summaryrefslogtreecommitdiffstats
path: root/patches/source/util-linux/pam.d/login
diff options
context:
space:
mode:
Diffstat (limited to 'patches/source/util-linux/pam.d/login')
-rw-r--r--patches/source/util-linux/pam.d/login20
1 files changed, 20 insertions, 0 deletions
diff --git a/patches/source/util-linux/pam.d/login b/patches/source/util-linux/pam.d/login
new file mode 100644
index 000000000..8b6792263
--- /dev/null
+++ b/patches/source/util-linux/pam.d/login
@@ -0,0 +1,20 @@
+#%PAM-1.0
+auth required pam_securetty.so
+# When using pam_faillock, print a message to the user if the account is
+# locked. This lets the user know what is going on, but it also potentially
+# gives additional information to attackers:
+#auth requisite pam_faillock.so preauth
+auth include system-auth
+# To set a limit on failed authentications, the pam_faillock module
+# can be enabled. See pam_faillock(8) for more information.
+#auth [default=die] pam_faillock.so authfail
+#auth sufficient pam_faillock.so authsucc
+auth include postlogin
+account required pam_nologin.so
+account include system-auth
+password include system-auth
+session include system-auth
+session include postlogin
+session required pam_loginuid.so
+-session optional pam_ck_connector.so nox11
+-session optional pam_elogind.so
generated by cgit v1.2.3 (git 2.26.2) at 2024-04-28 09:25:54 +0000