From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id EF1171382C5 for ; Sun, 31 Jan 2021 21:36:14 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 34B41E0823; Sun, 31 Jan 2021 21:36:14 +0000 (UTC) Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 1C9EAE0823 for ; Sun, 31 Jan 2021 21:36:14 +0000 (UTC) Received: from oystercatcher.gentoo.org (unknown [IPv6:2a01:4f8:202:4333:225:90ff:fed9:fc84]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.gentoo.org (Postfix) with ESMTPS id DFE6F3410BC for ; Sun, 31 Jan 2021 21:36:12 +0000 (UTC) Received: from localhost.localdomain (localhost [IPv6:::1]) by oystercatcher.gentoo.org (Postfix) with ESMTP id 541604A1 for ; Sun, 31 Jan 2021 21:36:11 +0000 (UTC) From: "Sam James" To: gentoo-commits@lists.gentoo.org Content-Transfer-Encoding: 8bit Content-type: text/plain; charset=UTF-8 Reply-To: gentoo-dev@lists.gentoo.org, "Sam James" Message-ID: <1612128961.5a545eb14a1220af1ba8031f3669471e77edbc2f.sam@gentoo> Subject: [gentoo-commits] proj/pambase:master commit in: /, templates/ X-VCS-Repository: proj/pambase X-VCS-Files: pambase.py templates/system-auth.tpl templates/system-session.tpl X-VCS-Directories: / templates/ X-VCS-Committer: sam X-VCS-Committer-Name: Sam James X-VCS-Revision: 5a545eb14a1220af1ba8031f3669471e77edbc2f X-VCS-Branch: master Date: Sun, 31 Jan 2021 21:36:11 +0000 (UTC) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-commits@lists.gentoo.org X-Auto-Response-Suppress: DR, RN, NRN, OOF, AutoReply X-Archives-Salt: 1b7e8733-f99a-48cc-9590-103cf4cde7c5 X-Archives-Hash: e58fafb5df10efd4866e86728d8750a0 commit: 5a545eb14a1220af1ba8031f3669471e77edbc2f Author: Mikle KOlyada gentoo org> AuthorDate: Sat Jan 30 19:50:12 2021 +0000 Commit: Sam James gentoo org> CommitDate: Sun Jan 31 21:36:01 2021 +0000 URL: https://gitweb.gentoo.org/proj/pambase.git/commit/?id=5a545eb1 systemd-auth: add systemd-homed support Signed-off-by: Mikle KOlyada gentoo.org> Closes: https://github.com/gentoo/pambase/pull/5 Signed-off-by: Sam James gentoo.org> pambase.py | 1 + templates/system-auth.tpl | 18 ++++++++++++++++-- templates/system-session.tpl | 4 ++++ 3 files changed, 21 insertions(+), 2 deletions(-) diff --git a/pambase.py b/pambase.py index eb3d4fe..b306ca4 100755 --- a/pambase.py +++ b/pambase.py @@ -15,6 +15,7 @@ def main(): parser.add_argument('--pwquality', action="store_true", help='enable pam_pwquality.so module') parser.add_argument('--elogind', action="store_true", help='enable pam_elogind.so module') parser.add_argument('--systemd', action="store_true", help='enable pam_systemd.so module') + parser.add_argument('--homed', action="store_true", help='enable pam_systemd_home.so module') parser.add_argument('--selinux', action="store_true", help='enable pam_selinux.so module') parser.add_argument('--mktemp', action="store_true", help='enable pam_mktemp.so module') parser.add_argument('--pam-ssh', action="store_true", help='enable pam_ssh.so module') diff --git a/templates/system-auth.tpl b/templates/system-auth.tpl index 53557dc..174aacf 100644 --- a/templates/system-auth.tpl +++ b/templates/system-auth.tpl @@ -11,11 +11,16 @@ auth [success=3 default=ignore] pam_krb5.so {{ krb5_params }} {% endif %} auth requisite pam_faillock.so preauth -auth [success=1 default=ignore] pam_unix.so {{ nullok|default('', true) }} {{ debug|default('', true) }} try_first_pass +{% if homed %} +auth [success=2 default=ignore] pam_unix.so {{ nullok|default('', true) }} {{ debug|default('', true) }} try_first_pass +auth [success=1 default=ignore] pam_systemd_home.so +{% else %} +auth [success=1 default=ignore] pam_unix.so {{ nullok|default('', true) }} {{ debug|default('', true) }} try_first_pas +{% endif %} auth [default=die] pam_faillock.so authfail {% if caps %} --auth optional pam_cap.so +auth optional pam_cap.so {% endif %} {% if homed %} @@ -24,6 +29,11 @@ auth [default=die] pam_faillock.so authfail {% if krb5 %} account [success=2 default=ignore] pam_krb5.so {{ krb5_params }} {% endif %} + +{% if homed %} +account [success=1 default=ignore] pam_systemd_home.so +{% endif %} + account required pam_unix.so {{ debug|default('', true) }} account required pam_faillock.so @@ -43,6 +53,10 @@ password required pam_pwhistory.so use_authtok remember=5 retry=3 password [success=1 default=ignore] pam_krb5.so {{ krb5_params }} {% endif %} +{% if homed %} +password [success=1 default=ignore] pam_systemd_home.so +{% endif %} + {% if passwdqc or pwquality %} password required pam_unix.so try_first_pass {{ unix_authtok|default('', true) }} {{ nullok|default('', true) }} {{ unix_extended_encryption|default('', true) }} {{ debug|default('', true) }} {% else %} diff --git a/templates/system-session.tpl b/templates/system-session.tpl index 3dd1d70..48653d4 100644 --- a/templates/system-session.tpl +++ b/templates/system-session.tpl @@ -12,4 +12,8 @@ session optional pam_mktemp.so session [success=1 default=ignore] pam_krb5.so {{ krb5_params }} {% endif %} +{% if homed %} +session [success=1 default=ignore] pam_systemd_home.so +{% endif %} + session required pam_unix.so {{ debug|default('', true) }}