public inbox for gentoo-commits@lists.gentoo.org
 help / color / mirror / Atom feed
* [gentoo-commits] proj/pambase:master commit in: templates/
@ 2020-08-04 12:41 Mikle Kolyada
  0 siblings, 0 replies; 26+ messages in thread
From: Mikle Kolyada @ 2020-08-04 12:41 UTC (permalink / raw
  To: gentoo-commits

commit:     7f7b677eca0487d304e114714890feadae06b9a2
Author:     Mikle Kolyada <zlogene <AT> gentoo <DOT> org>
AuthorDate: Tue Aug  4 12:41:04 2020 +0000
Commit:     Mikle Kolyada <zlogene <AT> gentoo <DOT> org>
CommitDate: Tue Aug  4 12:41:04 2020 +0000
URL:        https://gitweb.gentoo.org/proj/pambase.git/commit/?id=7f7b677e

fix a typo in logic

Signed-off-by: Mikle Kolyada <zlogene <AT> gentoo.org>

 templates/system-login.tpl | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/templates/system-login.tpl b/templates/system-login.tpl
index 2f404bc..d8df530 100644
--- a/templates/system-login.tpl
+++ b/templates/system-login.tpl
@@ -21,7 +21,7 @@ session		required	pam_selinux.so close
 {% endif -%}
 
 session		required	pam_env.so envfile=/etc/profile.env {{ debug|default('', true) }}
-{% if not miniaml -%}
+{% if not minimal -%}
 session		optional	pam_lastlog.so silent {{ debug|default('', true) }}
 {% endif -%}
 session		include		system-auth


^ permalink raw reply related	[flat|nested] 26+ messages in thread

* [gentoo-commits] proj/pambase:master commit in: templates/
@ 2020-08-04 13:36 Mikle Kolyada
  0 siblings, 0 replies; 26+ messages in thread
From: Mikle Kolyada @ 2020-08-04 13:36 UTC (permalink / raw
  To: gentoo-commits

commit:     acd1f9046c8d79ba5e232043131f6c9842d357e7
Author:     Mikle Kolyada <zlogene <AT> gentoo <DOT> org>
AuthorDate: Tue Aug  4 13:35:41 2020 +0000
Commit:     Mikle Kolyada <zlogene <AT> gentoo <DOT> org>
CommitDate: Tue Aug  4 13:35:41 2020 +0000
URL:        https://gitweb.gentoo.org/proj/pambase.git/commit/?id=acd1f904

fix pam_ssh formatting

Signed-off-by: Mikle Kolyada <zlogene <AT> gentoo.org>

 templates/system-auth.tpl | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/templates/system-auth.tpl b/templates/system-auth.tpl
index 13f5c0d..e8a6d91 100644
--- a/templates/system-auth.tpl
+++ b/templates/system-auth.tpl
@@ -35,7 +35,7 @@ password	[success=1 default=ignore]	pam_krb5.so {{ krb5_params }}
 password	required	pam_unix.so try_first_pass {{ unix_authtok|default('', true) }} {{ nullok|default('', true) }} {{ unix_extended_encryption|default('', true) }} {{ debug|default('', true) }}
 password	optional	pam_permit.so
 
-{%- if pam_ssh -%}
+{%- if pam_ssh %}
 session		optional	pam_ssh.so
 {% endif -%}
 


^ permalink raw reply related	[flat|nested] 26+ messages in thread

* [gentoo-commits] proj/pambase:master commit in: templates/
@ 2020-08-05  6:10 Sam James
  0 siblings, 0 replies; 26+ messages in thread
From: Sam James @ 2020-08-05  6:10 UTC (permalink / raw
  To: gentoo-commits

commit:     4e5e41c2e5607a298f30f679aa7ba8c4994033e3
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Wed Aug  5 06:10:02 2020 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Wed Aug  5 06:10:16 2020 +0000
URL:        https://gitweb.gentoo.org/proj/pambase.git/commit/?id=4e5e41c2

templates/*: remove unnecessary strips

Now obsolete as of 732fb3bbfd7d007fdca78dd4587f1a7bd34bfa6c.

Signed-off-by: Sam James <sam <AT> gentoo.org>

 templates/login.tpl          |  4 ++--
 templates/system-auth.tpl    | 44 ++++++++++++++++++++++----------------------
 templates/system-login.tpl   | 28 ++++++++++++++--------------
 templates/system-session.tpl | 12 ++++++------
 4 files changed, 44 insertions(+), 44 deletions(-)

diff --git a/templates/login.tpl b/templates/login.tpl
index 7476cb7..23e262a 100644
--- a/templates/login.tpl
+++ b/templates/login.tpl
@@ -1,6 +1,6 @@
-{% if securetty -%}
+{% if securetty %}
 auth		required	pam_securetty.so
-{% endif -%}
+{% endif %}
 
 auth		include		system-local-login
 account		include		system-local-login

diff --git a/templates/system-auth.tpl b/templates/system-auth.tpl
index e8a6d91..298e45c 100644
--- a/templates/system-auth.tpl
+++ b/templates/system-auth.tpl
@@ -1,54 +1,54 @@
 auth		required	pam_env.so {{ debug|default('', true) }}
-{% if pam_ssh -%}
+{% if pam_ssh %}
 auth		sufficient	pam_ssh.so
-{% endif -%}
+{% endif %}
 
-{% if krb5 -%}
+{% if krb5 %}
 auth        [success=1 default=ignore]      pam_krb5.so {{ krb5_params }}
-{% endif -%}
+{% endif %}
 
 auth		required	pam_unix.so try_first_pass {{ likeauth }} {{ nullok|default('', true) }} {{ debug|default('', true) }}
 auth		optional	pam_permit.so
-{% if not minimal -%}
+{% if not minimal %}
 auth            required        pam_faillock.so preauth silent audit deny=3 unlock_time=600
 auth            sufficient      pam_unix.so {{ nullok|default('', true) }} try_first_pass
 auth            [default=die]   pam_faillock.so authfail audit deny=3 unlock_time=600
-{% endif -%}
+{% endif %}
 
-{% if krb5 -%}
+{% if krb5 %}
 account		[success=1 default=ignore]	pam_krb5.so {{ krb5_params }}
-{% endif -%}
+{% endif %}
 account		required	pam_unix.so {{ debug|default('', true) }}
 account		optional	pam_permit.so
-{% if not minimal -%}
+{% if not minimal %}
 account         required        pam_faillock.so
-{% endif -%}
+{% endif %}
 
-{% if passwdqc -%}
+{% if passwdqc %}
 password	required	pam_passwdqc.so min=8,8,8,8,8 retry=3
-{% endif -%}
+{% endif %}
 
-{% if krb5 -%}
+{% if krb5 %}
 password	[success=1 default=ignore]	pam_krb5.so {{ krb5_params }}
-{% endif -%}
+{% endif %}
 
 password	required	pam_unix.so try_first_pass {{ unix_authtok|default('', true) }} {{ nullok|default('', true) }} {{ unix_extended_encryption|default('', true) }} {{ debug|default('', true) }}
 password	optional	pam_permit.so
 
-{%- if pam_ssh %}
+{% if pam_ssh %}
 session		optional	pam_ssh.so
-{% endif -%}
+{% endif %}
 
-{% if systemd -%}
+{% if systemd %}
 -session        optional        pam_systemd.so
-{% endif -%}
+{% endif %}
 
-{% if elogind -%}
+{% if elogind %}
 -session        optional        pam_elogind.so
-{% endif -%}
+{% endif %}
 
-{% if libcap -%}
+{% if libcap %}
 -session        optional        pam_libcap.so
-{% endif -%}
+{% endif %}
 
 {% include "templates/system-session.tpl" %}

diff --git a/templates/system-login.tpl b/templates/system-login.tpl
index d8df530..d51481b 100644
--- a/templates/system-login.tpl
+++ b/templates/system-login.tpl
@@ -1,39 +1,39 @@
 auth		required	pam_shells.so {{ debug|default('', true) }}
 auth		required	pam_nologin.so
 auth		include		system-auth
-{% if not minimal -%}
+{% if not minimal %}
 auth            required        pam_faillock.so preauth silent audit deny=3 unlock_time=600
 auth            sufficient      pam_unix.so nullok try_first_pass
 auth            [default=die]   pam_faillock.so authfail audit deny=3 unlock_time=600
-{% endif -%}
+{% endif %}
 
 account		required	pam_access.so {{ debug|default('', true) }}
 account		required	pam_nologin.so
 account		include		system-auth
-{% if not minimal -%}
+{% if not minimal %}
 account         required        pam_faillock.so
-{% endif -%}
+{% endif %}
 
 password	include		system-auth
 session         optional        pam_loginuid.so
-{% if selinux -%}
+{% if selinux %}
 session		required	pam_selinux.so close
-{% endif -%}
+{% endif %}
 
 session		required	pam_env.so envfile=/etc/profile.env {{ debug|default('', true) }}
-{% if not minimal -%}
+{% if not minimal %}
 session		optional	pam_lastlog.so silent {{ debug|default('', true) }}
-{% endif -%}
+{% endif %}
 session		include		system-auth
-{% if selinux -%}
+{% if selinux %}
  # Note: modules that run in the user's context must come after this line.
 session		required	pam_selinux.so multiple open
-{% endif -%}
+{% endif %}
 
-{% if not minimal -%}
+{% if not minimal %}
 session		optional	pam_motd.so motd=/etc/motd
-{% endif -%}
+{% endif %}
 
-{% if not minimal -%}
+{% if not minimal %}
 session		optional	pam_mail.so
-{% endif -%}
+{% endif %}

diff --git a/templates/system-session.tpl b/templates/system-session.tpl
index f2622a8..1538429 100644
--- a/templates/system-session.tpl
+++ b/templates/system-session.tpl
@@ -1,16 +1,16 @@
 session		required	pam_limits.so {{ debug|default('', true) }}
 session		required	pam_env.so {{ debug|default('', true) }}
-{% if mktemp -%}
+{% if mktemp %}
 session		optional	pam_mktemp.so
-{% endif -%}
+{% endif %}
 
-{%if krb5 -%}
+{%if krb5 %}
 session		[success=1 default=ignore] {{ krb5_params }}
-{% endif -%}
+{% endif %}
 
 session		required	pam_unix.so {{ debug|default('', true) }}
-{%if krb5 -%}
+{%if krb5 %}
 session         [success=1 default=ignore] {{ krb5_params }}
-{% endif -%}
+{% endif %}
 
 session		optional	pam_permit.so


^ permalink raw reply related	[flat|nested] 26+ messages in thread

* [gentoo-commits] proj/pambase:master commit in: templates/
@ 2020-09-09 16:36 Mikle Kolyada
  0 siblings, 0 replies; 26+ messages in thread
From: Mikle Kolyada @ 2020-09-09 16:36 UTC (permalink / raw
  To: gentoo-commits

commit:     1b7c7f7678a6402a0b0aec80b3883fd98516be4e
Author:     Mikle Kolyada <zlogene <AT> gentoo <DOT> org>
AuthorDate: Wed Sep  9 16:32:10 2020 +0000
Commit:     Mikle Kolyada <zlogene <AT> gentoo <DOT> org>
CommitDate: Wed Sep  9 16:32:10 2020 +0000
URL:        https://gitweb.gentoo.org/proj/pambase.git/commit/?id=1b7c7f76

system-auth: switch password modules to configs

* pam_passwdqc.so can by managed by the /etc/security/passwdqc.conf
* pam_pwquality.so can be managed by the /etc/security/pwquality.conf

Both allow users to create their own password polices without touching
files in the /etc/pam.d directory

Signed-off-by: Mikle Kolyada <zlogene <AT> gentoo.org>

 templates/system-auth.tpl | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/templates/system-auth.tpl b/templates/system-auth.tpl
index 69cc472..0381e66 100644
--- a/templates/system-auth.tpl
+++ b/templates/system-auth.tpl
@@ -25,11 +25,11 @@ account         required        pam_faillock.so
 {% endif %}
 
 {% if passwdqc %}
-password	required	pam_passwdqc.so min=8,8,8,8,8 retry=3
+password	required	pam_passwdqc.so config=/etc/security/passwdqc.conf
 {% endif %}
 
 {% if pwquality %}
-password        required        pam_pwquality.so retry=3 minlen=8 lcredit=2 ucredit=2 dcredit=2 ocredit=2 difok=3 enforce_for_root
+password        required        pam_pwquality.so
 {% endif %}
 
 {% if krb5 %}


^ permalink raw reply related	[flat|nested] 26+ messages in thread

* [gentoo-commits] proj/pambase:master commit in: templates/
@ 2020-10-10 15:40 Mikle Kolyada
  0 siblings, 0 replies; 26+ messages in thread
From: Mikle Kolyada @ 2020-10-10 15:40 UTC (permalink / raw
  To: gentoo-commits

commit:     b54edff3a6724bba19fd803042909cc448d169fd
Author:     Mikle Kolyada <zlogene <AT> gentoo <DOT> org>
AuthorDate: Sat Oct 10 15:35:39 2020 +0000
Commit:     Mikle Kolyada <zlogene <AT> gentoo <DOT> org>
CommitDate: Sat Oct 10 15:37:14 2020 +0000
URL:        https://gitweb.gentoo.org/proj/pambase.git/commit/?id=b54edff3

switch pam_faillock.so to its config file

Signed-off-by: Mikle Kolyada <zlogene <AT> gentoo.org>

 templates/system-auth.tpl  | 4 ++--
 templates/system-login.tpl | 4 ++--
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/templates/system-auth.tpl b/templates/system-auth.tpl
index 46fc131..1bb53ae 100644
--- a/templates/system-auth.tpl
+++ b/templates/system-auth.tpl
@@ -10,9 +10,9 @@ auth        [success=1 default=ignore]      pam_krb5.so {{ krb5_params }}
 auth		required	pam_unix.so try_first_pass {{ likeauth }} {{ nullok|default('', true) }} {{ debug|default('', true) }}
 auth		optional	pam_permit.so
 {% if not minimal %}
-auth            required        pam_faillock.so preauth silent audit deny=3 unlock_time=600
+auth            required        pam_faillock.so preauth conf=/etc/security/faillock.conf
 auth            sufficient      pam_unix.so {{ nullok|default('', true) }} try_first_pass
-auth            [default=die]   pam_faillock.so authfail audit deny=3 unlock_time=600
+auth            [default=die]   pam_faillock.so authfail
 {% endif %}
 
 {% if krb5 %}

diff --git a/templates/system-login.tpl b/templates/system-login.tpl
index d51481b..bb4f093 100644
--- a/templates/system-login.tpl
+++ b/templates/system-login.tpl
@@ -2,9 +2,9 @@ auth		required	pam_shells.so {{ debug|default('', true) }}
 auth		required	pam_nologin.so
 auth		include		system-auth
 {% if not minimal %}
-auth            required        pam_faillock.so preauth silent audit deny=3 unlock_time=600
+auth            required        pam_faillock.so preauth conf=/etc/security/faillock.conf
 auth            sufficient      pam_unix.so nullok try_first_pass
-auth            [default=die]   pam_faillock.so authfail audit deny=3 unlock_time=600
+auth            [default=die]   pam_faillock.so authfail
 {% endif %}
 
 account		required	pam_access.so {{ debug|default('', true) }}


^ permalink raw reply related	[flat|nested] 26+ messages in thread

* [gentoo-commits] proj/pambase:master commit in: templates/
@ 2020-10-12 15:28 Sam James
  0 siblings, 0 replies; 26+ messages in thread
From: Sam James @ 2020-10-12 15:28 UTC (permalink / raw
  To: gentoo-commits

commit:     da499cca70c5e77c851c5f75440df188fe2eeabe
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Sun Oct 11 20:55:39 2020 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Mon Oct 12 14:32:12 2020 +0000
URL:        https://gitweb.gentoo.org/proj/pambase.git/commit/?id=da499cca

templates/system-login.tpl: remove duplicate block from system-auth

Bug: https://bugs.gentoo.org/747868
Signed-off-by: Sam James <sam <AT> gentoo.org>

 templates/system-login.tpl | 5 -----
 1 file changed, 5 deletions(-)

diff --git a/templates/system-login.tpl b/templates/system-login.tpl
index d51481b..99801a1 100644
--- a/templates/system-login.tpl
+++ b/templates/system-login.tpl
@@ -1,11 +1,6 @@
 auth		required	pam_shells.so {{ debug|default('', true) }}
 auth		required	pam_nologin.so
 auth		include		system-auth
-{% if not minimal %}
-auth            required        pam_faillock.so preauth silent audit deny=3 unlock_time=600
-auth            sufficient      pam_unix.so nullok try_first_pass
-auth            [default=die]   pam_faillock.so authfail audit deny=3 unlock_time=600
-{% endif %}
 
 account		required	pam_access.so {{ debug|default('', true) }}
 account		required	pam_nologin.so


^ permalink raw reply related	[flat|nested] 26+ messages in thread

* [gentoo-commits] proj/pambase:master commit in: templates/
@ 2020-10-12 15:28 Sam James
  0 siblings, 0 replies; 26+ messages in thread
From: Sam James @ 2020-10-12 15:28 UTC (permalink / raw
  To: gentoo-commits

commit:     37a3f41da6fa3136c46c9d76a18ad36f4f680303
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Sun Oct 11 20:57:19 2020 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Mon Oct 12 14:32:12 2020 +0000
URL:        https://gitweb.gentoo.org/proj/pambase.git/commit/?id=37a3f41d

templates/system-login.tpl: move systemd, elogind blocks here

Signed-off-by: Sam James <sam <AT> gentoo.org>

 templates/system-auth.tpl  | 8 --------
 templates/system-login.tpl | 8 ++++++++
 2 files changed, 8 insertions(+), 8 deletions(-)

diff --git a/templates/system-auth.tpl b/templates/system-auth.tpl
index 46fc131..f8484f1 100644
--- a/templates/system-auth.tpl
+++ b/templates/system-auth.tpl
@@ -47,14 +47,6 @@ password	optional	pam_permit.so
 session		optional	pam_ssh.so
 {% endif %}
 
-{% if systemd %}
--session        optional        pam_systemd.so
-{% endif %}
-
-{% if elogind %}
--session        optional        pam_elogind.so
-{% endif %}
-
 {% if libcap %}
 -session        optional        pam_libcap.so
 {% endif %}

diff --git a/templates/system-login.tpl b/templates/system-login.tpl
index 99801a1..889c2d7 100644
--- a/templates/system-login.tpl
+++ b/templates/system-login.tpl
@@ -32,3 +32,11 @@ session		optional	pam_motd.so motd=/etc/motd
 {% if not minimal %}
 session		optional	pam_mail.so
 {% endif %}
+
+{% if systemd %}
+-session        optional        pam_systemd.so
+{% endif %}
+
+{% if elogind %}
+-session        optional        pam_elogind.so
+{% endif %}


^ permalink raw reply related	[flat|nested] 26+ messages in thread

* [gentoo-commits] proj/pambase:master commit in: templates/
@ 2020-10-12 15:28 Sam James
  0 siblings, 0 replies; 26+ messages in thread
From: Sam James @ 2020-10-12 15:28 UTC (permalink / raw
  To: gentoo-commits

commit:     949722adbb7187b68f392164865a964610221604
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Sun Oct 11 20:48:41 2020 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Mon Oct 12 14:32:12 2020 +0000
URL:        https://gitweb.gentoo.org/proj/pambase.git/commit/?id=949722ad

templates/system-session.tpl: include pam_krb5.so module name

Signed-off-by: Sam James <sam <AT> gentoo.org>

 templates/system-session.tpl | 5 +----
 1 file changed, 1 insertion(+), 4 deletions(-)

diff --git a/templates/system-session.tpl b/templates/system-session.tpl
index 1538429..ce3afa5 100644
--- a/templates/system-session.tpl
+++ b/templates/system-session.tpl
@@ -5,12 +5,9 @@ session		optional	pam_mktemp.so
 {% endif %}
 
 {%if krb5 %}
-session		[success=1 default=ignore] {{ krb5_params }}
+session		[success=1 default=ignore]	pam_krb5.so {{ krb5_params }}
 {% endif %}
 
 session		required	pam_unix.so {{ debug|default('', true) }}
-{%if krb5 %}
-session         [success=1 default=ignore] {{ krb5_params }}
-{% endif %}
 
 session		optional	pam_permit.so


^ permalink raw reply related	[flat|nested] 26+ messages in thread

* [gentoo-commits] proj/pambase:master commit in: templates/
@ 2020-10-12 15:32 Sam James
  0 siblings, 0 replies; 26+ messages in thread
From: Sam James @ 2020-10-12 15:32 UTC (permalink / raw
  To: gentoo-commits

commit:     abca630446236ddf83c7686ca8742b305bf8a050
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Mon Oct 12 15:30:28 2020 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Mon Oct 12 15:30:28 2020 +0000
URL:        https://gitweb.gentoo.org/proj/pambase.git/commit/?id=abca6304

templates/system-login.tpl: remove duplicate block already in system-auth

Do it right this time!

Signed-off-by: Sam James <sam <AT> gentoo.org>

 templates/system-auth.tpl  | 5 +++++
 templates/system-login.tpl | 6 ------
 2 files changed, 5 insertions(+), 6 deletions(-)

diff --git a/templates/system-auth.tpl b/templates/system-auth.tpl
index 11319d6..557da9b 100644
--- a/templates/system-auth.tpl
+++ b/templates/system-auth.tpl
@@ -9,6 +9,11 @@ auth        [success=1 default=ignore]      pam_krb5.so {{ krb5_params }}
 
 auth		required	pam_unix.so try_first_pass {{ likeauth }} {{ nullok|default('', true) }} {{ debug|default('', true) }}
 auth		optional	pam_permit.so
+{% if not minimal %}
+auth		required	pam_faillock.so preauth conf=/etc/security/faillock.conf
+auth		sufficient	pam_unix.so nullok try_first_pass
+auth		[default=die]	pam_faillock.so authfail
+{% endif %}
 
 {% if krb5 %}
 account		[success=1 default=ignore]	pam_krb5.so {{ krb5_params }}

diff --git a/templates/system-login.tpl b/templates/system-login.tpl
index 25843f5..889c2d7 100644
--- a/templates/system-login.tpl
+++ b/templates/system-login.tpl
@@ -2,12 +2,6 @@ auth		required	pam_shells.so {{ debug|default('', true) }}
 auth		required	pam_nologin.so
 auth		include		system-auth
 
-{% if not minimal %}
-auth            required        pam_faillock.so preauth conf=/etc/security/faillock.conf
-auth            sufficient      pam_unix.so nullok try_first_pass
-auth            [default=die]   pam_faillock.so authfail
-{% endif %}
-
 account		required	pam_access.so {{ debug|default('', true) }}
 account		required	pam_nologin.so
 account		include		system-auth


^ permalink raw reply related	[flat|nested] 26+ messages in thread

* [gentoo-commits] proj/pambase:master commit in: templates/
@ 2020-10-12 17:30 Sam James
  0 siblings, 0 replies; 26+ messages in thread
From: Sam James @ 2020-10-12 17:30 UTC (permalink / raw
  To: gentoo-commits

commit:     e0835e729bcf04f501d4610cf3925ec41b37c5f5
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Mon Oct 12 17:30:18 2020 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Mon Oct 12 17:30:18 2020 +0000
URL:        https://gitweb.gentoo.org/proj/pambase.git/commit/?id=e0835e72

templates/system-auth.tpl: drop superfluous conf param on faillock

pam_faillock defaults to /etc/security/faillock.conf anyway.

Closes: https://bugs.gentoo.org/747967
Signed-off-by: Sam James <sam <AT> gentoo.org>

 templates/system-auth.tpl | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/templates/system-auth.tpl b/templates/system-auth.tpl
index 557da9b..bc28468 100644
--- a/templates/system-auth.tpl
+++ b/templates/system-auth.tpl
@@ -10,7 +10,7 @@ auth        [success=1 default=ignore]      pam_krb5.so {{ krb5_params }}
 auth		required	pam_unix.so try_first_pass {{ likeauth }} {{ nullok|default('', true) }} {{ debug|default('', true) }}
 auth		optional	pam_permit.so
 {% if not minimal %}
-auth		required	pam_faillock.so preauth conf=/etc/security/faillock.conf
+auth		required	pam_faillock.so preauth
 auth		sufficient	pam_unix.so nullok try_first_pass
 auth		[default=die]	pam_faillock.so authfail
 {% endif %}


^ permalink raw reply related	[flat|nested] 26+ messages in thread

* [gentoo-commits] proj/pambase:master commit in: templates/
@ 2020-10-20  2:38 Sam James
  0 siblings, 0 replies; 26+ messages in thread
From: Sam James @ 2020-10-20  2:38 UTC (permalink / raw
  To: gentoo-commits

commit:     eb138196aa2d3cb860d5eb5ab1d05985df34ad2c
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Tue Oct 20 02:32:28 2020 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Tue Oct 20 02:38:20 2020 +0000
URL:        https://gitweb.gentoo.org/proj/pambase.git/commit/?id=eb138196

templates/system-auth.tpl: use faillock in minimal case

Bug: https://bugs.gentoo.org/748405
Signed-off-by: Sam James <sam <AT> gentoo.org>

 templates/system-auth.tpl | 7 ++-----
 1 file changed, 2 insertions(+), 5 deletions(-)

diff --git a/templates/system-auth.tpl b/templates/system-auth.tpl
index bc28468..faf18ee 100644
--- a/templates/system-auth.tpl
+++ b/templates/system-auth.tpl
@@ -7,13 +7,10 @@ auth		sufficient	pam_ssh.so
 auth        [success=1 default=ignore]      pam_krb5.so {{ krb5_params }}
 {% endif %}
 
-auth		required	pam_unix.so try_first_pass {{ likeauth }} {{ nullok|default('', true) }} {{ debug|default('', true) }}
 auth		optional	pam_permit.so
-{% if not minimal %}
-auth		required	pam_faillock.so preauth
-auth		sufficient	pam_unix.so nullok try_first_pass
+auth		requisite	pam_faillock.so preauth
+auth		[success=1 default=ignore]	pam_unix.so {{ nullok|default('', true) }} {{ debug|default('', true) }} try_first_pass
 auth		[default=die]	pam_faillock.so authfail
-{% endif %}
 
 {% if krb5 %}
 account		[success=1 default=ignore]	pam_krb5.so {{ krb5_params }}


^ permalink raw reply related	[flat|nested] 26+ messages in thread

* [gentoo-commits] proj/pambase:master commit in: templates/
@ 2020-10-26 22:49 Sam James
  0 siblings, 0 replies; 26+ messages in thread
From: Sam James @ 2020-10-26 22:49 UTC (permalink / raw
  To: gentoo-commits

commit:     99919c4b2b59af27e7ad1daa6fbe8c614a8463c0
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Mon Oct 26 08:32:29 2020 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Mon Oct 26 22:48:06 2020 +0000
URL:        https://gitweb.gentoo.org/proj/pambase.git/commit/?id=99919c4b

templates/system-auth.tpl: skip pam_unix with krb5

Before this change, success on pam_krb5 would result in jumping
one line (over pam_permit) back into pam_unix.

Incidentally, we did the later stanza correctly. This was a regression
from old pambase.

Bug: https://bugs.gentoo.org/748405
Signed-off-by: Sam James <sam <AT> gentoo.org>

 templates/system-auth.tpl | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/templates/system-auth.tpl b/templates/system-auth.tpl
index 8b61701..668303f 100644
--- a/templates/system-auth.tpl
+++ b/templates/system-auth.tpl
@@ -4,20 +4,20 @@ auth		sufficient	pam_ssh.so
 {% endif %}
 
 {% if krb5 %}
-auth        [success=1 default=ignore]      pam_krb5.so {{ krb5_params }}
+auth		[success=4 default=ignore]      pam_krb5.so {{ krb5_params }}
 {% endif %}
 
-auth		optional	pam_permit.so
 auth		requisite	pam_faillock.so preauth
 auth		[success=1 default=ignore]	pam_unix.so {{ nullok|default('', true) }} {{ debug|default('', true) }} try_first_pass
 auth		[default=die]	pam_faillock.so authfail
+auth		optional	pam_permit.so
 
 {% if krb5 %}
-account		[success=1 default=ignore]	pam_krb5.so {{ krb5_params }}
+account		[success=2 default=ignore]	pam_krb5.so {{ krb5_params }}
 {% endif %}
 account		required	pam_unix.so {{ debug|default('', true) }}
-account		optional	pam_permit.so
 account         required        pam_faillock.so
+account         optional        pam_permit.so
 
 {% if passwdqc %}
 password	required	pam_passwdqc.so config=/etc/security/passwdqc.conf


^ permalink raw reply related	[flat|nested] 26+ messages in thread

* [gentoo-commits] proj/pambase:master commit in: templates/
@ 2020-10-26 22:49 Sam James
  0 siblings, 0 replies; 26+ messages in thread
From: Sam James @ 2020-10-26 22:49 UTC (permalink / raw
  To: gentoo-commits

commit:     473b931a56c9387cc6a1e1eddef2260fc9f3896f
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Mon Oct 26 08:33:23 2020 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Mon Oct 26 21:14:00 2020 +0000
URL:        https://gitweb.gentoo.org/proj/pambase.git/commit/?id=473b931a

templates/system-login.tpl: always need faillock

Fixes: eb138196aa2d3cb860d5eb5ab1d05985df34ad2c
Signed-off-by: Sam James <sam <AT> gentoo.org>

 templates/system-auth.tpl  | 2 --
 templates/system-login.tpl | 2 --
 2 files changed, 4 deletions(-)

diff --git a/templates/system-auth.tpl b/templates/system-auth.tpl
index faf18ee..8b61701 100644
--- a/templates/system-auth.tpl
+++ b/templates/system-auth.tpl
@@ -17,9 +17,7 @@ account		[success=1 default=ignore]	pam_krb5.so {{ krb5_params }}
 {% endif %}
 account		required	pam_unix.so {{ debug|default('', true) }}
 account		optional	pam_permit.so
-{% if not minimal %}
 account         required        pam_faillock.so
-{% endif %}
 
 {% if passwdqc %}
 password	required	pam_passwdqc.so config=/etc/security/passwdqc.conf

diff --git a/templates/system-login.tpl b/templates/system-login.tpl
index 889c2d7..6a0d544 100644
--- a/templates/system-login.tpl
+++ b/templates/system-login.tpl
@@ -5,9 +5,7 @@ auth		include		system-auth
 account		required	pam_access.so {{ debug|default('', true) }}
 account		required	pam_nologin.so
 account		include		system-auth
-{% if not minimal %}
 account         required        pam_faillock.so
-{% endif %}
 
 password	include		system-auth
 session         optional        pam_loginuid.so


^ permalink raw reply related	[flat|nested] 26+ messages in thread

* [gentoo-commits] proj/pambase:master commit in: templates/
@ 2020-10-26 22:49 Sam James
  0 siblings, 0 replies; 26+ messages in thread
From: Sam James @ 2020-10-26 22:49 UTC (permalink / raw
  To: gentoo-commits

commit:     47a7d6f7477ac279b271babd970d2b4b6839fdb5
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Mon Oct 26 21:15:18 2020 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Mon Oct 26 22:48:39 2020 +0000
URL:        https://gitweb.gentoo.org/proj/pambase.git/commit/?id=47a7d6f7

templates/system-auth.tpl: fix libcap module name

Bug: https://bugs.gentoo.org/750524
Signed-off-by: Sam James <sam <AT> gentoo.org>

 templates/system-auth.tpl | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/templates/system-auth.tpl b/templates/system-auth.tpl
index 668303f..2ffd7ea 100644
--- a/templates/system-auth.tpl
+++ b/templates/system-auth.tpl
@@ -43,7 +43,7 @@ session		optional	pam_ssh.so
 {% endif %}
 
 {% if libcap %}
--session        optional        pam_libcap.so
+-session        optional        pam_cap.so
 {% endif %}
 
 {% include "templates/system-session.tpl" %}


^ permalink raw reply related	[flat|nested] 26+ messages in thread

* [gentoo-commits] proj/pambase:master commit in: templates/
@ 2020-10-28 16:15 Mikle Kolyada
  0 siblings, 0 replies; 26+ messages in thread
From: Mikle Kolyada @ 2020-10-28 16:15 UTC (permalink / raw
  To: gentoo-commits

commit:     74b99b4462138ed6b496725b2499fb5d17ad9371
Author:     Mikle Kolyada <zlogene <AT> gentoo <DOT> org>
AuthorDate: Wed Oct 28 16:07:21 2020 +0000
Commit:     Mikle Kolyada <zlogene <AT> gentoo <DOT> org>
CommitDate: Wed Oct 28 16:13:35 2020 +0000
URL:        https://gitweb.gentoo.org/proj/pambase.git/commit/?id=74b99b44

Do not use use_authtok if no passwd module was stacked

Signed-off-by: Mikle Kolyada <zlogene <AT> gentoo.org>

 templates/system-auth.tpl | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/templates/system-auth.tpl b/templates/system-auth.tpl
index 2ffd7ea..6edba8d 100644
--- a/templates/system-auth.tpl
+++ b/templates/system-auth.tpl
@@ -35,7 +35,12 @@ password        required        pam_pwhistory.so use_authtok remember=5 retry=3
 password	[success=1 default=ignore]	pam_krb5.so {{ krb5_params }}
 {% endif %}
 
+{% if passwdqc or pwquality %}
 password	required	pam_unix.so try_first_pass {{ unix_authtok|default('', true) }} {{ nullok|default('', true) }} {{ unix_extended_encryption|default('', true) }} {{ debug|default('', true) }}
+{% else %}
+password        required        pam_unix.so try_first_pass {{ nullok|default('', true) }} {{ unix_extended_encryption|default('', true) }} {{ debug|default('', true) }}
+{% endif %}
+
 password	optional	pam_permit.so
 
 {% if pam_ssh %}


^ permalink raw reply related	[flat|nested] 26+ messages in thread

* [gentoo-commits] proj/pambase:master commit in: templates/
@ 2020-10-28 19:25 Mikle Kolyada
  0 siblings, 0 replies; 26+ messages in thread
From: Mikle Kolyada @ 2020-10-28 19:25 UTC (permalink / raw
  To: gentoo-commits

commit:     de5f97873c345b69c44df5a9d06fcd69ee6c5ccf
Author:     Mikle Kolyada <zlogene <AT> gentoo <DOT> org>
AuthorDate: Wed Oct 28 19:24:04 2020 +0000
Commit:     Mikle Kolyada <zlogene <AT> gentoo <DOT> org>
CommitDate: Wed Oct 28 19:24:04 2020 +0000
URL:        https://gitweb.gentoo.org/proj/pambase.git/commit/?id=de5f9787

fix number of jumps when pam_krb5 used

Signed-off-by: Mikle Kolyada <zlogene <AT> gentoo.org>

 templates/system-auth.tpl  | 2 +-
 templates/system-login.tpl | 1 -
 2 files changed, 1 insertion(+), 2 deletions(-)

diff --git a/templates/system-auth.tpl b/templates/system-auth.tpl
index 6edba8d..6964e05 100644
--- a/templates/system-auth.tpl
+++ b/templates/system-auth.tpl
@@ -4,7 +4,7 @@ auth		sufficient	pam_ssh.so
 {% endif %}
 
 {% if krb5 %}
-auth		[success=4 default=ignore]      pam_krb5.so {{ krb5_params }}
+auth		[success=3 default=ignore]      pam_krb5.so {{ krb5_params }}
 {% endif %}
 
 auth		requisite	pam_faillock.so preauth

diff --git a/templates/system-login.tpl b/templates/system-login.tpl
index 6a0d544..0c60bb6 100644
--- a/templates/system-login.tpl
+++ b/templates/system-login.tpl
@@ -5,7 +5,6 @@ auth		include		system-auth
 account		required	pam_access.so {{ debug|default('', true) }}
 account		required	pam_nologin.so
 account		include		system-auth
-account         required        pam_faillock.so
 
 password	include		system-auth
 session         optional        pam_loginuid.so


^ permalink raw reply related	[flat|nested] 26+ messages in thread

* [gentoo-commits] proj/pambase:master commit in: templates/
@ 2020-11-02 23:41 Sam James
  0 siblings, 0 replies; 26+ messages in thread
From: Sam James @ 2020-11-02 23:41 UTC (permalink / raw
  To: gentoo-commits

commit:     daeb59effa26ace52bf699229a1bc22afe8808fd
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Mon Nov  2 23:38:12 2020 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Mon Nov  2 23:39:38 2020 +0000
URL:        https://gitweb.gentoo.org/proj/pambase.git/commit/?id=daeb59ef

templates/system-auth.tpl: fix pam_cap realm

This fixes the pam_cap realm which can only
be auth. This is a regression from old pre-rewrite
pambase.

It was however exposed by the fixing of an incorrect
module name (pam_libcap -> pam_cap) not long ago.

Bug: https://bugs.gentoo.org/751946
Signed-off-by: Sam James <sam <AT> gentoo.org>

 templates/system-auth.tpl | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/templates/system-auth.tpl b/templates/system-auth.tpl
index 6964e05..2f2fe76 100644
--- a/templates/system-auth.tpl
+++ b/templates/system-auth.tpl
@@ -48,7 +48,7 @@ session		optional	pam_ssh.so
 {% endif %}
 
 {% if libcap %}
--session        optional        pam_cap.so
+-auth		optional	pam_cap.so
 {% endif %}
 
 {% include "templates/system-session.tpl" %}


^ permalink raw reply related	[flat|nested] 26+ messages in thread

* [gentoo-commits] proj/pambase:master commit in: templates/
@ 2020-11-03  7:22 Sam James
  0 siblings, 0 replies; 26+ messages in thread
From: Sam James @ 2020-11-03  7:22 UTC (permalink / raw
  To: gentoo-commits

commit:     3f36e2c3de28b3cde25a27d05e49d354e098c368
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Tue Nov  3 07:19:16 2020 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Tue Nov  3 07:19:16 2020 +0000
URL:        https://gitweb.gentoo.org/proj/pambase.git/commit/?id=3f36e2c3

templates/system-auth.tpl: shift cap to be with other auth

Signed-off-by: Sam James <sam <AT> gentoo.org>

 templates/system-auth.tpl | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/templates/system-auth.tpl b/templates/system-auth.tpl
index 4ff78e4..19e08fa 100644
--- a/templates/system-auth.tpl
+++ b/templates/system-auth.tpl
@@ -12,6 +12,10 @@ auth		[success=1 default=ignore]	pam_unix.so {{ nullok|default('', true) }} {{ d
 auth		[default=die]	pam_faillock.so authfail
 auth		optional	pam_permit.so
 
+{% if caps %}
+-auth		optional	pam_cap.so
+{% endif %}
+
 {% if krb5 %}
 account		[success=2 default=ignore]	pam_krb5.so {{ krb5_params }}
 {% endif %}
@@ -47,8 +51,4 @@ password	optional	pam_permit.so
 session		optional	pam_ssh.so
 {% endif %}
 
-{% if caps %}
--auth		optional	pam_cap.so
-{% endif %}
-
 {% include "templates/system-session.tpl" %}


^ permalink raw reply related	[flat|nested] 26+ messages in thread

* [gentoo-commits] proj/pambase:master commit in: templates/
@ 2020-12-19 22:34 Mikle Kolyada
  0 siblings, 0 replies; 26+ messages in thread
From: Mikle Kolyada @ 2020-12-19 22:34 UTC (permalink / raw
  To: gentoo-commits

commit:     b725e39af14b57b69a256818bc1c98f98122c6a1
Author:     Mikle KOlyada <zlogene <AT> gentoo <DOT> org>
AuthorDate: Sat Dec 19 22:30:15 2020 +0000
Commit:     Mikle Kolyada <zlogene <AT> gentoo <DOT> org>
CommitDate: Sat Dec 19 22:30:15 2020 +0000
URL:        https://gitweb.gentoo.org/proj/pambase.git/commit/?id=b725e39a

strip pam_permit.so from system-auth

Signed-off-by: Mikle KOlyada <zlogene <AT> gentoo.org>

 templates/system-auth.tpl    | 4 ----
 templates/system-session.tpl | 2 --
 2 files changed, 6 deletions(-)

diff --git a/templates/system-auth.tpl b/templates/system-auth.tpl
index 19e08fa..01a29db 100644
--- a/templates/system-auth.tpl
+++ b/templates/system-auth.tpl
@@ -10,7 +10,6 @@ auth		[success=3 default=ignore]      pam_krb5.so {{ krb5_params }}
 auth		requisite	pam_faillock.so preauth
 auth		[success=1 default=ignore]	pam_unix.so {{ nullok|default('', true) }} {{ debug|default('', true) }} try_first_pass
 auth		[default=die]	pam_faillock.so authfail
-auth		optional	pam_permit.so
 
 {% if caps %}
 -auth		optional	pam_cap.so
@@ -21,7 +20,6 @@ account		[success=2 default=ignore]	pam_krb5.so {{ krb5_params }}
 {% endif %}
 account		required	pam_unix.so {{ debug|default('', true) }}
 account         required        pam_faillock.so
-account         optional        pam_permit.so
 
 {% if passwdqc %}
 password	required	pam_passwdqc.so config=/etc/security/passwdqc.conf
@@ -45,8 +43,6 @@ password	required	pam_unix.so try_first_pass {{ unix_authtok|default('', true) }
 password        required        pam_unix.so try_first_pass {{ nullok|default('', true) }} {{ unix_extended_encryption|default('', true) }} {{ debug|default('', true) }}
 {% endif %}
 
-password	optional	pam_permit.so
-
 {% if pam_ssh %}
 session		optional	pam_ssh.so
 {% endif %}

diff --git a/templates/system-session.tpl b/templates/system-session.tpl
index ce3afa5..2a7024b 100644
--- a/templates/system-session.tpl
+++ b/templates/system-session.tpl
@@ -9,5 +9,3 @@ session		[success=1 default=ignore]	pam_krb5.so {{ krb5_params }}
 {% endif %}
 
 session		required	pam_unix.so {{ debug|default('', true) }}
-
-session		optional	pam_permit.so


^ permalink raw reply related	[flat|nested] 26+ messages in thread

* [gentoo-commits] proj/pambase:master commit in: templates/
@ 2020-12-20 17:53 Mikle Kolyada
  0 siblings, 0 replies; 26+ messages in thread
From: Mikle Kolyada @ 2020-12-20 17:53 UTC (permalink / raw
  To: gentoo-commits

commit:     ee4f6b1a6b402ebdf3c5763d934f1aaa6b32e633
Author:     Mikle KOlyada <zlogene <AT> gentoo <DOT> org>
AuthorDate: Sun Dec 20 17:52:38 2020 +0000
Commit:     Mikle Kolyada <zlogene <AT> gentoo <DOT> org>
CommitDate: Sun Dec 20 17:52:38 2020 +0000
URL:        https://gitweb.gentoo.org/proj/pambase.git/commit/?id=ee4f6b1a

system-login: add pam_time.so

Signed-off-by: Mikle KOlyada <zlogene <AT> gentoo.org>

 templates/system-login.tpl | 1 +
 1 file changed, 1 insertion(+)

diff --git a/templates/system-login.tpl b/templates/system-login.tpl
index 0c60bb6..b4b74cf 100644
--- a/templates/system-login.tpl
+++ b/templates/system-login.tpl
@@ -4,6 +4,7 @@ auth		include		system-auth
 
 account		required	pam_access.so {{ debug|default('', true) }}
 account		required	pam_nologin.so
+account         required        pam_time.so
 account		include		system-auth
 
 password	include		system-auth


^ permalink raw reply related	[flat|nested] 26+ messages in thread

* [gentoo-commits] proj/pambase:master commit in: templates/
@ 2021-02-02 20:56 Sam James
  0 siblings, 0 replies; 26+ messages in thread
From: Sam James @ 2021-02-02 20:56 UTC (permalink / raw
  To: gentoo-commits

commit:     c3471f99454e8d086e133beaaf28b129fb22fc40
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Tue Feb  2 15:50:25 2021 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Tue Feb  2 15:50:25 2021 +0000
URL:        https://gitweb.gentoo.org/proj/pambase.git/commit/?id=c3471f99

templates/system-auth.tpl: fix try_first_pass typo

Closes: https://github.com/gentoo/pambase/issues/6
Signed-off-by: Sam James <sam <AT> gentoo.org>

 templates/system-auth.tpl | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/templates/system-auth.tpl b/templates/system-auth.tpl
index 1adee05..62344ff 100644
--- a/templates/system-auth.tpl
+++ b/templates/system-auth.tpl
@@ -12,7 +12,7 @@ auth		requisite	pam_faillock.so preauth
 auth		[success=2 default=ignore]	pam_unix.so {{ nullok|default('', true) }} {{ debug|default('', true) }} try_first_pass
 auth            [success=1 default=ignore]      pam_systemd_home.so
 {% else %}
-auth            [success=1 default=ignore]      pam_unix.so {{ nullok|default('', true) }} {{ debug|default('', true) }} try_first_pas
+auth            [success=1 default=ignore]      pam_unix.so {{ nullok|default('', true) }} {{ debug|default('', true) }} try_first_pass
 {% endif %}
 auth		[default=die]	pam_faillock.so authfail
 


^ permalink raw reply related	[flat|nested] 26+ messages in thread

* [gentoo-commits] proj/pambase:master commit in: templates/
@ 2022-02-14 16:52 Sam James
  0 siblings, 0 replies; 26+ messages in thread
From: Sam James @ 2022-02-14 16:52 UTC (permalink / raw
  To: gentoo-commits

commit:     dacde6da43a9c87f896b842946b514cd49db5dd3
Author:     Alexandra Parker <alex.iris.parker <AT> gmail <DOT> com>
AuthorDate: Sat Feb 12 21:30:29 2022 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Mon Feb 14 16:51:51 2022 +0000
URL:        https://gitweb.gentoo.org/proj/pambase.git/commit/?id=dacde6da

homed: add before pam_unix

- --homed inserts pam_systemd_home before pam_unix

- --homed --krb5 does that and adjusts krb5's jump to 4 modules

Signed-off-by: Alexandra Parker <alex.iris.parker <AT> gmail.com>
Closes: https://bugs.gentoo.org/808993
Closes: https://github.com/gentoo/pambase/pull/9
Signed-off-by: Sam James <sam <AT> gentoo.org>

 templates/system-auth.tpl | 8 +++-----
 1 file changed, 3 insertions(+), 5 deletions(-)

diff --git a/templates/system-auth.tpl b/templates/system-auth.tpl
index 62344ff..9739b6f 100644
--- a/templates/system-auth.tpl
+++ b/templates/system-auth.tpl
@@ -4,16 +4,14 @@ auth		sufficient	pam_ssh.so
 {% endif %}
 
 {% if krb5 %}
-auth		[success=3 default=ignore]      pam_krb5.so {{ krb5_params }}
+auth		[success={{ 4 if homed else 3 }} default=ignore]      pam_krb5.so {{ krb5_params }}
 {% endif %}
 
 auth		requisite	pam_faillock.so preauth
 {% if homed %}
-auth		[success=2 default=ignore]	pam_unix.so {{ nullok|default('', true) }} {{ debug|default('', true) }} try_first_pass
-auth            [success=1 default=ignore]      pam_systemd_home.so
-{% else %}
-auth            [success=1 default=ignore]      pam_unix.so {{ nullok|default('', true) }} {{ debug|default('', true) }} try_first_pass
+auth            [success=2 default=ignore]      pam_systemd_home.so
 {% endif %}
+auth            [success=1 default=ignore]      pam_unix.so {{ nullok|default('', true) }} {{ debug|default('', true) }} try_first_pass
 auth		[default=die]	pam_faillock.so authfail
 
 {% if caps %}


^ permalink raw reply related	[flat|nested] 26+ messages in thread

* [gentoo-commits] proj/pambase:master commit in: templates/
@ 2022-08-13 18:29 Sam James
  0 siblings, 0 replies; 26+ messages in thread
From: Sam James @ 2022-08-13 18:29 UTC (permalink / raw
  To: gentoo-commits

commit:     ce3e0c4f0648ce44cb239be043a85468b29c4b13
Author:     Michael Jones <jonesmz <AT> users <DOT> noreply <DOT> github <DOT> com>
AuthorDate: Sat Aug  6 05:41:29 2022 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Sat Aug 13 18:28:30 2022 +0000
URL:        https://gitweb.gentoo.org/proj/pambase.git/commit/?id=ce3e0c4f

other.tpl: Fix whitespace

Closes: https://github.com/gentoo/pambase/pull/14
Signed-off-by: Sam James <sam <AT> gentoo.org>

 templates/other.tpl | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/templates/other.tpl b/templates/other.tpl
index f3b7198..9544f8e 100644
--- a/templates/other.tpl
+++ b/templates/other.tpl
@@ -1,4 +1,4 @@
 auth		required	pam_deny.so
 account		required	pam_deny.so
-password   	required	pam_deny.so
-session    	required	pam_deny.so
+password		required	pam_deny.so
+session		required	pam_deny.so


^ permalink raw reply related	[flat|nested] 26+ messages in thread

* [gentoo-commits] proj/pambase:master commit in: templates/
@ 2022-08-13 18:29 Sam James
  0 siblings, 0 replies; 26+ messages in thread
From: Sam James @ 2022-08-13 18:29 UTC (permalink / raw
  To: gentoo-commits

commit:     f039f4766ce2b7cfc0ddec806805a4144534c99b
Author:     Michael Jones <jonesmz <AT> jonesmz <DOT> com>
AuthorDate: Sat Aug  6 06:06:06 2022 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Sat Aug 13 18:28:46 2022 +0000
URL:        https://gitweb.gentoo.org/proj/pambase.git/commit/?id=f039f476

system-login.tpl: Fix whitespace

Closes: https://github.com/gentoo/pambase/pull/16
Signed-off-by: Sam James <sam <AT> gentoo.org>

 templates/system-login.tpl | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/templates/system-login.tpl b/templates/system-login.tpl
index b4b74cf..0269296 100644
--- a/templates/system-login.tpl
+++ b/templates/system-login.tpl
@@ -4,11 +4,11 @@ auth		include		system-auth
 
 account		required	pam_access.so {{ debug|default('', true) }}
 account		required	pam_nologin.so
-account         required        pam_time.so
+account		required	pam_time.so
 account		include		system-auth
 
 password	include		system-auth
-session         optional        pam_loginuid.so
+session		optional	pam_loginuid.so
 {% if selinux %}
 session		required	pam_selinux.so close
 {% endif %}
@@ -32,9 +32,9 @@ session		optional	pam_mail.so
 {% endif %}
 
 {% if systemd %}
--session        optional        pam_systemd.so
+-session	optional	pam_systemd.so
 {% endif %}
 
 {% if elogind %}
--session        optional        pam_elogind.so
+-session	optional	pam_elogind.so
 {% endif %}


^ permalink raw reply related	[flat|nested] 26+ messages in thread

* [gentoo-commits] proj/pambase:master commit in: templates/
@ 2022-08-13 18:29 Sam James
  0 siblings, 0 replies; 26+ messages in thread
From: Sam James @ 2022-08-13 18:29 UTC (permalink / raw
  To: gentoo-commits

commit:     2bb5c1846ca7a3222b8ff071d4bc3e63da68d3f1
Author:     Michael Jones <jonesmz <AT> users <DOT> noreply <DOT> github <DOT> com>
AuthorDate: Sat Aug  6 05:40:20 2022 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Sat Aug 13 18:28:11 2022 +0000
URL:        https://gitweb.gentoo.org/proj/pambase.git/commit/?id=2bb5c184

login.tpl: Fix unnecessary space character

Closes: https://github.com/gentoo/pambase/pull/13
Signed-off-by: Sam James <sam <AT> gentoo.org>

 templates/login.tpl | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/templates/login.tpl b/templates/login.tpl
index 23e262a..cb85249 100644
--- a/templates/login.tpl
+++ b/templates/login.tpl
@@ -5,5 +5,5 @@ auth		required	pam_securetty.so
 auth		include		system-local-login
 account		include		system-local-login
 password	include		system-local-login
-session		optional 	pam_lastlog.so {{ debug|default('', true) }}
+session		optional	pam_lastlog.so {{ debug|default('', true) }}
 session		include		system-local-login


^ permalink raw reply related	[flat|nested] 26+ messages in thread

* [gentoo-commits] proj/pambase:master commit in: templates/
@ 2024-01-28  8:14 Sam James
  0 siblings, 0 replies; 26+ messages in thread
From: Sam James @ 2024-01-28  8:14 UTC (permalink / raw
  To: gentoo-commits

commit:     f6e52e5b96c20426687bc8041b171c9b788d7910
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Sun Jan 28 08:14:35 2024 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Sun Jan 28 08:14:35 2024 +0000
URL:        https://gitweb.gentoo.org/proj/pambase.git/commit/?id=f6e52e5b

system-auth.tpl: fix sssd's pam_deny

Closes: https://bugs.gentoo.org/922918
Signed-off-by: Sam James <sam <AT> gentoo.org>

 templates/system-auth.tpl | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/templates/system-auth.tpl b/templates/system-auth.tpl
index 4065e89..9a274a4 100644
--- a/templates/system-auth.tpl
+++ b/templates/system-auth.tpl
@@ -31,7 +31,7 @@ auth		sufficient	pam_sss.so forward_pass {{ debug|default('', true) }}
 auth		optional	pam_cap.so
 {% endif %}
 {% if sssd %}
-auth		sufficient	pam_deny.so
+auth		required	pam_deny.so
 {% endif %}
 {% if krb5 %}
 account		[success=2 default=ignore]	pam_krb5.so {{ krb5_params }}


^ permalink raw reply related	[flat|nested] 26+ messages in thread

end of thread, other threads:[~2024-01-28  8:14 UTC | newest]

Thread overview: 26+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2020-10-26 22:49 [gentoo-commits] proj/pambase:master commit in: templates/ Sam James
  -- strict thread matches above, loose matches on Subject: below --
2024-01-28  8:14 Sam James
2022-08-13 18:29 Sam James
2022-08-13 18:29 Sam James
2022-08-13 18:29 Sam James
2022-02-14 16:52 Sam James
2021-02-02 20:56 Sam James
2020-12-20 17:53 Mikle Kolyada
2020-12-19 22:34 Mikle Kolyada
2020-11-03  7:22 Sam James
2020-11-02 23:41 Sam James
2020-10-28 19:25 Mikle Kolyada
2020-10-28 16:15 Mikle Kolyada
2020-10-26 22:49 Sam James
2020-10-26 22:49 Sam James
2020-10-20  2:38 Sam James
2020-10-12 17:30 Sam James
2020-10-12 15:32 Sam James
2020-10-12 15:28 Sam James
2020-10-12 15:28 Sam James
2020-10-12 15:28 Sam James
2020-10-10 15:40 Mikle Kolyada
2020-09-09 16:36 Mikle Kolyada
2020-08-05  6:10 Sam James
2020-08-04 13:36 Mikle Kolyada
2020-08-04 12:41 Mikle Kolyada

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox