Fri Feb 7 22:32:38 UTC 202020200207223238

a/kernel-firmware-20200206_5351afe-noarch-1.txz: Upgraded. ap/ghostscript-9.50-x86_64-2.txz: Rebuilt. Recompiled against krb5-1.17.1. ap/gutenprint-5.3.3-x86_64-2.txz: Rebuilt. Recompiled against krb5-1.17.1. ap/nano-4.8-x86_64-1.txz: Upgraded. ap/screen-4.8.0-x86_64-1.txz: Upgraded. ap/vim-8.2.0224-x86_64-1.txz: Upgraded. d/cvs-1.11.23-x86_64-4.txz: Rebuilt. Recompiled against krb5-1.17.1. d/strace-5.5-x86_64-1.txz: Upgraded. kde/kdelibs-4.14.38-x86_64-6.txz: Rebuilt. Recompiled against krb5-1.17.1. l/gtk+2-2.24.32-x86_64-3.txz: Rebuilt. Recompiled against krb5-1.17.1. l/gtk+3-3.24.13-x86_64-2.txz: Rebuilt. Recompiled against krb5-1.17.1. l/libsoup-2.68.3-x86_64-2.txz: Rebuilt. Recompiled against krb5-1.17.1. l/libssh-0.9.3-x86_64-2.txz: Rebuilt. Recompiled against krb5-1.17.1. l/loudmouth-1.5.3-x86_64-4.txz: Rebuilt. Recompiled against krb5-1.17.1. l/neon-0.30.2-x86_64-2.txz: Rebuilt. Recompiled against krb5-1.17.1. n/cifs-utils-6.10-x86_64-2.txz: Rebuilt. Recompiled to build cifs.upcall. n/curl-7.68.0-x86_64-2.txz: Rebuilt. Recompiled against krb5-1.17.1. n/cyrus-sasl-2.1.27-x86_64-2.txz: Rebuilt. Recompiled against krb5-1.17.1. xap/vim-gvim-8.2.0224-x86_64-1.txz: Upgraded.
author: Patrick J Volkerding <volkerdi@slackware.com> 2020-02-07 22:32:38 +0000
committer: Eric Hameleers <alien@slackware.com> 2020-02-08 08:59:48 +0100
commit: 080300e1e7dec7bb1a6297b5a4406e2c0be46048 (patch)
tree: 4ca397920d9a177af9eb3ca6781e2c8498b3672d /source/a/shadow/pam.d
parent: 194ec853e8f20fd32d5a91eec74ff77383093f4e (diff)
download: current-080300e1e7dec7bb1a6297b5a4406e2c0be46048.tar.gz
current-080300e1e7dec7bb1a6297b5a4406e2c0be46048.tar.xz
20 files changed, 191 insertions, 0 deletions
diff --git a/source/a/shadow/pam.d/chage b/source/a/shadow/pam.d/chage
new file mode 100644
index 000000000..8f49f5cc8
--- /dev/null
+++ b/source/a/shadow/pam.d/chage
@@ -0,0 +1,4 @@
+#%PAM-1.0
+auth		sufficient	pam_rootok.so
+account		required	pam_permit.so
+password	include		system-auth
diff --git a/source/a/shadow/pam.d/chfn b/source/a/shadow/pam.d/chfn
new file mode 100644
index 000000000..8f49f5cc8
--- /dev/null
+++ b/source/a/shadow/pam.d/chfn
@@ -0,0 +1,4 @@
+#%PAM-1.0
+auth		sufficient	pam_rootok.so
+account		required	pam_permit.so
+password	include		system-auth
diff --git a/source/a/shadow/pam.d/chgpasswd b/source/a/shadow/pam.d/chgpasswd
new file mode 100644
index 000000000..8f49f5cc8
--- /dev/null
+++ b/source/a/shadow/pam.d/chgpasswd
@@ -0,0 +1,4 @@
+#%PAM-1.0
+auth		sufficient	pam_rootok.so
+account		required	pam_permit.so
+password	include		system-auth
diff --git a/source/a/shadow/pam.d/chpasswd b/source/a/shadow/pam.d/chpasswd
new file mode 100644
index 000000000..8f49f5cc8
--- /dev/null
+++ b/source/a/shadow/pam.d/chpasswd
@@ -0,0 +1,4 @@
+#%PAM-1.0
+auth		sufficient	pam_rootok.so
+account		required	pam_permit.so
+password	include		system-auth
diff --git a/source/a/shadow/pam.d/chsh b/source/a/shadow/pam.d/chsh
new file mode 100644
index 000000000..8f49f5cc8
--- /dev/null
+++ b/source/a/shadow/pam.d/chsh
@@ -0,0 +1,4 @@
+#%PAM-1.0
+auth		sufficient	pam_rootok.so
+account		required	pam_permit.so
+password	include		system-auth
diff --git a/source/a/shadow/pam.d/groupadd b/source/a/shadow/pam.d/groupadd
new file mode 100644
index 000000000..8f49f5cc8
--- /dev/null
+++ b/source/a/shadow/pam.d/groupadd
@@ -0,0 +1,4 @@
+#%PAM-1.0
+auth		sufficient	pam_rootok.so
+account		required	pam_permit.so
+password	include		system-auth
diff --git a/source/a/shadow/pam.d/groupdel b/source/a/shadow/pam.d/groupdel
new file mode 100644
index 000000000..8f49f5cc8
--- /dev/null
+++ b/source/a/shadow/pam.d/groupdel
@@ -0,0 +1,4 @@
+#%PAM-1.0
+auth		sufficient	pam_rootok.so
+account		required	pam_permit.so
+password	include		system-auth
diff --git a/source/a/shadow/pam.d/groupmems b/source/a/shadow/pam.d/groupmems
new file mode 100644
index 000000000..8f49f5cc8
--- /dev/null
+++ b/source/a/shadow/pam.d/groupmems
@@ -0,0 +1,4 @@
+#%PAM-1.0
+auth		sufficient	pam_rootok.so
+account		required	pam_permit.so
+password	include		system-auth
diff --git a/source/a/shadow/pam.d/groupmod b/source/a/shadow/pam.d/groupmod
new file mode 100644
index 000000000..8f49f5cc8
--- /dev/null
+++ b/source/a/shadow/pam.d/groupmod
@@ -0,0 +1,4 @@
+#%PAM-1.0
+auth		sufficient	pam_rootok.so
+account		required	pam_permit.so
+password	include		system-auth
diff --git a/source/a/shadow/pam.d/login b/source/a/shadow/pam.d/login
new file mode 100644
index 000000000..eb3121996
--- /dev/null
+++ b/source/a/shadow/pam.d/login
@@ -0,0 +1,11 @@
+#%PAM-1.0
+auth		required	pam_securetty.so
+auth		include		system-auth
+auth		include		postlogin
+account		required	pam_nologin.so
+account		include		system-auth
+password	include		system-auth
+session		include		system-auth
+session		include		postlogin
+session		required	pam_loginuid.so
+session		optional	pam_ck_connector.so nox11
diff --git a/source/a/shadow/pam.d/newusers b/source/a/shadow/pam.d/newusers
new file mode 100644
index 000000000..8f49f5cc8
--- /dev/null
+++ b/source/a/shadow/pam.d/newusers
@@ -0,0 +1,4 @@
+#%PAM-1.0
+auth		sufficient	pam_rootok.so
+account		required	pam_permit.so
+password	include		system-auth
diff --git a/source/a/shadow/pam.d/other b/source/a/shadow/pam.d/other
new file mode 100644
index 000000000..572824934
--- /dev/null
+++ b/source/a/shadow/pam.d/other
@@ -0,0 +1,6 @@
+#%PAM-1.0
+
+auth       include      system-auth
+account    include      system-auth
+password   include      system-auth
+session    include      system-auth
diff --git a/source/a/shadow/pam.d/passwd b/source/a/shadow/pam.d/passwd
new file mode 100644
index 000000000..67f8ff542
--- /dev/null
+++ b/source/a/shadow/pam.d/passwd
@@ -0,0 +1,5 @@
+#%PAM-1.0
+auth		include		system-auth
+account		include		system-auth
+password	include		system-auth
+session		include		system-auth
diff --git a/source/a/shadow/pam.d/postlogin b/source/a/shadow/pam.d/postlogin
new file mode 100644
index 000000000..9777b897a
--- /dev/null
+++ b/source/a/shadow/pam.d/postlogin
@@ -0,0 +1,4 @@
+#%PAM-1.0
+session     [success=1 default=ignore] pam_succeed_if.so service !~ gdm* service !~ su* quiet
+session     [default=1]   pam_lastlog.so nowtmp showfailed
+session     optional      pam_lastlog.so silent noupdate showfailed
diff --git a/source/a/shadow/pam.d/su b/source/a/shadow/pam.d/su
new file mode 100644
index 000000000..c7c814877
--- /dev/null
+++ b/source/a/shadow/pam.d/su
@@ -0,0 +1,11 @@
+#%PAM-1.0
+auth		sufficient	pam_rootok.so
+# Uncomment the following line to implicitly trust users in the "wheel" group.
+#auth		sufficient	pam_wheel.so trust use_uid
+# Uncomment the following line to require a user to be in the "wheel" group.
+#auth		required	pam_wheel.so use_uid
+auth		include		system-auth
+account		include		system-auth
+password	include		system-auth
+session		include		system-auth
+session		optional	pam_xauth.so
diff --git a/source/a/shadow/pam.d/su-l b/source/a/shadow/pam.d/su-l
new file mode 100644
index 000000000..656a139a8
--- /dev/null
+++ b/source/a/shadow/pam.d/su-l
@@ -0,0 +1,6 @@
+#%PAM-1.0
+auth		include		su
+account		include		su
+password	include		su
+session		optional	pam_keyinit.so force revoke
+session		include		su
diff --git a/source/a/shadow/pam.d/system-auth b/source/a/shadow/pam.d/system-auth
new file mode 100644
index 000000000..5fa10c802
--- /dev/null
+++ b/source/a/shadow/pam.d/system-auth
@@ -0,0 +1,96 @@
+#%PAM-1.0
+#
+# Most of these PAM modules have man pages included, like 
+# PAM_UNIX(8) for example.
+#
+
+##################
+# Authentication #
+##################
+#
+# To set a limit on failed authentications, the tallying modules
+# can be enabled.
+#
+auth        required      pam_env.so
+auth        required      pam_tally2.so
+#
+auth        sufficient    pam_unix.so likeauth nullok
+auth        required      pam_deny.so
+auth        optional      pam_gnome_keyring.so
+
+##################
+# Account checks #
+##################
+#
+# Only root can login if file /etc/nologin exists.
+# This is equivalent to NOLOGINS_FILE on login.defs
+#
+account     required      pam_nologin.so
+#
+# Enable restrictions by time, specified in /etc/security/time.conf
+# This is equivalent to PORTTIME_CHECKS_ENAB on login.defs
+#
+account     required	  pam_time.so		
+account     required      pam_unix.so
+account     sufficient    pam_succeed_if.so uid < 100 quiet
+account     required      pam_permit.so
+
+#####################
+# Password handling #
+#####################
+#
+# If you have CrackLib installed and enabled
+#
+# Passwords will be checked against a huge dictionary and need to
+# have at least 6 characters (cracklib can't use 5). Some options
+# of cracklib modules are:
+#
+# difok		Number of characters that needs to be different 
+#		between old and new characters
+# minlen	Password minimal length
+# retry		How many times the user can try bad new passwords
+# dcredit,ocredit,ucredit,lcredit
+#		Digiti, Others, Uppercase, Lowercase characters
+#		Positive numbers marks the max number of credits given
+#		by one character class. With dcredit=5 and minlen=6, you
+#		can't use a full numeric password because more than 5
+#		digit characters doesn't count credits to achieve the
+#		minimal length
+#		Negative numbers determine that a password needs to have
+#		at least N characters
+#
+# You can see many other pam_cracklib options at pam_cracklib(8) manpage
+# 
+# Also, the "use_authtok" option for pam_unix is for working with pam_cracklib
+# in sharing the password stack. See pam_unix(8) for more details.
+#
+# If you need to use CrackLib to enforce your passwords, uncomment 
+# two statements:
+#password    requisite     pam_cracklib.so retry=3 minlen=6 \
+#			  difok=1 dcredit=5 ocredit=5 ucredit=5 lcredit=5
+#password    sufficient    pam_unix.so nullok sha512 shadow minlen=6 try_first_pass use_authtok
+#
+# --
+# A less intense option for cracklib, is:
+#password    requisite     pam_cracklib.so retry=3
+#password    sufficient    pam_unix.so nullok sha512 shadow minlen=6 try_first_pass use_authtok
+# --
+# The default is the "traditional" way without CrackLib.
+# Passwords need to have at least 8 characters. If you are using Cracklib,
+# please comment the next statement.
+password    sufficient    pam_unix.so nullok sha512 shadow minlen=8
+
+# ATTENTION: keep the line for pam_deny.so
+password    required      pam_deny.so
+
+#########################
+# Session Configuration #
+#########################
+#
+# This applies the limits specified in /etc/security/limits.conf
+#
+session     required      pam_limits.so
+session     required      pam_unix.so
+#session     required      pam_lastlog.so showfailed
+#session     optional      pam_mail.so standard
+session     optional      pam_gnome_keyring.so auto_start
diff --git a/source/a/shadow/pam.d/useradd b/source/a/shadow/pam.d/useradd
new file mode 100644
index 000000000..8f49f5cc8
--- /dev/null
+++ b/source/a/shadow/pam.d/useradd
@@ -0,0 +1,4 @@
+#%PAM-1.0
+auth		sufficient	pam_rootok.so
+account		required	pam_permit.so
+password	include		system-auth
diff --git a/source/a/shadow/pam.d/userdel b/source/a/shadow/pam.d/userdel
new file mode 100644
index 000000000..8f49f5cc8
--- /dev/null
+++ b/source/a/shadow/pam.d/userdel
@@ -0,0 +1,4 @@
+#%PAM-1.0
+auth		sufficient	pam_rootok.so
+account		required	pam_permit.so
+password	include		system-auth
diff --git a/source/a/shadow/pam.d/usermod b/source/a/shadow/pam.d/usermod
new file mode 100644
index 000000000..8f49f5cc8
--- /dev/null
+++ b/source/a/shadow/pam.d/usermod
@@ -0,0 +1,4 @@
+#%PAM-1.0
+auth		sufficient	pam_rootok.so
+account		required	pam_permit.so
+password	include		system-auth
author	Patrick J Volkerding <volkerdi@slackware.com>	2020-02-07 22:32:38 +0000
committer	Eric Hameleers <alien@slackware.com>	2020-02-08 08:59:48 +0100
commit	080300e1e7dec7bb1a6297b5a4406e2c0be46048 (patch)
tree	4ca397920d9a177af9eb3ca6781e2c8498b3672d /source/a/shadow/pam.d
parent	194ec853e8f20fd32d5a91eec74ff77383093f4e (diff)
download	current-080300e1e7dec7bb1a6297b5a4406e2c0be46048.tar.gz current-080300e1e7dec7bb1a6297b5a4406e2c0be46048.tar.xz