diff options
Diffstat (limited to 'patches/source/util-linux/pam.d')
-rw-r--r-- | patches/source/util-linux/pam.d/chfn | 6 | ||||
-rw-r--r-- | patches/source/util-linux/pam.d/chsh | 6 | ||||
-rw-r--r-- | patches/source/util-linux/pam.d/login | 20 | ||||
-rw-r--r-- | patches/source/util-linux/pam.d/runuser | 5 | ||||
-rw-r--r-- | patches/source/util-linux/pam.d/runuser-l | 4 |
5 files changed, 41 insertions, 0 deletions
diff --git a/patches/source/util-linux/pam.d/chfn b/patches/source/util-linux/pam.d/chfn new file mode 100644 index 000000000..2dbc0aafd --- /dev/null +++ b/patches/source/util-linux/pam.d/chfn @@ -0,0 +1,6 @@ +#%PAM-1.0 +auth sufficient pam_rootok.so +auth include system-auth +account include system-auth +password include system-auth +session include system-auth diff --git a/patches/source/util-linux/pam.d/chsh b/patches/source/util-linux/pam.d/chsh new file mode 100644 index 000000000..2dbc0aafd --- /dev/null +++ b/patches/source/util-linux/pam.d/chsh @@ -0,0 +1,6 @@ +#%PAM-1.0 +auth sufficient pam_rootok.so +auth include system-auth +account include system-auth +password include system-auth +session include system-auth diff --git a/patches/source/util-linux/pam.d/login b/patches/source/util-linux/pam.d/login new file mode 100644 index 000000000..8b6792263 --- /dev/null +++ b/patches/source/util-linux/pam.d/login @@ -0,0 +1,20 @@ +#%PAM-1.0 +auth required pam_securetty.so +# When using pam_faillock, print a message to the user if the account is +# locked. This lets the user know what is going on, but it also potentially +# gives additional information to attackers: +#auth requisite pam_faillock.so preauth +auth include system-auth +# To set a limit on failed authentications, the pam_faillock module +# can be enabled. See pam_faillock(8) for more information. +#auth [default=die] pam_faillock.so authfail +#auth sufficient pam_faillock.so authsucc +auth include postlogin +account required pam_nologin.so +account include system-auth +password include system-auth +session include system-auth +session include postlogin +session required pam_loginuid.so +-session optional pam_ck_connector.so nox11 +-session optional pam_elogind.so diff --git a/patches/source/util-linux/pam.d/runuser b/patches/source/util-linux/pam.d/runuser new file mode 100644 index 000000000..5344abfe8 --- /dev/null +++ b/patches/source/util-linux/pam.d/runuser @@ -0,0 +1,5 @@ +#%PAM-1.0 +auth sufficient pam_rootok.so +session optional pam_keyinit.so revoke +session required pam_limits.so +session required pam_unix.so diff --git a/patches/source/util-linux/pam.d/runuser-l b/patches/source/util-linux/pam.d/runuser-l new file mode 100644 index 000000000..5ba318ace --- /dev/null +++ b/patches/source/util-linux/pam.d/runuser-l @@ -0,0 +1,4 @@ +#%PAM-1.0 +auth include runuser +session optional pam_keyinit.so force revoke +session include runuser |