[gentoo-commits] proj/pambase:master commit in: /

[gentoo-commits] proj/pambase:master commit in: /

[Paweł Hajdan]

commit:     2b4bd18ae09dbe7d1e0ea07c2ca0a7fe891c621e
Author:     Pawel Hajdan, Jr <phajdan.jr <AT> gentoo <DOT> org>
AuthorDate: Tue Mar 20 18:10:40 2012 +0000
Commit:     Paweł Hajdan <phajdan.jr <AT> gentoo <DOT> org>
CommitDate: Tue Mar 20 18:10:47 2012 +0000
URL:        http://git.overlays.gentoo.org/gitweb/?p=proj/pambase.git;a=commit;h=2b4bd18a

Add pam.d files for login, passwd and su.

Those should be shared between shadow implementations.

---
 .gitignore |    3 +++
 Makefile   |    2 +-
 login.in   |    6 ++++++
 passwd.in  |    6 ++++++
 su.in      |   12 ++++++++++++
 5 files changed, 28 insertions(+), 1 deletions(-)

diff --git a/.gitignore b/.gitignore
index 81b97ba..2c63905 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,3 +1,6 @@
+login
+passwd
+su
 system-auth
 system-login
 system-local-login

diff --git a/Makefile b/Makefile
index 31482e8..7d3e22a 100644
--- a/Makefile
+++ b/Makefile
@@ -3,7 +3,7 @@
 CPP=cpp
 
 # The pam.d file to create
-PAMD=system-auth system-login system-local-login system-remote-login system-services other
+PAMD=login passwd su system-auth system-login system-local-login system-remote-login system-services other
 
 # command for git (the DVCS); set this to "true" to ignore GIT support
 # (i.e.: in the ebuild)

diff --git a/login.in b/login.in
new file mode 100644
index 0000000..13abd27
--- /dev/null
+++ b/login.in
@@ -0,0 +1,6 @@
+auth       required	pam_securetty.so
+auth       include	system-local-login
+
+account    include	system-local-login
+password   include	system-local-login
+session    include	system-local-login

diff --git a/passwd.in b/passwd.in
new file mode 100644
index 0000000..7eabf3d
--- /dev/null
+++ b/passwd.in
@@ -0,0 +1,6 @@
+auth       sufficient   pam_rootok.so
+auth       include	system-auth
+
+account    include	system-auth
+
+password   include	system-auth

diff --git a/su.in b/su.in
new file mode 100644
index 0000000..121bb9a
--- /dev/null
+++ b/su.in
@@ -0,0 +1,12 @@
+auth       sufficient	pam_rootok.so
+auth       required     pam_wheel.so use_uid
+auth       include		system-auth
+
+account    include		system-auth
+
+password   include		system-auth
+
+session    include		system-auth
+session    required     pam_env.so
+session    optional		pam_xauth.so
+

[gentoo-commits] proj/pambase:master commit in: /

[Samuli Suominen]

commit:     c1058bd8ccde0c56454a48339e9afb7a6e7fa80f
Author:     Samuli Suominen <ssuominen <AT> gentoo <DOT> org>
AuthorDate: Thu Mar 13 13:52:27 2014 +0000
Commit:     Samuli Suominen <ssuominen <AT> gentoo <DOT> org>
CommitDate: Thu Mar 13 13:52:27 2014 +0000
URL:        http://git.overlays.gentoo.org/gitweb/?p=proj/pambase.git;a=commit;h=c1058bd8

Import -systemd.patch and -systemd-auth.patch from gentoo-x86, see both bugs #372229 and #485470

---
 Makefile       | 4 ++++
 system-auth.in | 4 ++++
 2 files changed, 8 insertions(+)

diff --git a/Makefile b/Makefile
index 7d3e22a..ec5d240 100644
--- a/Makefile
+++ b/Makefile
@@ -28,6 +28,10 @@ ifeq "$(CONSOLEKIT)" "yes"
 PAMFLAGS += -DHAVE_CONSOLEKIT=1
 endif
 
+ifeq "$(SYSTEMD)" "yes"
+PAMFLAGS += -DHAVE_SYSTEMD=1
+endif
+
 ifeq "$(GNOME_KEYRING)" "yes"
 PAMFLAGS += -DHAVE_GNOME_KEYRING=1
 endif

diff --git a/system-auth.in b/system-auth.in
index a80d653..43df701 100644
--- a/system-auth.in
+++ b/system-auth.in
@@ -35,3 +35,7 @@ password	optional	pam_permit.so
 session		optional	pam_ssh.so
 #endif
 #include "system-session.inc"
+
+#if HAVE_SYSTEMD
+-session        optional        pam_systemd.so
+#endif

[gentoo-commits] proj/pambase:master commit in: /

[Samuli Suominen]

commit:     ae72ea9e54b7f5035fb6b3120c0e75e79860e819
Author:     Samuli Suominen <ssuominen <AT> gentoo <DOT> org>
AuthorDate: Thu Mar 13 14:13:15 2014 +0000
Commit:     Samuli Suominen <ssuominen <AT> gentoo <DOT> org>
CommitDate: Thu Mar 13 14:13:15 2014 +0000
URL:        http://git.overlays.gentoo.org/gitweb/?p=proj/pambase.git;a=commit;h=ae72ea9e

Import -lastlog-silent.patch from gentoo-x86, see bug #468798

---
 login.in        | 2 ++
 system-login.in | 2 +-
 2 files changed, 3 insertions(+), 1 deletion(-)

diff --git a/login.in b/login.in
index 13abd27..14165a2 100644
--- a/login.in
+++ b/login.in
@@ -3,4 +3,6 @@ auth       include	system-local-login
 
 account    include	system-local-login
 password   include	system-local-login
+
+session    optional pam_lastlog.so DEBUG
 session    include	system-local-login

diff --git a/system-login.in b/system-login.in
index 0c3b5c8..11ac032 100644
--- a/system-login.in
+++ b/system-login.in
@@ -41,7 +41,7 @@ session		required	pam_selinux.so close
 session		required	pam_env.so DEBUG
 #endif
 #if HAVE_LASTLOG
-session		optional	pam_lastlog.so DEBUG
+session		optional	pam_lastlog.so silent DEBUG
 #endif
 session		include		system-auth
 #if HAVE_CONSOLEKIT

[gentoo-commits] proj/pambase:master commit in: /

[Samuli Suominen]

commit:     bec2aa7cdde64d59cf4fdb5de661188da7cc6e59
Author:     Samuli Suominen <ssuominen <AT> gentoo <DOT> org>
AuthorDate: Thu Mar 13 14:36:19 2014 +0000
Commit:     Samuli Suominen <ssuominen <AT> gentoo <DOT> org>
CommitDate: Thu Mar 13 14:36:19 2014 +0000
URL:        http://git.overlays.gentoo.org/gitweb/?p=proj/pambase.git;a=commit;h=bec2aa7c

Use xz instead of bzip2 for dist.

---
 Makefile | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/Makefile b/Makefile
index ec5d240..574d0d1 100644
--- a/Makefile
+++ b/Makefile
@@ -75,11 +75,11 @@ ifeq "$(VERSION)" ""
 VERSION = $(shell date +"%Y%m%d")
 endif
 
-dist: $(PACKAGE)-$(VERSION).tar.bz2
+dist: $(PACKAGE)-$(VERSION).tar.xz
 
-$(PACKAGE)-$(VERSION).tar.bz2: $(shell $(GIT) ls-files)
+$(PACKAGE)-$(VERSION).tar.xz: $(shell $(GIT) ls-files)
 	$(GIT) tag $(PACKAGE)-$(VERSION)
-	$(GIT) archive --format=tar --prefix=$(PACKAGE)-$(VERSION)/ HEAD | bzip2 > $@
+	$(GIT) archive --format=tar --prefix=$(PACKAGE)-$(VERSION)/ HEAD | xz > $@
 
 $(PAMD): %: %.in
 	$(CPP) -traditional-cpp -P $(PAMFLAGS) $< -o $@

[gentoo-commits] proj/pambase:master commit in: /

[Mike Frysinger]

commit:     adef1185caa1f372420d6dd71d4968115ae0e3bf
Author:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
AuthorDate: Sat Feb 14 03:34:50 2015 +0000
Commit:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
CommitDate: Sat Feb 14 03:34:50 2015 +0000
URL:        http://sources.gentoo.org/gitweb/?p=proj/pambase.git;a=commit;h=adef1185

make nullok into a build time option

---
 Makefile       | 4 ++++
 basic-conf     | 6 ++++++
 system-auth.in | 4 ++--
 3 files changed, 12 insertions(+), 2 deletions(-)

diff --git a/Makefile b/Makefile
index 339de62..a459fd0 100644
--- a/Makefile
+++ b/Makefile
@@ -56,6 +56,10 @@ ifeq "$(KRB5)" "yes"
 PAMFLAGS += -DHAVE_KRB5=1
 endif
 
+ifeq "$(NULLOK)" "yes"
+PAMFLAGS += -DWANT_NULLOK=1
+endif
+
 ifeq "$(SHA512)" "yes"
 PAMFLAGS += -DWANT_SHA512=1
 endif

diff --git a/basic-conf b/basic-conf
index eaa1cb0..5ab72c0 100644
--- a/basic-conf
+++ b/basic-conf
@@ -29,6 +29,12 @@
 #define LIKEAUTH
 #endif
 
+#if WANT_NULLOK
+#define NULLOK nullok
+#else
+#define NULLOK
+#endif
+
 #define KRB5_PARAMS DEBUG ignore_root try_first_pass
 
 /* By using the extended Linux-PAM syntax for this, it is possible to

diff --git a/system-auth.in b/system-auth.in
index 43df701..1f7ffbd 100644
--- a/system-auth.in
+++ b/system-auth.in
@@ -7,7 +7,7 @@ auth		sufficient	pam_ssh.so
 #if HAVE_KRB5
 auth		KRB5_CONTROL	pam_krb5.so KRB5_PARAMS
 #endif
-auth		required	pam_unix.so try_first_pass LIKEAUTH nullok DEBUG
+auth		required	pam_unix.so try_first_pass LIKEAUTH NULLOK DEBUG
 /* This is needed to make sure that the Kerberos skip-on-success won't cause a bad jump. */
 auth		optional	pam_permit.so
  
@@ -27,7 +27,7 @@ password	required	pam_passwdqc.so min=8,8,8,8,8 retry=3
 #if HAVE_KRB5
 password	KRB5_CONTROL	pam_krb5.so KRB5_PARAMS
 #endif
-password	required	pam_unix.so try_first_pass UNIX_AUTHTOK nullok UNIX_EXTENDED_ENCRYPTION DEBUG
+password	required	pam_unix.so try_first_pass UNIX_AUTHTOK NULLOK UNIX_EXTENDED_ENCRYPTION DEBUG
 /* This is needed to make sure that the Kerberos skip-on-success won't cause a bad jump. */
 password	optional	pam_permit.so
  

[gentoo-commits] proj/pambase:master commit in: /

[Mike Frysinger]

commit:     cb1915bf4f80282177ccb440e886943394803cb5
Author:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
AuthorDate: Sat Feb 14 03:57:45 2015 +0000
Commit:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
CommitDate: Sat Feb 14 03:57:45 2015 +0000
URL:        http://sources.gentoo.org/gitweb/?p=proj/pambase.git;a=commit;h=cb1915bf

system-login: move pam_gnome_keyring after pam_selinux

URL: https://bugs.gentoo.org/511600

---
 system-login.in | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/system-login.in b/system-login.in
index d12dcd3..e630918 100644
--- a/system-login.in
+++ b/system-login.in
@@ -47,12 +47,13 @@ session		include		system-auth
 #if HAVE_CONSOLEKIT
 session		optional	pam_ck_connector.so nox11
 #endif
-#if HAVE_GNOME_KEYRING
-session		optional	pam_gnome_keyring.so auto_start
-#endif
 #if HAVE_SELINUX
+# Note: modules that run in the user's context must come after this line.
 session		required	pam_selinux.so multiple open
 #endif
+#if HAVE_GNOME_KEYRING
+session		optional	pam_gnome_keyring.so auto_start
+#endif
 #if HAVE_MOTD
 session		optional	pam_motd.so motd=/etc/motd
 #endif

[gentoo-commits] proj/pambase:master commit in: /

[Mike Frysinger]

commit:     e8d14735cdcb7a7614eacc2d719737bf5144631c
Author:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
AuthorDate: Sat Feb 14 03:54:32 2015 +0000
Commit:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
CommitDate: Sat Feb 14 03:54:32 2015 +0000
URL:        http://sources.gentoo.org/gitweb/?p=proj/pambase.git;a=commit;h=e8d14735

trim trailing whitespace

---
 su.in           | 1 -
 system-auth.in  | 6 +++---
 system-login.in | 7 +++----
 3 files changed, 6 insertions(+), 8 deletions(-)

diff --git a/su.in b/su.in
index 121bb9a..889ecfe 100644
--- a/su.in
+++ b/su.in
@@ -9,4 +9,3 @@ password   include		system-auth
 session    include		system-auth
 session    required     pam_env.so
 session    optional		pam_xauth.so
-

diff --git a/system-auth.in b/system-auth.in
index 1f7ffbd..c729004 100644
--- a/system-auth.in
+++ b/system-auth.in
@@ -10,14 +10,14 @@ auth		KRB5_CONTROL	pam_krb5.so KRB5_PARAMS
 auth		required	pam_unix.so try_first_pass LIKEAUTH NULLOK DEBUG
 /* This is needed to make sure that the Kerberos skip-on-success won't cause a bad jump. */
 auth		optional	pam_permit.so
- 
+
 #if HAVE_KRB5
 account		KRB5_CONTROL	pam_krb5.so KRB5_PARAMS
 #endif
 account		required	pam_unix.so DEBUG
 /* This is needed to make sure that the Kerberos skip-on-success won't cause a bad jump. */
 account		optional	pam_permit.so
- 
+
 #if HAVE_CRACKLIB
 password	required	pam_cracklib.so difok=2 minlen=8 dcredit=2 ocredit=2 retry=3 DEBUG
 #endif
@@ -30,7 +30,7 @@ password	KRB5_CONTROL	pam_krb5.so KRB5_PARAMS
 password	required	pam_unix.so try_first_pass UNIX_AUTHTOK NULLOK UNIX_EXTENDED_ENCRYPTION DEBUG
 /* This is needed to make sure that the Kerberos skip-on-success won't cause a bad jump. */
 password	optional	pam_permit.so
- 
+
 #if HAVE_PAM_SSH
 session		optional	pam_ssh.so
 #endif

diff --git a/system-login.in b/system-login.in
index 11ac032..d12dcd3 100644
--- a/system-login.in
+++ b/system-login.in
@@ -11,7 +11,7 @@ auth		include		system-auth
 #if HAVE_GNOME_KEYRING
 auth		optional	pam_gnome_keyring.so
 #endif
- 				
+
 #if HAVE_ACCESS
 account		required	pam_access.so DEBUG
 #endif
@@ -25,12 +25,12 @@ account		include		system-auth
 #if defined(TALLY_MODULE)
 account		required	TALLY_MODULE onerr=succeed DEBUG
 #endif
- 
+
 password	include		system-auth
 #if HAVE_GNOME_KEYRING
 password	optional	pam_gnome_keyring.so
 #endif
- 
+
 #if HAVE_LOGINUID
 session         optional        pam_loginuid.so
 #endif
@@ -59,4 +59,3 @@ session		optional	pam_motd.so motd=/etc/motd
 #if HAVE_MAIL
 session		optional	pam_mail.so
 #endif
-  

[gentoo-commits] proj/pambase:master commit in: /

[Mike Frysinger]

commit:     3013c8e7ab5aee1fa45a0fa6d662b37d08698530
Author:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
AuthorDate: Sat Feb 14 03:26:41 2015 +0000
Commit:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
CommitDate: Sat Feb 14 03:26:41 2015 +0000
URL:        http://sources.gentoo.org/gitweb/?p=proj/pambase.git;a=commit;h=3013c8e7

make securetty optional

URL: https://bugs.gentoo.org/539508

---
 Makefile | 4 ++++
 login.in | 2 ++
 2 files changed, 6 insertions(+)

diff --git a/Makefile b/Makefile
index 574d0d1..339de62 100644
--- a/Makefile
+++ b/Makefile
@@ -36,6 +36,10 @@ ifeq "$(GNOME_KEYRING)" "yes"
 PAMFLAGS += -DHAVE_GNOME_KEYRING=1
 endif
 
+ifeq "$(SECURETTY)" "yes"
+PAMFLAGS += -DHAVE_SECURETTY=1
+endif
+
 ifeq "$(SELINUX)" "yes"
 PAMFLAGS += -DHAVE_SELINUX=1
 endif

diff --git a/login.in b/login.in
index 14165a2..5067bc7 100644
--- a/login.in
+++ b/login.in
@@ -1,4 +1,6 @@
+#if HAVE_SECURETTY
 auth       required	pam_securetty.so
+#endif
 auth       include	system-local-login
 
 account    include	system-local-login

[gentoo-commits] proj/pambase:master commit in: /

[Mike Frysinger]

commit:     abf9fef20f1da54ca161616c059afd10449baced
Author:     Sven Vermeulen <swift <AT> gentoo <DOT> org>
AuthorDate: Sun May 17 05:22:20 2015 +0000
Commit:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
CommitDate: Sun May 17 05:22:20 2015 +0000
URL:        https://gitweb.gentoo.org/proj/pambase.git/commit/?id=abf9fef2

system-login: fix nested selinux comment

URL: https://bugs.gentoo.org/540096

 system-login.in | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/system-login.in b/system-login.in
index e630918..137c40c 100644
--- a/system-login.in
+++ b/system-login.in
@@ -48,7 +48,7 @@ session		include		system-auth
 session		optional	pam_ck_connector.so nox11
 #endif
 #if HAVE_SELINUX
-# Note: modules that run in the user's context must come after this line.
+ # Note: modules that run in the user's context must come after this line.
 session		required	pam_selinux.so multiple open
 #endif
 #if HAVE_GNOME_KEYRING

[gentoo-commits] proj/pambase:master commit in: /

[Mikle Kolyada]

commit:     e10d88d10cfc7da664e66cf8c5a7bf297ea4b8f7
Author:     Mikle Kolyada <zlogene <AT> gentoo <DOT> org>
AuthorDate: Tue Apr  2 13:08:25 2019 +0000
Commit:     Mikle Kolyada <zlogene <AT> gentoo <DOT> org>
CommitDate: Tue Apr  2 13:08:25 2019 +0000
URL:        https://gitweb.gentoo.org/proj/pambase.git/commit/?id=e10d88d1

add vital patches into the sources

Signed-off-by: Mikle Kolyada <zlogene <AT> gentoo.org>

 Makefile        | 4 ++++
 passwd.in       | 9 +++++----
 system-auth.in  | 4 ++++
 system-login.in | 9 ---------
 4 files changed, 13 insertions(+), 13 deletions(-)

diff --git a/Makefile b/Makefile
index a459fd0..abd7008 100644
--- a/Makefile
+++ b/Makefile
@@ -32,6 +32,10 @@ ifeq "$(SYSTEMD)" "yes"
 PAMFLAGS += -DHAVE_SYSTEMD=1
 endif
 
+ifeq "$(ELOGIND)" "yes"
+PAMFLAGS += -DHAVE_ELOGIND=1
+endif
+
 ifeq "$(GNOME_KEYRING)" "yes"
 PAMFLAGS += -DHAVE_GNOME_KEYRING=1
 endif

diff --git a/passwd.in b/passwd.in
index 7eabf3d..248bb7c 100644
--- a/passwd.in
+++ b/passwd.in
@@ -1,6 +1,7 @@
-auth       sufficient   pam_rootok.so
-auth       include	system-auth
+auth		sufficient	pam_rootok.so
+auth		include		system-auth
 
-account    include	system-auth
+account		include		system-auth
 
-password   include	system-auth
+password	include		system-auth
+-password	optional	pam_gnome_keyring.so UNIX_AUTHTOK

diff --git a/system-auth.in b/system-auth.in
index c729004..4d588fb 100644
--- a/system-auth.in
+++ b/system-auth.in
@@ -39,3 +39,7 @@ session		optional	pam_ssh.so
 #if HAVE_SYSTEMD
 -session        optional        pam_systemd.so
 #endif
+
+#if HAVE_ELOGIND
+-session        optional        pam_elogind.so
+#endif

diff --git a/system-login.in b/system-login.in
index 137c40c..064c687 100644
--- a/system-login.in
+++ b/system-login.in
@@ -8,9 +8,6 @@ auth		required	pam_shells.so DEBUG
 auth		required	pam_nologin.so DEBUG_NOLOGIN
 #endif
 auth		include		system-auth
-#if HAVE_GNOME_KEYRING
-auth		optional	pam_gnome_keyring.so
-#endif
 
 #if HAVE_ACCESS
 account		required	pam_access.so DEBUG
@@ -27,9 +24,6 @@ account		required	TALLY_MODULE onerr=succeed DEBUG
 #endif
 
 password	include		system-auth
-#if HAVE_GNOME_KEYRING
-password	optional	pam_gnome_keyring.so
-#endif
 
 #if HAVE_LOGINUID
 session         optional        pam_loginuid.so
@@ -51,9 +45,6 @@ session		optional	pam_ck_connector.so nox11
  # Note: modules that run in the user's context must come after this line.
 session		required	pam_selinux.so multiple open
 #endif
-#if HAVE_GNOME_KEYRING
-session		optional	pam_gnome_keyring.so auto_start
-#endif
 #if HAVE_MOTD
 session		optional	pam_motd.so motd=/etc/motd
 #endif

[gentoo-commits] proj/pambase:master commit in: /

[Mikle Kolyada]

commit:     306b4622648909158bac6ff5e315794fd8d5bd09
Author:     Mikle Kolyada <zlogene <AT> gentoo <DOT> org>
AuthorDate: Fri Nov 15 18:08:50 2019 +0000
Commit:     Mikle Kolyada <zlogene <AT> gentoo <DOT> org>
CommitDate: Fri Nov 15 18:08:50 2019 +0000
URL:        https://gitweb.gentoo.org/proj/pambase.git/commit/?id=306b4622

remove openpam support

Signed-off-by: Mikle Kolyada <zlogene <AT> gentoo.org>

 Makefile     |  7 +------
 openpam-conf | 24 ------------------------
 2 files changed, 1 insertion(+), 30 deletions(-)

diff --git a/Makefile b/Makefile
index abd7008..d036d84 100644
--- a/Makefile
+++ b/Makefile
@@ -9,12 +9,7 @@ PAMD=login passwd su system-auth system-login system-local-login system-remote-l
 # (i.e.: in the ebuild)
 GIT=git
 
-# Get this by default, even if I'd like avoid it...
-ifeq "$(IMPLEMENTATION)" ""
-IMPLEMENTATION=linux-pam
-endif
-
-PAMFLAGS = -include $(IMPLEMENTATION)-conf -include basic-conf -DLINUX_PAM_VERSION=$(LINUX_PAM_VERSION)
+PAMFLAGS = -include linux-pam-conf -include basic-conf -DLINUX_PAM_VERSION=$(LINUX_PAM_VERSION)
 
 ifeq "$(CRACKLIB)" "yes"
 PAMFLAGS += -DHAVE_CRACKLIB=1

diff --git a/openpam-conf b/openpam-conf
deleted file mode 100644
index e38107c..0000000
--- a/openpam-conf
+++ /dev/null
@@ -1,24 +0,0 @@
-#if HAVE_CRACKLIB
-# error "pam_cracklib is only supported with Linux-PAM"
-#endif
-
-// OpenPAM only provides basic modules, it's FreeBSD that provides the
-// extended modules, so check for FreeBSD building first.
-#ifdef __FreeBSD__
-# define HAVE_LOGIN_ACCESS		1
-# define SUPPORT_UNIX_SESSION		0
-
-# if defined(DEBUG)
-#  define DEBUG_NOLOGIN DEBUG
-# else
-#  define DEBUG_NOLOGIN
-# endif
-
-# define SUPPORT_NOLOGIN_ACCOUNT	1
-# define SUPPORT_NOLOGIN_AUTH		0
-
-# if defined(WANT_SHA512)
-#  error "SHA512 support is not present for FreeBSD!"
-# endif
-
-#endif /* __FreeBSD__ */

[gentoo-commits] proj/pambase:master commit in: /

[Mikle Kolyada]

commit:     dd74d9d2f442163353e56f4bd3cf4d0f24f6f1e4
Author:     Mikle Kolyada <zlogene <AT> gentoo <DOT> org>
AuthorDate: Sun Nov 24 14:35:41 2019 +0000
Commit:     Mikle Kolyada <zlogene <AT> gentoo <DOT> org>
CommitDate: Sun Nov 24 14:35:41 2019 +0000
URL:        https://gitweb.gentoo.org/proj/pambase.git/commit/?id=dd74d9d2

integrate libcap support

Signed-off-by: Mikle Kolyada <zlogene <AT> gentoo.org>

 Makefile                |   4 ++++
 pambase-20191115.tar.xz | Bin 0 -> 3240 bytes
 system-auth.in          |   4 ++++
 3 files changed, 8 insertions(+)

diff --git a/Makefile b/Makefile
index d036d84..94cc831 100644
--- a/Makefile
+++ b/Makefile
@@ -71,6 +71,10 @@ ifeq "$(MINIMAL)" "yes"
 PAMFLAGS += -DMINIMAL
 endif
 
+ifeq "$(LIBCAP)" "yes"
+PAMFLAGS += -DLIBCAP
+endif
+
 all: $(PAMD)
 
 install: $(PAMD)

diff --git a/pambase-20191115.tar.xz b/pambase-20191115.tar.xz
new file mode 100644
index 0000000..0b4f92e
Binary files /dev/null and b/pambase-20191115.tar.xz differ

diff --git a/system-auth.in b/system-auth.in
index 4d588fb..02d0e50 100644
--- a/system-auth.in
+++ b/system-auth.in
@@ -43,3 +43,7 @@ session		optional	pam_ssh.so
 #if HAVE_ELOGIND
 -session        optional        pam_elogind.so
 #endif
+
+#if HAVE_LIBCAP
+auth		optional	pam_cap.so
+#endif

[gentoo-commits] proj/pambase:master commit in: /

[Mikle Kolyada]

commit:     d7bd5491a053af71349e5ede6a45ff5d34a48c91
Author:     Mikle Kolyada <zlogene <AT> gentoo <DOT> org>
AuthorDate: Wed Nov 27 09:26:56 2019 +0000
Commit:     Mikle Kolyada <zlogene <AT> gentoo <DOT> org>
CommitDate: Wed Nov 27 09:26:56 2019 +0000
URL:        https://gitweb.gentoo.org/proj/pambase.git/commit/?id=d7bd5491

fix libcap function call

Signed-off-by: Mikle Kolyada <zlogene <AT> gentoo.org>

 Makefile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Makefile b/Makefile
index 94cc831..39f0082 100644
--- a/Makefile
+++ b/Makefile
@@ -72,7 +72,7 @@ PAMFLAGS += -DMINIMAL
 endif
 
 ifeq "$(LIBCAP)" "yes"
-PAMFLAGS += -DLIBCAP
+PAMFLAGS += -DHAVE_LIBCAP=1
 endif
 
 all: $(PAMD)

[gentoo-commits] proj/pambase:master commit in: /

[Mikle Kolyada]

commit:     b5eab4d5d631f6a7ccf311d751df4ca1aa68c0ba
Author:     Mikle Kolyada <zlogene <AT> gentoo <DOT> org>
AuthorDate: Thu Nov 28 18:20:35 2019 +0000
Commit:     Mikle Kolyada <zlogene <AT> gentoo <DOT> org>
CommitDate: Thu Nov 28 18:20:35 2019 +0000
URL:        https://gitweb.gentoo.org/proj/pambase.git/commit/?id=b5eab4d5

handle envfile with pam_env.so

Signed-off-by: Mikle Kolyada <zlogene <AT> gentoo.org>

 pambase-20191115.tar.xz | Bin 3240 -> 0 bytes
 system-login.in         |   2 +-
 2 files changed, 1 insertion(+), 1 deletion(-)

diff --git a/pambase-20191115.tar.xz b/pambase-20191115.tar.xz
deleted file mode 100644
index 0b4f92e..0000000
Binary files a/pambase-20191115.tar.xz and /dev/null differ

diff --git a/system-login.in b/system-login.in
index 064c687..f159f10 100644
--- a/system-login.in
+++ b/system-login.in
@@ -32,7 +32,7 @@ session         optional        pam_loginuid.so
 session		required	pam_selinux.so close
 #endif
 #if HAVE_ENV
-session		required	pam_env.so DEBUG
+session		required	pam_env.so envfile=/etc/profile.env DEBUG
 #endif
 #if HAVE_LASTLOG
 session		optional	pam_lastlog.so silent DEBUG

[gentoo-commits] proj/pambase:master commit in: /

[David Seifert]

commit:     7eaf47da1d6cd18a8253c25213c34b16ae08e87f
Author:     David Seifert <soap <AT> gentoo <DOT> org>
AuthorDate: Wed Mar  4 17:32:01 2020 +0000
Commit:     David Seifert <soap <AT> gentoo <DOT> org>
CommitDate: Wed Mar  4 17:32:01 2020 +0000
URL:        https://gitweb.gentoo.org/proj/pambase.git/commit/?id=7eaf47da

Run pam_env.so after pam_systemd.so for better socket support

* Running pam_systemd.so before setting user environment
  variables makes it possible for the user to use variables
  such as `XDG_RUNTIME_DIR` in their own definitions.

Bug: https://bugs.gentoo.org/711450
Signed-off-by: David Seifert <soap <AT> gentoo.org>

 system-auth.in | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/system-auth.in b/system-auth.in
index 02d0e50..e65e4c2 100644
--- a/system-auth.in
+++ b/system-auth.in
@@ -34,7 +34,6 @@ password	optional	pam_permit.so
 #if HAVE_PAM_SSH
 session		optional	pam_ssh.so
 #endif
-#include "system-session.inc"
 
 #if HAVE_SYSTEMD
 -session        optional        pam_systemd.so
@@ -47,3 +46,4 @@ session		optional	pam_ssh.so
 #if HAVE_LIBCAP
 auth		optional	pam_cap.so
 #endif
+#include "system-session.inc"

[gentoo-commits] proj/pambase:master commit in: /

[Mikle Kolyada]

commit:     4a97472903679c7d85ca391aeedaea3ce7797acf
Author:     Mikle Kolyada <zlogene <AT> gentoo <DOT> org>
AuthorDate: Wed Apr 29 21:37:16 2020 +0000
Commit:     Mikle Kolyada <zlogene <AT> gentoo <DOT> org>
CommitDate: Wed Apr 29 21:37:16 2020 +0000
URL:        https://gitweb.gentoo.org/proj/pambase.git/commit/?id=4a974729

allow clang-cpp

Signed-off-by: Mikle Kolyada <zlogene <AT> gentoo.org>

 Makefile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Makefile b/Makefile
index 39f0082..9afc842 100644
--- a/Makefile
+++ b/Makefile
@@ -1,6 +1,6 @@
 # Reset this to 'cpp' so it gets traditional syntax; cc -E will not work
 # properly.
-CPP=cpp
+CPP?=cpp
 
 # The pam.d file to create
 PAMD=login passwd su system-auth system-login system-local-login system-remote-login system-services other

[gentoo-commits] proj/pambase:master commit in: /

[Mikle Kolyada]

commit:     59107e0a4fd0c266417d2c8f3082b4abb7b9c6ff
Author:     Mikle Kolyada <zlogene <AT> gentoo <DOT> org>
AuthorDate: Wed Jun 10 11:48:30 2020 +0000
Commit:     Mikle Kolyada <zlogene <AT> gentoo <DOT> org>
CommitDate: Wed Jun 10 11:48:30 2020 +0000
URL:        https://gitweb.gentoo.org/proj/pambase.git/commit/?id=59107e0a

Revert "allow clang-cpp"

This reverts commit 4a97472903679c7d85ca391aeedaea3ce7797acf.

Signed-off-by: Mikle Kolyada <zlogene <AT> gentoo.org>

 Makefile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Makefile b/Makefile
index f7e7653..941edfb 100644
--- a/Makefile
+++ b/Makefile
@@ -1,6 +1,6 @@
 # Reset this to 'cpp' so it gets traditional syntax; cc -E will not work
 # properly.
-CPP?=cpp
+CPP=cpp
 
 # The pam.d file to create
 PAMD=login passwd su system-auth system-login system-local-login system-remote-login system-services other

[gentoo-commits] proj/pambase:master commit in: /

[Mikle Kolyada]

commit:     7348fa57c7ada42820773f8c8b6f06f7181169ee
Author:     Mikle Kolyada <zlogene <AT> gentoo <DOT> org>
AuthorDate: Wed Jun 10 11:32:46 2020 +0000
Commit:     Mikle Kolyada <zlogene <AT> gentoo <DOT> org>
CommitDate: Wed Jun 10 11:32:46 2020 +0000
URL:        https://gitweb.gentoo.org/proj/pambase.git/commit/?id=7348fa57

New release

- disable cracklib in favor of passwdqc
- disable tally{,2} in favor of faillock

Signed-off-by: Mikle Kolyada <zlogene <AT> gentoo.org>

 Makefile        | 4 ----
 basic-conf      | 4 ++--
 linux-pam-conf  | 7 +------
 system-auth.in  | 3 ---
 system-login.in | 8 ++++----
 5 files changed, 7 insertions(+), 19 deletions(-)

diff --git a/Makefile b/Makefile
index 9afc842..f7e7653 100644
--- a/Makefile
+++ b/Makefile
@@ -11,10 +11,6 @@ GIT=git
 
 PAMFLAGS = -include linux-pam-conf -include basic-conf -DLINUX_PAM_VERSION=$(LINUX_PAM_VERSION)
 
-ifeq "$(CRACKLIB)" "yes"
-PAMFLAGS += -DHAVE_CRACKLIB=1
-endif
-
 ifeq "$(PASSWDQC)" "yes"
 PAMFLAGS += -DHAVE_PASSWDQC=1
 endif

diff --git a/basic-conf b/basic-conf
index 5ab72c0..7b1bf00 100644
--- a/basic-conf
+++ b/basic-conf
@@ -1,8 +1,8 @@
-// Only use_authtok (authentication token) when using cracklib or some other module
+// Only use_authtok (authentication token) when using passwdqc or some other module
 // that checks for passwords, or pam_krb5
 #define AUTHTOK use_authtok
 
-#if HAVE_CRACKLIB || HAVE_PASSWDQC
+#if HAVE_PASSWDQC
 # define PASSWORD_STRENGTH 1
 #endif
 

diff --git a/linux-pam-conf b/linux-pam-conf
index ecd5697..962b2eb 100644
--- a/linux-pam-conf
+++ b/linux-pam-conf
@@ -12,12 +12,7 @@
 # define HAVE_MOTD			1
 # define HAVE_MAIL			1
 # define HAVE_LASTLOG                   1
-
-# if LINUX_PAM_VERSION > 0x010100 /* 1.1.0 */
-#  define TALLY_MODULE pam_tally2.so
-# else
-#  define TALLY_MODULE pam_tally.so
-# endif
+# define HAVE_FAILLOCK			1
 
 #endif
 

diff --git a/system-auth.in b/system-auth.in
index e65e4c2..dbb6971 100644
--- a/system-auth.in
+++ b/system-auth.in
@@ -18,9 +18,6 @@ account		required	pam_unix.so DEBUG
 /* This is needed to make sure that the Kerberos skip-on-success won't cause a bad jump. */
 account		optional	pam_permit.so
 
-#if HAVE_CRACKLIB
-password	required	pam_cracklib.so difok=2 minlen=8 dcredit=2 ocredit=2 retry=3 DEBUG
-#endif
 #if HAVE_PASSWDQC
 password	required	pam_passwdqc.so min=8,8,8,8,8 retry=3
 #endif

diff --git a/system-login.in b/system-login.in
index f159f10..d93d926 100644
--- a/system-login.in
+++ b/system-login.in
@@ -1,5 +1,5 @@
-#if defined(TALLY_MODULE)
-auth		required	TALLY_MODULE onerr=succeed
+#if HAVE_FAILLOCK
+auth		required	pam_faillock.so dir=/var/log deny=3
 #endif
 #if HAVE_SHELLS
 auth		required	pam_shells.so DEBUG
@@ -19,8 +19,8 @@ account		required	pam_login_access.so
 account		required	pam_nologin.so DEBUG_NOLOGIN
 #endif
 account		include		system-auth
-#if defined(TALLY_MODULE)
-account		required	TALLY_MODULE onerr=succeed DEBUG
+#if HAVE_FAILLOCK
+account		required	pam_faillock.so dir=/var/log deny=3
 #endif
 
 password	include		system-auth

[gentoo-commits] proj/pambase:master commit in: /

[Mikle Kolyada]

commit:     3a158ca2ba9220bc82ac2d76f3dd6aff50511ab1
Author:     Mikle Kolyada <zlogene <AT> gentoo <DOT> org>
AuthorDate: Tue Jun 16 16:25:38 2020 +0000
Commit:     Mikle Kolyada <zlogene <AT> gentoo <DOT> org>
CommitDate: Tue Jun 16 16:25:38 2020 +0000
URL:        https://gitweb.gentoo.org/proj/pambase.git/commit/?id=3a158ca2

iprove faillock support

Signed-off-by: Mikle Kolyada <zlogene <AT> gentoo.org>

 system-auth.in  | 11 +++++++++++
 system-login.in |  8 ++++++--
 2 files changed, 17 insertions(+), 2 deletions(-)

diff --git a/system-auth.in b/system-auth.in
index dbb6971..6067ea1 100644
--- a/system-auth.in
+++ b/system-auth.in
@@ -1,6 +1,13 @@
 #if HAVE_ENV
 auth		required	pam_env.so DEBUG
 #endif
+
+#if HAVE_FAILOCK
+auth            required        pam_faillock.so preauth silent audit deny=3 unlock_time=600
+auth            sufficient      pam_unix.so nullok try_first_pass
+auth            [default=die]   pam_faillock.so authfail audit deny=3 unlock_time=600
+#endif
+
 #if HAVE_PAM_SSH
 auth		sufficient	pam_ssh.so
 #endif
@@ -18,6 +25,10 @@ account		required	pam_unix.so DEBUG
 /* This is needed to make sure that the Kerberos skip-on-success won't cause a bad jump. */
 account		optional	pam_permit.so
 
+#if HAVE_FAILLOCK
+account         required        pam_faillock.so
+#endif
+
 #if HAVE_PASSWDQC
 password	required	pam_passwdqc.so min=8,8,8,8,8 retry=3
 #endif

diff --git a/system-login.in b/system-login.in
index d93d926..9e82d60 100644
--- a/system-login.in
+++ b/system-login.in
@@ -1,6 +1,9 @@
 #if HAVE_FAILLOCK
-auth		required	pam_faillock.so dir=/var/log deny=3
+auth            required        pam_faillock.so preauth silent audit deny=3 unlock_time=600
+auth            sufficient	pam_unix.so nullok try_first_pass
+auth            [default=die]   pam_faillock.so authfail audit deny=3 unlock_time=600
 #endif
+
 #if HAVE_SHELLS
 auth		required	pam_shells.so DEBUG
 #endif
@@ -19,8 +22,9 @@ account		required	pam_login_access.so
 account		required	pam_nologin.so DEBUG_NOLOGIN
 #endif
 account		include		system-auth
+
 #if HAVE_FAILLOCK
-account		required	pam_faillock.so dir=/var/log deny=3
+account         required        pam_faillock.so
 #endif
 
 password	include		system-auth

[gentoo-commits] proj/pambase:master commit in: /

[Mikle Kolyada]

commit:     01ba73d907c3644f9c47179c5407bb7674644e3b
Author:     Mikle Kolyada <zlogene <AT> gentoo <DOT> org>
AuthorDate: Wed Jun 17 18:28:53 2020 +0000
Commit:     Mikle Kolyada <zlogene <AT> gentoo <DOT> org>
CommitDate: Wed Jun 17 18:28:53 2020 +0000
URL:        https://gitweb.gentoo.org/proj/pambase.git/commit/?id=01ba73d9

fix a typo

Signed-off-by: Mikle Kolyada <zlogene <AT> gentoo.org>

 system-auth.in | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/system-auth.in b/system-auth.in
index 6067ea1..6eea7bc 100644
--- a/system-auth.in
+++ b/system-auth.in
@@ -2,7 +2,7 @@
 auth		required	pam_env.so DEBUG
 #endif
 
-#if HAVE_FAILOCK
+#if HAVE_FAILLOCK
 auth            required        pam_faillock.so preauth silent audit deny=3 unlock_time=600
 auth            sufficient      pam_unix.so nullok try_first_pass
 auth            [default=die]   pam_faillock.so authfail audit deny=3 unlock_time=600

[gentoo-commits] proj/pambase:master commit in: /

[Mikle Kolyada]

commit:     75cd44e94032b13bba41539737d6ac63623217e1
Author:     Mikle Kolyada <zlogene <AT> gentoo <DOT> org>
AuthorDate: Thu Jun 18 10:02:10 2020 +0000
Commit:     Mikle Kolyada <zlogene <AT> gentoo <DOT> org>
CommitDate: Thu Jun 18 10:08:38 2020 +0000
URL:        https://gitweb.gentoo.org/proj/pambase.git/commit/?id=75cd44e9

move faillock last in auth

Signed-off-by: Mikle Kolyada <zlogene <AT> gentoo.org>

 system-auth.in  | 12 ++++++------
 system-login.in | 11 ++++++-----
 2 files changed, 12 insertions(+), 11 deletions(-)

diff --git a/system-auth.in b/system-auth.in
index 6eea7bc..9ae09e4 100644
--- a/system-auth.in
+++ b/system-auth.in
@@ -2,12 +2,6 @@
 auth		required	pam_env.so DEBUG
 #endif
 
-#if HAVE_FAILLOCK
-auth            required        pam_faillock.so preauth silent audit deny=3 unlock_time=600
-auth            sufficient      pam_unix.so nullok try_first_pass
-auth            [default=die]   pam_faillock.so authfail audit deny=3 unlock_time=600
-#endif
-
 #if HAVE_PAM_SSH
 auth		sufficient	pam_ssh.so
 #endif
@@ -18,6 +12,12 @@ auth		required	pam_unix.so try_first_pass LIKEAUTH NULLOK DEBUG
 /* This is needed to make sure that the Kerberos skip-on-success won't cause a bad jump. */
 auth		optional	pam_permit.so
 
+#if HAVE_FAILLOCK
+auth            required        pam_faillock.so preauth silent audit deny=3 unlock_time=600
+auth            sufficient      pam_unix.so nullok try_first_pass
+auth            [default=die]   pam_faillock.so authfail audit deny=3 unlock_time=600
+#endif
+
 #if HAVE_KRB5
 account		KRB5_CONTROL	pam_krb5.so KRB5_PARAMS
 #endif

diff --git a/system-login.in b/system-login.in
index 9e82d60..ee03613 100644
--- a/system-login.in
+++ b/system-login.in
@@ -1,8 +1,3 @@
-#if HAVE_FAILLOCK
-auth            required        pam_faillock.so preauth silent audit deny=3 unlock_time=600
-auth            sufficient	pam_unix.so nullok try_first_pass
-auth            [default=die]   pam_faillock.so authfail audit deny=3 unlock_time=600
-#endif
 
 #if HAVE_SHELLS
 auth		required	pam_shells.so DEBUG
@@ -12,6 +7,12 @@ auth		required	pam_nologin.so DEBUG_NOLOGIN
 #endif
 auth		include		system-auth
 
+#if HAVE_FAILLOCK
+auth            required        pam_faillock.so preauth silent audit deny=3 unlock_time=600
+auth            sufficient      pam_unix.so nullok try_first_pass
+auth            [default=die]   pam_faillock.so authfail audit deny=3 unlock_time=600
+#endif
+
 #if HAVE_ACCESS
 account		required	pam_access.so DEBUG
 #endif

[gentoo-commits] proj/pambase:master commit in: /

[Sam James]

commit:     732fb3bbfd7d007fdca78dd4587f1a7bd34bfa6c
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Wed Aug  5 06:02:52 2020 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Wed Aug  5 06:03:49 2020 +0000
URL:        https://gitweb.gentoo.org/proj/pambase.git/commit/?id=732fb3bb

pambase.py: strip all blank lines

It's simpler to do this in pambase.py than with
Jinja 2, at least for now.

Signed-off-by: Sam James <sam <AT> gentoo.org>

 pambase.py | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/pambase.py b/pambase.py
index 1ebafbe..9765778 100755
--- a/pambase.py
+++ b/pambase.py
@@ -67,7 +67,7 @@ def process_args(args):
 
 def parse_templates(processed_args):
 	load = FileSystemLoader('')
-	env = Environment(loader=load)
+	env = Environment(loader=load, trim_blocks=True, lstrip_blocks=True, keep_trailing_newline=True)
 
 	templates = [
 		"login",
@@ -87,6 +87,11 @@ def parse_templates(processed_args):
 		with open('stack/{0}'.format(template_name), "w+") as output:
 			rendered_template = template.render(processed_args)
 
+			# Strip all intermediate lines to not worry about appeasing Jinja
+			lines = rendered_template.split("\n")
+			lines = [line for line in lines if line]
+			rendered_template = "\n".join(lines)
+
 			if rendered_template:
 				output.write(rendered_template + "\n")
 

[gentoo-commits] proj/pambase:master commit in: /

[Sam James]

commit:     e879759fba8edeffa2492a0dfcbe9c48570a684b
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Wed Aug  5 06:12:09 2020 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Wed Aug  5 06:13:04 2020 +0000
URL:        https://gitweb.gentoo.org/proj/pambase.git/commit/?id=e879759f

pambase.py: strip trailing whitespace in stack

Signed-off-by: Sam James <sam <AT> gentoo.org>

 pambase.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pambase.py b/pambase.py
index 9765778..8f04870 100755
--- a/pambase.py
+++ b/pambase.py
@@ -89,7 +89,7 @@ def parse_templates(processed_args):
 
 			# Strip all intermediate lines to not worry about appeasing Jinja
 			lines = rendered_template.split("\n")
-			lines = [line for line in lines if line]
+			lines = [line.strip() for line in lines if line]
 			rendered_template = "\n".join(lines)
 
 			if rendered_template:

[gentoo-commits] proj/pambase:master commit in: /

[Sam James]

commit:     f28eb0e9d1f9d46d6d4d17164a1ed98461c2a377
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Mon Oct 12 15:25:20 2020 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Mon Oct 12 15:27:54 2020 +0000
URL:        https://gitweb.gentoo.org/proj/pambase.git/commit/?id=f28eb0e9

templates/system-login.tpl: remove duplicate block from system-auth (again)

Signed-off-by: Sam James <sam <AT> gentoo.org>

 templates/system-auth.tpl  | 5 -----
 templates/system-login.tpl | 6 ++++++
 2 files changed, 6 insertions(+), 5 deletions(-)

diff --cc templates/system-auth.tpl
index f8484f1,1bb53ae..11319d6
--- a/templates/system-auth.tpl
+++ b/templates/system-auth.tpl
@@@ -9,11 -9,11 +9,6 @@@ auth        [success=1 default=ignore
  
  auth		required	pam_unix.so try_first_pass {{ likeauth }} {{ nullok|default('', true) }} {{ debug|default('', true) }}
  auth		optional	pam_permit.so
--{% if not minimal %}
- auth            required        pam_faillock.so preauth silent audit deny=3 unlock_time=600
 -auth            required        pam_faillock.so preauth conf=/etc/security/faillock.conf
--auth            sufficient      pam_unix.so {{ nullok|default('', true) }} try_first_pass
- auth            [default=die]   pam_faillock.so authfail audit deny=3 unlock_time=600
 -auth            [default=die]   pam_faillock.so authfail
--{% endif %}
  
  {% if krb5 %}
  account		[success=1 default=ignore]	pam_krb5.so {{ krb5_params }}
diff --cc templates/system-login.tpl
index 889c2d7,bb4f093..25843f5
--- a/templates/system-login.tpl
+++ b/templates/system-login.tpl
@@@ -1,7 -1,12 +1,13 @@@
  auth		required	pam_shells.so {{ debug|default('', true) }}
  auth		required	pam_nologin.so
  auth		include		system-auth
 +
+ {% if not minimal %}
+ auth            required        pam_faillock.so preauth conf=/etc/security/faillock.conf
+ auth            sufficient      pam_unix.so nullok try_first_pass
+ auth            [default=die]   pam_faillock.so authfail
+ {% endif %}
+ 
  account		required	pam_access.so {{ debug|default('', true) }}
  account		required	pam_nologin.so
  account		include		system-auth

[gentoo-commits] proj/pambase:master commit in: /

[Mikle Kolyada]

commit:     3b89ab7e52aba0bbb23af40e420d2daf4e07cb84
Author:     Mikle Kolyada <zlogene <AT> gentoo <DOT> org>
AuthorDate: Sun Nov 14 11:54:54 2021 +0000
Commit:     Mikle Kolyada <zlogene <AT> gentoo <DOT> org>
CommitDate: Sun Nov 14 11:54:54 2021 +0000
URL:        https://gitweb.gentoo.org/proj/pambase.git/commit/?id=3b89ab7e

Add yescrypt support

Signed-off-by: Mikle Kolyada <zlogene <AT> gentoo.org>

 pambase.py | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/pambase.py b/pambase.py
index c078156..3875e89 100755
--- a/pambase.py
+++ b/pambase.py
@@ -19,6 +19,7 @@ def main():
     parser.add_argument('--mktemp', action="store_true", help='enable pam_mktemp.so module')
     parser.add_argument('--pam-ssh', action="store_true", help='enable pam_ssh.so module')
     parser.add_argument('--securetty', action="store_true", help='enable pam_securetty.so module')
+    parser.add_argument('--yescrypt', action="store_true", help='enable yescrypt option for pam_unix.so module')
     parser.add_argument('--sha512', action="store_true", help='enable sha512 option for pam_unix.so module')
     parser.add_argument('--krb5', action="store_true", help='enable pam_krb5.so module')
     parser.add_argument('--minimal', action="store_true", help='install minimalistic PAM stack')
@@ -61,7 +62,9 @@ def process_args(args):
     if args.krb5:
         output["krb5_params"] = "{0} ignore_root try_first_pass".format("debug").strip()
 
-    if args.sha512:
+    if args.yescrypt:
+        output["unix_extended_encryption"] = "yescrypt shadow"
+    elif args.sha512:
         output["unix_extended_encryption"] = "sha512 shadow"
     else:
         output["unix_extended_encryption"] = "md5 shadow"

[gentoo-commits] proj/pambase:master commit in: /

[Sam James]

commit:     b599daf14eda0a238265f11d239c4c772c345fbd
Author:     Aliaksei Urbanski <aliaksei.urbanski <AT> gmail <DOT> com>
AuthorDate: Wed Nov  8 15:08:15 2023 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Mon Nov 13 06:20:51 2023 +0000
URL:        https://gitweb.gentoo.org/proj/pambase.git/commit/?id=b599daf1

Add README.md

Closes: https://github.com/gentoo/pambase/pull/18
Signed-off-by: Sam James <sam <AT> gentoo.org>

 README.md | 18 ++++++++++++++++++
 1 file changed, 18 insertions(+)

diff --git a/README.md b/README.md
new file mode 100644
index 0000000..59f4ecd
--- /dev/null
+++ b/README.md
@@ -0,0 +1,18 @@
+# pambase
+
+[PAM](https://wiki.gentoo.org/wiki/PAM) base configuration files.
+
+This repository contains a small [Python](https://wiki.gentoo.org/wiki/Python) script that renders `PAM` configuration templates for [Gentoo Linux](https://www.gentoo.org).
+
+## Dependencies
+
+`pambase` depends on [jinja](https://packages.gentoo.org/packages/dev-python/jinja).
+
+## Testing
+
+In order to perform tests, run [tox](https://packages.gentoo.org/packages/dev-python/tox).
+
+Alternatively, you can run tests with [Docker](https://wiki.gentoo.org/wiki/Docker):
+```sh
+docker run --rm -it $(docker build -q .)
+```

[gentoo-commits] proj/pambase:master commit in: /

[Sam James]

commit:     b7b13af3a885bf1fbf8067c45396dd6a00f9a6a6
Author:     Mike Gilbert <floppym <AT> gentoo <DOT> org>
AuthorDate: Mon Nov  4 16:24:38 2024 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Sun Feb 23 23:46:36 2025 +0000
URL:        https://gitweb.gentoo.org/proj/pambase.git/commit/?id=b7b13af3

tox: allowlist_externals = diff

Signed-off-by: Mike Gilbert <floppym <AT> gentoo.org>
Closes: https://github.com/gentoo/pambase/pull/20
Signed-off-by: Sam James <sam <AT> gentoo.org>

 tox.ini | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/tox.ini b/tox.ini
index 91bf0e7..2dce9c5 100644
--- a/tox.ini
+++ b/tox.ini
@@ -7,7 +7,7 @@ env_list = py3{10,11,12}-{default,minimal,custom}
 description = check template rendering stability
 deps =
     jinja2
-allowlist_externals = /usr/bin/diff
+allowlist_externals = diff
 commands =
     python --version
     default: python pambase.py