summaryrefslogtreecommitdiffstats
path: root/patches/source/util-linux/pam.d
diff options
context:
space:
mode:
Diffstat (limited to 'patches/source/util-linux/pam.d')
-rw-r--r--patches/source/util-linux/pam.d/chfn6
-rw-r--r--patches/source/util-linux/pam.d/chsh6
-rw-r--r--patches/source/util-linux/pam.d/login20
-rw-r--r--patches/source/util-linux/pam.d/runuser5
-rw-r--r--patches/source/util-linux/pam.d/runuser-l4
5 files changed, 41 insertions, 0 deletions
diff --git a/patches/source/util-linux/pam.d/chfn b/patches/source/util-linux/pam.d/chfn
new file mode 100644
index 000000000..2dbc0aafd
--- /dev/null
+++ b/patches/source/util-linux/pam.d/chfn
@@ -0,0 +1,6 @@
+#%PAM-1.0
+auth sufficient pam_rootok.so
+auth include system-auth
+account include system-auth
+password include system-auth
+session include system-auth
diff --git a/patches/source/util-linux/pam.d/chsh b/patches/source/util-linux/pam.d/chsh
new file mode 100644
index 000000000..2dbc0aafd
--- /dev/null
+++ b/patches/source/util-linux/pam.d/chsh
@@ -0,0 +1,6 @@
+#%PAM-1.0
+auth sufficient pam_rootok.so
+auth include system-auth
+account include system-auth
+password include system-auth
+session include system-auth
diff --git a/patches/source/util-linux/pam.d/login b/patches/source/util-linux/pam.d/login
new file mode 100644
index 000000000..8b6792263
--- /dev/null
+++ b/patches/source/util-linux/pam.d/login
@@ -0,0 +1,20 @@
+#%PAM-1.0
+auth required pam_securetty.so
+# When using pam_faillock, print a message to the user if the account is
+# locked. This lets the user know what is going on, but it also potentially
+# gives additional information to attackers:
+#auth requisite pam_faillock.so preauth
+auth include system-auth
+# To set a limit on failed authentications, the pam_faillock module
+# can be enabled. See pam_faillock(8) for more information.
+#auth [default=die] pam_faillock.so authfail
+#auth sufficient pam_faillock.so authsucc
+auth include postlogin
+account required pam_nologin.so
+account include system-auth
+password include system-auth
+session include system-auth
+session include postlogin
+session required pam_loginuid.so
+-session optional pam_ck_connector.so nox11
+-session optional pam_elogind.so
diff --git a/patches/source/util-linux/pam.d/runuser b/patches/source/util-linux/pam.d/runuser
new file mode 100644
index 000000000..5344abfe8
--- /dev/null
+++ b/patches/source/util-linux/pam.d/runuser
@@ -0,0 +1,5 @@
+#%PAM-1.0
+auth sufficient pam_rootok.so
+session optional pam_keyinit.so revoke
+session required pam_limits.so
+session required pam_unix.so
diff --git a/patches/source/util-linux/pam.d/runuser-l b/patches/source/util-linux/pam.d/runuser-l
new file mode 100644
index 000000000..5ba318ace
--- /dev/null
+++ b/patches/source/util-linux/pam.d/runuser-l
@@ -0,0 +1,4 @@
+#%PAM-1.0
+auth include runuser
+session optional pam_keyinit.so force revoke
+session include runuser
generated by cgit v1.2.3 (git 2.26.2) at 2024-05-10 20:10:49 +0000