security/pam: add pam configuration
This commit is contained in:
parent
434d44bde0
commit
fed2d7294b
|
|
@ -9,11 +9,12 @@ yescrypt, gost-yescrypt, scrypt, bcrypt, sha512crypt, sha256crypt, md5crypt, Sun
|
||||||
It provides the traditional Unix crypt and crypt_r interfaces, as well as a set of extended
|
It provides the traditional Unix crypt and crypt_r interfaces, as well as a set of extended
|
||||||
interfaces pioneered by Openwall Linux, crypt_rn, crypt_ra, crypt_gensalt, crypt_gensalt_rn, and crypt_gensalt_ra."
|
interfaces pioneered by Openwall Linux, crypt_rn, crypt_ra, crypt_gensalt, crypt_gensalt_rn, and crypt_gensalt_ra."
|
||||||
category="security"
|
category="security"
|
||||||
version="1.5.3"
|
version="1.5.3_1"
|
||||||
|
version2="${version%%_*}"
|
||||||
maintainer="ffqq@danwin1210.de"
|
maintainer="ffqq@danwin1210.de"
|
||||||
www="https://github.com/linux-pam/linux-pam"
|
www="https://github.com/linux-pam/linux-pam"
|
||||||
master_site="https://github.com/linux-pam/linux-pam/releases/download/v$version"
|
master_site="https://github.com/linux-pam/linux-pam/releases/download/v$version2"
|
||||||
source_name="linux-$name-$version.tar.xz"
|
source_name="linux-$name-$version2.tar.xz"
|
||||||
license_logic="single" # accepted values: single, and, or
|
license_logic="single" # accepted values: single, and, or
|
||||||
licenses=("GPLv2")
|
licenses=("GPLv2")
|
||||||
|
|
||||||
|
|
@ -21,9 +22,9 @@ build_dependencies=("devel/gmake" "lang/gcc" "security/libxcrypt" "textproc/flex
|
||||||
run_dependencies=("system/glibc" "security/libxcrypt")
|
run_dependencies=("system/glibc" "security/libxcrypt")
|
||||||
|
|
||||||
build_process() {
|
build_process() {
|
||||||
cd Linux-PAM-$version
|
cd Linux-PAM-$version2
|
||||||
curl -LO https://github.com/linux-pam/linux-pam/releases/download/v$version/Linux-PAM-$version-docs.tar.xz # fetch docs
|
curl -LO https://github.com/linux-pam/linux-pam/releases/download/v$version2/Linux-PAM-$version2-docs.tar.xz # fetch docs
|
||||||
tar -xf Linux-PAM-$version-docs.tar.xz
|
tar -xf Linux-PAM-$version2-docs.tar.xz
|
||||||
./configure --prefix=/usr \
|
./configure --prefix=/usr \
|
||||||
--sbindir=/usr/sbin \
|
--sbindir=/usr/sbin \
|
||||||
--sysconfdir=/etc \
|
--sysconfdir=/etc \
|
||||||
|
|
@ -34,4 +35,6 @@ build_process() {
|
||||||
make -j$(nproc)
|
make -j$(nproc)
|
||||||
make DESTDIR="$TAMANDUA_STAGE_DIR" install
|
make DESTDIR="$TAMANDUA_STAGE_DIR" install
|
||||||
chmod -v 4755 $TAMANDUA_STAGE_DIR/usr/sbin/unix_chkpwd
|
chmod -v 4755 $TAMANDUA_STAGE_DIR/usr/sbin/unix_chkpwd
|
||||||
|
mkdir -p $TAMANDUA_STAGE_DIR/etc/pam.d
|
||||||
|
cp -v $TAMANDUA_FILES_DIR/* $TAMANDUA_STAGE_DIR/etc/pam.d
|
||||||
}
|
}
|
||||||
|
|
@ -0,0 +1,9 @@
|
||||||
|
#%PAM-1.0
|
||||||
|
auth required pam_deny.so
|
||||||
|
auth required pam_warn.so
|
||||||
|
account required pam_deny.so
|
||||||
|
account required pam_warn.so
|
||||||
|
password required pam_deny.so
|
||||||
|
password required pam_warn.so
|
||||||
|
session required pam_deny.so
|
||||||
|
session required pam_warn.so
|
||||||
|
|
@ -0,0 +1,23 @@
|
||||||
|
#%PAM-1.0
|
||||||
|
|
||||||
|
auth required pam_faillock.so preauth
|
||||||
|
# Optionally use requisite above if you do not want to prompt for the password
|
||||||
|
# on locked accounts.
|
||||||
|
auth [success=1 default=bad] pam_unix.so try_first_pass nullok
|
||||||
|
auth [default=die] pam_faillock.so authfail
|
||||||
|
auth optional pam_permit.so
|
||||||
|
auth required pam_env.so
|
||||||
|
auth required pam_faillock.so authsucc
|
||||||
|
# If you drop the above call to pam_faillock.so the lock will be done also
|
||||||
|
# on non-consecutive authentication failures.
|
||||||
|
|
||||||
|
account required pam_unix.so
|
||||||
|
account optional pam_permit.so
|
||||||
|
account required pam_time.so
|
||||||
|
|
||||||
|
password required pam_unix.so try_first_pass nullok shadow
|
||||||
|
password optional pam_permit.so
|
||||||
|
|
||||||
|
session required pam_limits.so
|
||||||
|
session required pam_unix.so
|
||||||
|
session optional pam_permit.so
|
||||||
|
|
@ -0,0 +1,6 @@
|
||||||
|
#%PAM-1.0
|
||||||
|
|
||||||
|
auth include system-login
|
||||||
|
account include system-login
|
||||||
|
password include system-login
|
||||||
|
session include system-login
|
||||||
|
|
@ -0,0 +1,21 @@
|
||||||
|
#%PAM-1.0
|
||||||
|
|
||||||
|
auth required pam_shells.so
|
||||||
|
auth requisite pam_nologin.so
|
||||||
|
auth include system-auth
|
||||||
|
|
||||||
|
account required pam_access.so
|
||||||
|
account required pam_nologin.so
|
||||||
|
account include system-auth
|
||||||
|
|
||||||
|
password include system-auth
|
||||||
|
|
||||||
|
session optional pam_loginuid.so
|
||||||
|
session optional pam_keyinit.so force revoke
|
||||||
|
session include system-auth
|
||||||
|
session optional pam_motd.so
|
||||||
|
session optional pam_mail.so dir=/var/spool/mail standard quiet
|
||||||
|
session optional pam_umask.so
|
||||||
|
-session optional pam_elogind.so
|
||||||
|
session required pam_env.so user_readenv=1
|
||||||
|
-session optional pam_rundir.so
|
||||||
|
|
@ -0,0 +1,6 @@
|
||||||
|
#%PAM-1.0
|
||||||
|
|
||||||
|
auth include system-login
|
||||||
|
account include system-login
|
||||||
|
password include system-login
|
||||||
|
session include system-login
|
||||||
Loading…
Reference in New Issue