-0.9.3-x86_64-2.txz: Rebuilt.
Recompiled against krb5-1.17.1.
l/loudmouth-1.5.3-x86_64-4.txz: Rebuilt.
Recompiled against krb5-1.17.1.
l/neon-0.30.2-x86_64-2.txz: Rebuilt.
Recompiled against krb5-1.17.1.
n/cifs-utils-6.10-x86_64-2.txz: Rebuilt.
Recompiled to build cifs.upcall.
n/curl-7.68.0-x86_64-2.txz: Rebuilt.
Recompiled against krb5-1.17.1.
n/cyrus-sasl-2.1.27-x86_64-2.txz: Rebuilt.
Recompiled against krb5-1.17.1.
xap/vim-gvim-8.2.0224-x86_64-1.txz: Upgraded.
Diffstat (limited to 'source/a/shadow/pam.d')
-rw-r--r-- | source/a/shadow/pam.d/chage | 4 | ||||
-rw-r--r-- | source/a/shadow/pam.d/chfn | 4 | ||||
-rw-r--r-- | source/a/shadow/pam.d/chgpasswd | 4 | ||||
-rw-r--r-- | source/a/shadow/pam.d/chpasswd | 4 | ||||
-rw-r--r-- | source/a/shadow/pam.d/chsh | 4 | ||||
-rw-r--r-- | source/a/shadow/pam.d/groupadd | 4 | ||||
-rw-r--r-- | source/a/shadow/pam.d/groupdel | 4 | ||||
-rw-r--r-- | source/a/shadow/pam.d/groupmems | 4 | ||||
-rw-r--r-- | source/a/shadow/pam.d/groupmod | 4 | ||||
-rw-r--r-- | source/a/shadow/pam.d/login | 11 | ||||
-rw-r--r-- | source/a/shadow/pam.d/newusers | 4 | ||||
-rw-r--r-- | source/a/shadow/pam.d/other | 6 | ||||
-rw-r--r-- | source/a/shadow/pam.d/passwd | 5 | ||||
-rw-r--r-- | source/a/shadow/pam.d/postlogin | 4 | ||||
-rw-r--r-- | source/a/shadow/pam.d/su | 11 | ||||
-rw-r--r-- | source/a/shadow/pam.d/su-l | 6 | ||||
-rw-r--r-- | source/a/shadow/pam.d/system-auth | 96 | ||||
-rw-r--r-- | source/a/shadow/pam.d/useradd | 4 | ||||
-rw-r--r-- | source/a/shadow/pam.d/userdel | 4 | ||||
-rw-r--r-- | source/a/shadow/pam.d/usermod | 4 |
20 files changed, 191 insertions, 0 deletions
diff --git a/source/a/shadow/pam.d/chage b/source/a/shadow/pam.d/chage new file mode 100644 index 000000000..8f49f5cc8 --- /dev/null +++ b/source/a/shadow/pam.d/chage @@ -0,0 +1,4 @@ +#%PAM-1.0 +auth sufficient pam_rootok.so +account required pam_permit.so +password include system-auth diff --git a/source/a/shadow/pam.d/chfn b/source/a/shadow/pam.d/chfn new file mode 100644 index 000000000..8f49f5cc8 --- /dev/null +++ b/source/a/shadow/pam.d/chfn @@ -0,0 +1,4 @@ +#%PAM-1.0 +auth sufficient pam_rootok.so +account required pam_permit.so +password include system-auth diff --git a/source/a/shadow/pam.d/chgpasswd b/source/a/shadow/pam.d/chgpasswd new file mode 100644 index 000000000..8f49f5cc8 --- /dev/null +++ b/source/a/shadow/pam.d/chgpasswd @@ -0,0 +1,4 @@ +#%PAM-1.0 +auth sufficient pam_rootok.so +account required pam_permit.so +password include system-auth diff --git a/source/a/shadow/pam.d/chpasswd b/source/a/shadow/pam.d/chpasswd new file mode 100644 index 000000000..8f49f5cc8 --- /dev/null +++ b/source/a/shadow/pam.d/chpasswd @@ -0,0 +1,4 @@ +#%PAM-1.0 +auth sufficient pam_rootok.so +account required pam_permit.so +password include system-auth diff --git a/source/a/shadow/pam.d/chsh b/source/a/shadow/pam.d/chsh new file mode 100644 index 000000000..8f49f5cc8 --- /dev/null +++ b/source/a/shadow/pam.d/chsh @@ -0,0 +1,4 @@ +#%PAM-1.0 +auth sufficient pam_rootok.so +account required pam_permit.so +password include system-auth diff --git a/source/a/shadow/pam.d/groupadd b/source/a/shadow/pam.d/groupadd new file mode 100644 index 000000000..8f49f5cc8 --- /dev/null +++ b/source/a/shadow/pam.d/groupadd @@ -0,0 +1,4 @@ +#%PAM-1.0 +auth sufficient pam_rootok.so +account required pam_permit.so +password include system-auth diff --git a/source/a/shadow/pam.d/groupdel b/source/a/shadow/pam.d/groupdel new file mode 100644 index 000000000..8f49f5cc8 --- /dev/null +++ b/source/a/shadow/pam.d/groupdel @@ -0,0 +1,4 @@ +#%PAM-1.0 +auth sufficient pam_rootok.so +account required pam_permit.so +password include system-auth diff --git a/source/a/shadow/pam.d/groupmems b/source/a/shadow/pam.d/groupmems new file mode 100644 index 000000000..8f49f5cc8 --- /dev/null +++ b/source/a/shadow/pam.d/groupmems @@ -0,0 +1,4 @@ +#%PAM-1.0 +auth sufficient pam_rootok.so +account required pam_permit.so +password include system-auth diff --git a/source/a/shadow/pam.d/groupmod b/source/a/shadow/pam.d/groupmod new file mode 100644 index 000000000..8f49f5cc8 --- /dev/null +++ b/source/a/shadow/pam.d/groupmod @@ -0,0 +1,4 @@ +#%PAM-1.0 +auth sufficient pam_rootok.so +account required pam_permit.so +password include system-auth diff --git a/source/a/shadow/pam.d/login b/source/a/shadow/pam.d/login new file mode 100644 index 000000000..eb3121996 --- /dev/null +++ b/source/a/shadow/pam.d/login @@ -0,0 +1,11 @@ +#%PAM-1.0 +auth required pam_securetty.so +auth include system-auth +auth include postlogin +account required pam_nologin.so +account include system-auth +password include system-auth +session include system-auth +session include postlogin +session required pam_loginuid.so +session optional pam_ck_connector.so nox11 diff --git a/source/a/shadow/pam.d/newusers b/source/a/shadow/pam.d/newusers new file mode 100644 index 000000000..8f49f5cc8 --- /dev/null +++ b/source/a/shadow/pam.d/newusers @@ -0,0 +1,4 @@ +#%PAM-1.0 +auth sufficient pam_rootok.so +account required pam_permit.so +password include system-auth diff --git a/source/a/shadow/pam.d/other b/source/a/shadow/pam.d/other new file mode 100644 index 000000000..572824934 --- /dev/null +++ b/source/a/shadow/pam.d/other @@ -0,0 +1,6 @@ +#%PAM-1.0 + +auth include system-auth +account include system-auth +password include system-auth +session include system-auth diff --git a/source/a/shadow/pam.d/passwd b/source/a/shadow/pam.d/passwd new file mode 100644 index 000000000..67f8ff542 --- /dev/null +++ b/source/a/shadow/pam.d/passwd @@ -0,0 +1,5 @@ +#%PAM-1.0 +auth include system-auth +account include system-auth +password include system-auth +session include system-auth diff --git a/source/a/shadow/pam.d/postlogin b/source/a/shadow/pam.d/postlogin new file mode 100644 index 000000000..9777b897a --- /dev/null +++ b/source/a/shadow/pam.d/postlogin @@ -0,0 +1,4 @@ +#%PAM-1.0 +session [success=1 default=ignore] pam_succeed_if.so service !~ gdm* service !~ su* quiet +session [default=1] pam_lastlog.so nowtmp showfailed +session optional pam_lastlog.so silent noupdate showfailed diff --git a/source/a/shadow/pam.d/su b/source/a/shadow/pam.d/su new file mode 100644 index 000000000..c7c814877 --- /dev/null +++ b/source/a/shadow/pam.d/su @@ -0,0 +1,11 @@ +#%PAM-1.0 +auth sufficient pam_rootok.so +# Uncomment the following line to implicitly trust users in the "wheel" group. +#auth sufficient pam_wheel.so trust use_uid +# Uncomment the following line to require a user to be in the "wheel" group. +#auth required pam_wheel.so use_uid +auth include system-auth +account include system-auth +password include system-auth +session include system-auth +session optional pam_xauth.so diff --git a/source/a/shadow/pam.d/su-l b/source/a/shadow/pam.d/su-l new file mode 100644 index 000000000..656a139a8 --- /dev/null +++ b/source/a/shadow/pam.d/su-l @@ -0,0 +1,6 @@ +#%PAM-1.0 +auth include su +account include su +password include su +session optional pam_keyinit.so force revoke +session include su diff --git a/source/a/shadow/pam.d/system-auth b/source/a/shadow/pam.d/system-auth new file mode 100644 index 000000000..5fa10c802 --- /dev/null +++ b/source/a/shadow/pam.d/system-auth @@ -0,0 +1,96 @@ +#%PAM-1.0 +# +# Most of these PAM modules have man pages included, like +# PAM_UNIX(8) for example. +# + +################## +# Authentication # +################## +# +# To set a limit on failed authentications, the tallying modules +# can be enabled. +# +auth required pam_env.so +auth required pam_tally2.so +# +auth sufficient pam_unix.so likeauth nullok +auth required pam_deny.so +auth optional pam_gnome_keyring.so + +################## +# Account checks # +################## +# +# Only root can login if file /etc/nologin exists. +# This is equivalent to NOLOGINS_FILE on login.defs +# +account required pam_nologin.so +# +# Enable restrictions by time, specified in /etc/security/time.conf +# This is equivalent to PORTTIME_CHECKS_ENAB on login.defs +# +account required pam_time.so +account required pam_unix.so +account sufficient pam_succeed_if.so uid < 100 quiet +account required pam_permit.so + +##################### +# Password handling # +##################### +# +# If you have CrackLib installed and enabled +# +# Passwords will be checked against a huge dictionary and need to +# have at least 6 characters (cracklib can't use 5). Some options +# of cracklib modules are: +# +# difok Number of characters that needs to be different +# between old and new characters +# minlen Password minimal length +# retry How many times the user can try bad new passwords +# dcredit,ocredit,ucredit,lcredit +# Digiti, Others, Uppercase, Lowercase characters +# Positive numbers marks the max number of credits given +# by one character class. With dcredit=5 and minlen=6, you +# can't use a full numeric password because more than 5 +# digit characters doesn't count credits to achieve the +# minimal length +# Negative numbers determine that a password needs to have +# at least N characters +# +# You can see many other pam_cracklib options at pam_cracklib(8) manpage +# +# Also, the "use_authtok" option for pam_unix is for working with pam_cracklib +# in sharing the password stack. See pam_unix(8) for more details. +# +# If you need to use CrackLib to enforce your passwords, uncomment +# two statements: +#password requisite pam_cracklib.so retry=3 minlen=6 \ +# difok=1 dcredit=5 ocredit=5 ucredit=5 lcredit=5 +#password sufficient pam_unix.so nullok sha512 shadow minlen=6 try_first_pass use_authtok +# +# -- +# A less intense option for cracklib, is: +#password requisite pam_cracklib.so retry=3 +#password sufficient pam_unix.so nullok sha512 shadow minlen=6 try_first_pass use_authtok +# -- +# The default is the "traditional" way without CrackLib. +# Passwords need to have at least 8 characters. If you are using Cracklib, +# please comment the next statement. +password sufficient pam_unix.so nullok sha512 shadow minlen=8 + +# ATTENTION: keep the line for pam_deny.so +password required pam_deny.so + +######################### +# Session Configuration # +######################### +# +# This applies the limits specified in /etc/security/limits.conf +# +session required pam_limits.so +session required pam_unix.so +#session required pam_lastlog.so showfailed +#session optional pam_mail.so standard +session optional pam_gnome_keyring.so auto_start diff --git a/source/a/shadow/pam.d/useradd b/source/a/shadow/pam.d/useradd new file mode 100644 index 000000000..8f49f5cc8 --- /dev/null +++ b/source/a/shadow/pam.d/useradd @@ -0,0 +1,4 @@ +#%PAM-1.0 +auth sufficient pam_rootok.so +account required pam_permit.so +password include system-auth diff --git a/source/a/shadow/pam.d/userdel b/source/a/shadow/pam.d/userdel new file mode 100644 index 000000000..8f49f5cc8 --- /dev/null +++ b/source/a/shadow/pam.d/userdel @@ -0,0 +1,4 @@ +#%PAM-1.0 +auth sufficient pam_rootok.so +account required pam_permit.so +password include system-auth diff --git a/source/a/shadow/pam.d/usermod b/source/a/shadow/pam.d/usermod new file mode 100644 index 000000000..8f49f5cc8 --- /dev/null +++ b/source/a/shadow/pam.d/usermod @@ -0,0 +1,4 @@ +#%PAM-1.0 +auth sufficient pam_rootok.so +account required pam_permit.so +password include system-auth |