* [gentoo-commits] proj/pambase:master commit in: templates/
@ 2022-08-13 18:29 Sam James
0 siblings, 0 replies; 26+ messages in thread
From: Sam James @ 2022-08-13 18:29 UTC (permalink / raw
To: gentoo-commits
commit: 2bb5c1846ca7a3222b8ff071d4bc3e63da68d3f1
Author: Michael Jones <jonesmz <AT> users <DOT> noreply <DOT> github <DOT> com>
AuthorDate: Sat Aug 6 05:40:20 2022 +0000
Commit: Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Sat Aug 13 18:28:11 2022 +0000
URL: https://gitweb.gentoo.org/proj/pambase.git/commit/?id=2bb5c184
login.tpl: Fix unnecessary space character
Closes: https://github.com/gentoo/pambase/pull/13
Signed-off-by: Sam James <sam <AT> gentoo.org>
templates/login.tpl | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/templates/login.tpl b/templates/login.tpl
index 23e262a..cb85249 100644
--- a/templates/login.tpl
+++ b/templates/login.tpl
@@ -5,5 +5,5 @@ auth required pam_securetty.so
auth include system-local-login
account include system-local-login
password include system-local-login
-session optional pam_lastlog.so {{ debug|default('', true) }}
+session optional pam_lastlog.so {{ debug|default('', true) }}
session include system-local-login
^ permalink raw reply related [flat|nested] 26+ messages in thread
* [gentoo-commits] proj/pambase:master commit in: templates/
@ 2024-01-28 8:14 Sam James
0 siblings, 0 replies; 26+ messages in thread
From: Sam James @ 2024-01-28 8:14 UTC (permalink / raw
To: gentoo-commits
commit: f6e52e5b96c20426687bc8041b171c9b788d7910
Author: Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Sun Jan 28 08:14:35 2024 +0000
Commit: Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Sun Jan 28 08:14:35 2024 +0000
URL: https://gitweb.gentoo.org/proj/pambase.git/commit/?id=f6e52e5b
system-auth.tpl: fix sssd's pam_deny
Closes: https://bugs.gentoo.org/922918
Signed-off-by: Sam James <sam <AT> gentoo.org>
templates/system-auth.tpl | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/templates/system-auth.tpl b/templates/system-auth.tpl
index 4065e89..9a274a4 100644
--- a/templates/system-auth.tpl
+++ b/templates/system-auth.tpl
@@ -31,7 +31,7 @@ auth sufficient pam_sss.so forward_pass {{ debug|default('', true) }}
auth optional pam_cap.so
{% endif %}
{% if sssd %}
-auth sufficient pam_deny.so
+auth required pam_deny.so
{% endif %}
{% if krb5 %}
account [success=2 default=ignore] pam_krb5.so {{ krb5_params }}
^ permalink raw reply related [flat|nested] 26+ messages in thread
* [gentoo-commits] proj/pambase:master commit in: templates/
@ 2022-08-13 18:29 Sam James
0 siblings, 0 replies; 26+ messages in thread
From: Sam James @ 2022-08-13 18:29 UTC (permalink / raw
To: gentoo-commits
commit: f039f4766ce2b7cfc0ddec806805a4144534c99b
Author: Michael Jones <jonesmz <AT> jonesmz <DOT> com>
AuthorDate: Sat Aug 6 06:06:06 2022 +0000
Commit: Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Sat Aug 13 18:28:46 2022 +0000
URL: https://gitweb.gentoo.org/proj/pambase.git/commit/?id=f039f476
system-login.tpl: Fix whitespace
Closes: https://github.com/gentoo/pambase/pull/16
Signed-off-by: Sam James <sam <AT> gentoo.org>
templates/system-login.tpl | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/templates/system-login.tpl b/templates/system-login.tpl
index b4b74cf..0269296 100644
--- a/templates/system-login.tpl
+++ b/templates/system-login.tpl
@@ -4,11 +4,11 @@ auth include system-auth
account required pam_access.so {{ debug|default('', true) }}
account required pam_nologin.so
-account required pam_time.so
+account required pam_time.so
account include system-auth
password include system-auth
-session optional pam_loginuid.so
+session optional pam_loginuid.so
{% if selinux %}
session required pam_selinux.so close
{% endif %}
@@ -32,9 +32,9 @@ session optional pam_mail.so
{% endif %}
{% if systemd %}
--session optional pam_systemd.so
+-session optional pam_systemd.so
{% endif %}
{% if elogind %}
--session optional pam_elogind.so
+-session optional pam_elogind.so
{% endif %}
^ permalink raw reply related [flat|nested] 26+ messages in thread
* [gentoo-commits] proj/pambase:master commit in: templates/
@ 2022-08-13 18:29 Sam James
0 siblings, 0 replies; 26+ messages in thread
From: Sam James @ 2022-08-13 18:29 UTC (permalink / raw
To: gentoo-commits
commit: ce3e0c4f0648ce44cb239be043a85468b29c4b13
Author: Michael Jones <jonesmz <AT> users <DOT> noreply <DOT> github <DOT> com>
AuthorDate: Sat Aug 6 05:41:29 2022 +0000
Commit: Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Sat Aug 13 18:28:30 2022 +0000
URL: https://gitweb.gentoo.org/proj/pambase.git/commit/?id=ce3e0c4f
other.tpl: Fix whitespace
Closes: https://github.com/gentoo/pambase/pull/14
Signed-off-by: Sam James <sam <AT> gentoo.org>
templates/other.tpl | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/templates/other.tpl b/templates/other.tpl
index f3b7198..9544f8e 100644
--- a/templates/other.tpl
+++ b/templates/other.tpl
@@ -1,4 +1,4 @@
auth required pam_deny.so
account required pam_deny.so
-password required pam_deny.so
-session required pam_deny.so
+password required pam_deny.so
+session required pam_deny.so
^ permalink raw reply related [flat|nested] 26+ messages in thread
* [gentoo-commits] proj/pambase:master commit in: templates/
@ 2022-02-14 16:52 Sam James
0 siblings, 0 replies; 26+ messages in thread
From: Sam James @ 2022-02-14 16:52 UTC (permalink / raw
To: gentoo-commits
commit: dacde6da43a9c87f896b842946b514cd49db5dd3
Author: Alexandra Parker <alex.iris.parker <AT> gmail <DOT> com>
AuthorDate: Sat Feb 12 21:30:29 2022 +0000
Commit: Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Mon Feb 14 16:51:51 2022 +0000
URL: https://gitweb.gentoo.org/proj/pambase.git/commit/?id=dacde6da
homed: add before pam_unix
- --homed inserts pam_systemd_home before pam_unix
- --homed --krb5 does that and adjusts krb5's jump to 4 modules
Signed-off-by: Alexandra Parker <alex.iris.parker <AT> gmail.com>
Closes: https://bugs.gentoo.org/808993
Closes: https://github.com/gentoo/pambase/pull/9
Signed-off-by: Sam James <sam <AT> gentoo.org>
templates/system-auth.tpl | 8 +++-----
1 file changed, 3 insertions(+), 5 deletions(-)
diff --git a/templates/system-auth.tpl b/templates/system-auth.tpl
index 62344ff..9739b6f 100644
--- a/templates/system-auth.tpl
+++ b/templates/system-auth.tpl
@@ -4,16 +4,14 @@ auth sufficient pam_ssh.so
{% endif %}
{% if krb5 %}
-auth [success=3 default=ignore] pam_krb5.so {{ krb5_params }}
+auth [success={{ 4 if homed else 3 }} default=ignore] pam_krb5.so {{ krb5_params }}
{% endif %}
auth requisite pam_faillock.so preauth
{% if homed %}
-auth [success=2 default=ignore] pam_unix.so {{ nullok|default('', true) }} {{ debug|default('', true) }} try_first_pass
-auth [success=1 default=ignore] pam_systemd_home.so
-{% else %}
-auth [success=1 default=ignore] pam_unix.so {{ nullok|default('', true) }} {{ debug|default('', true) }} try_first_pass
+auth [success=2 default=ignore] pam_systemd_home.so
{% endif %}
+auth [success=1 default=ignore] pam_unix.so {{ nullok|default('', true) }} {{ debug|default('', true) }} try_first_pass
auth [default=die] pam_faillock.so authfail
{% if caps %}
^ permalink raw reply related [flat|nested] 26+ messages in thread
* [gentoo-commits] proj/pambase:master commit in: templates/
@ 2021-02-02 20:56 Sam James
0 siblings, 0 replies; 26+ messages in thread
From: Sam James @ 2021-02-02 20:56 UTC (permalink / raw
To: gentoo-commits
commit: c3471f99454e8d086e133beaaf28b129fb22fc40
Author: Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Tue Feb 2 15:50:25 2021 +0000
Commit: Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Tue Feb 2 15:50:25 2021 +0000
URL: https://gitweb.gentoo.org/proj/pambase.git/commit/?id=c3471f99
templates/system-auth.tpl: fix try_first_pass typo
Closes: https://github.com/gentoo/pambase/issues/6
Signed-off-by: Sam James <sam <AT> gentoo.org>
templates/system-auth.tpl | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/templates/system-auth.tpl b/templates/system-auth.tpl
index 1adee05..62344ff 100644
--- a/templates/system-auth.tpl
+++ b/templates/system-auth.tpl
@@ -12,7 +12,7 @@ auth requisite pam_faillock.so preauth
auth [success=2 default=ignore] pam_unix.so {{ nullok|default('', true) }} {{ debug|default('', true) }} try_first_pass
auth [success=1 default=ignore] pam_systemd_home.so
{% else %}
-auth [success=1 default=ignore] pam_unix.so {{ nullok|default('', true) }} {{ debug|default('', true) }} try_first_pas
+auth [success=1 default=ignore] pam_unix.so {{ nullok|default('', true) }} {{ debug|default('', true) }} try_first_pass
{% endif %}
auth [default=die] pam_faillock.so authfail
^ permalink raw reply related [flat|nested] 26+ messages in thread
* [gentoo-commits] proj/pambase:master commit in: templates/
@ 2020-12-20 17:53 Mikle Kolyada
0 siblings, 0 replies; 26+ messages in thread
From: Mikle Kolyada @ 2020-12-20 17:53 UTC (permalink / raw
To: gentoo-commits
commit: ee4f6b1a6b402ebdf3c5763d934f1aaa6b32e633
Author: Mikle KOlyada <zlogene <AT> gentoo <DOT> org>
AuthorDate: Sun Dec 20 17:52:38 2020 +0000
Commit: Mikle Kolyada <zlogene <AT> gentoo <DOT> org>
CommitDate: Sun Dec 20 17:52:38 2020 +0000
URL: https://gitweb.gentoo.org/proj/pambase.git/commit/?id=ee4f6b1a
system-login: add pam_time.so
Signed-off-by: Mikle KOlyada <zlogene <AT> gentoo.org>
templates/system-login.tpl | 1 +
1 file changed, 1 insertion(+)
diff --git a/templates/system-login.tpl b/templates/system-login.tpl
index 0c60bb6..b4b74cf 100644
--- a/templates/system-login.tpl
+++ b/templates/system-login.tpl
@@ -4,6 +4,7 @@ auth include system-auth
account required pam_access.so {{ debug|default('', true) }}
account required pam_nologin.so
+account required pam_time.so
account include system-auth
password include system-auth
^ permalink raw reply related [flat|nested] 26+ messages in thread
* [gentoo-commits] proj/pambase:master commit in: templates/
@ 2020-12-19 22:34 Mikle Kolyada
0 siblings, 0 replies; 26+ messages in thread
From: Mikle Kolyada @ 2020-12-19 22:34 UTC (permalink / raw
To: gentoo-commits
commit: b725e39af14b57b69a256818bc1c98f98122c6a1
Author: Mikle KOlyada <zlogene <AT> gentoo <DOT> org>
AuthorDate: Sat Dec 19 22:30:15 2020 +0000
Commit: Mikle Kolyada <zlogene <AT> gentoo <DOT> org>
CommitDate: Sat Dec 19 22:30:15 2020 +0000
URL: https://gitweb.gentoo.org/proj/pambase.git/commit/?id=b725e39a
strip pam_permit.so from system-auth
Signed-off-by: Mikle KOlyada <zlogene <AT> gentoo.org>
templates/system-auth.tpl | 4 ----
templates/system-session.tpl | 2 --
2 files changed, 6 deletions(-)
diff --git a/templates/system-auth.tpl b/templates/system-auth.tpl
index 19e08fa..01a29db 100644
--- a/templates/system-auth.tpl
+++ b/templates/system-auth.tpl
@@ -10,7 +10,6 @@ auth [success=3 default=ignore] pam_krb5.so {{ krb5_params }}
auth requisite pam_faillock.so preauth
auth [success=1 default=ignore] pam_unix.so {{ nullok|default('', true) }} {{ debug|default('', true) }} try_first_pass
auth [default=die] pam_faillock.so authfail
-auth optional pam_permit.so
{% if caps %}
-auth optional pam_cap.so
@@ -21,7 +20,6 @@ account [success=2 default=ignore] pam_krb5.so {{ krb5_params }}
{% endif %}
account required pam_unix.so {{ debug|default('', true) }}
account required pam_faillock.so
-account optional pam_permit.so
{% if passwdqc %}
password required pam_passwdqc.so config=/etc/security/passwdqc.conf
@@ -45,8 +43,6 @@ password required pam_unix.so try_first_pass {{ unix_authtok|default('', true) }
password required pam_unix.so try_first_pass {{ nullok|default('', true) }} {{ unix_extended_encryption|default('', true) }} {{ debug|default('', true) }}
{% endif %}
-password optional pam_permit.so
-
{% if pam_ssh %}
session optional pam_ssh.so
{% endif %}
diff --git a/templates/system-session.tpl b/templates/system-session.tpl
index ce3afa5..2a7024b 100644
--- a/templates/system-session.tpl
+++ b/templates/system-session.tpl
@@ -9,5 +9,3 @@ session [success=1 default=ignore] pam_krb5.so {{ krb5_params }}
{% endif %}
session required pam_unix.so {{ debug|default('', true) }}
-
-session optional pam_permit.so
^ permalink raw reply related [flat|nested] 26+ messages in thread
* [gentoo-commits] proj/pambase:master commit in: templates/
@ 2020-11-03 7:22 Sam James
0 siblings, 0 replies; 26+ messages in thread
From: Sam James @ 2020-11-03 7:22 UTC (permalink / raw
To: gentoo-commits
commit: 3f36e2c3de28b3cde25a27d05e49d354e098c368
Author: Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Tue Nov 3 07:19:16 2020 +0000
Commit: Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Tue Nov 3 07:19:16 2020 +0000
URL: https://gitweb.gentoo.org/proj/pambase.git/commit/?id=3f36e2c3
templates/system-auth.tpl: shift cap to be with other auth
Signed-off-by: Sam James <sam <AT> gentoo.org>
templates/system-auth.tpl | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/templates/system-auth.tpl b/templates/system-auth.tpl
index 4ff78e4..19e08fa 100644
--- a/templates/system-auth.tpl
+++ b/templates/system-auth.tpl
@@ -12,6 +12,10 @@ auth [success=1 default=ignore] pam_unix.so {{ nullok|default('', true) }} {{ d
auth [default=die] pam_faillock.so authfail
auth optional pam_permit.so
+{% if caps %}
+-auth optional pam_cap.so
+{% endif %}
+
{% if krb5 %}
account [success=2 default=ignore] pam_krb5.so {{ krb5_params }}
{% endif %}
@@ -47,8 +51,4 @@ password optional pam_permit.so
session optional pam_ssh.so
{% endif %}
-{% if caps %}
--auth optional pam_cap.so
-{% endif %}
-
{% include "templates/system-session.tpl" %}
^ permalink raw reply related [flat|nested] 26+ messages in thread
* [gentoo-commits] proj/pambase:master commit in: templates/
@ 2020-11-02 23:41 Sam James
0 siblings, 0 replies; 26+ messages in thread
From: Sam James @ 2020-11-02 23:41 UTC (permalink / raw
To: gentoo-commits
commit: daeb59effa26ace52bf699229a1bc22afe8808fd
Author: Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Mon Nov 2 23:38:12 2020 +0000
Commit: Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Mon Nov 2 23:39:38 2020 +0000
URL: https://gitweb.gentoo.org/proj/pambase.git/commit/?id=daeb59ef
templates/system-auth.tpl: fix pam_cap realm
This fixes the pam_cap realm which can only
be auth. This is a regression from old pre-rewrite
pambase.
It was however exposed by the fixing of an incorrect
module name (pam_libcap -> pam_cap) not long ago.
Bug: https://bugs.gentoo.org/751946
Signed-off-by: Sam James <sam <AT> gentoo.org>
templates/system-auth.tpl | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/templates/system-auth.tpl b/templates/system-auth.tpl
index 6964e05..2f2fe76 100644
--- a/templates/system-auth.tpl
+++ b/templates/system-auth.tpl
@@ -48,7 +48,7 @@ session optional pam_ssh.so
{% endif %}
{% if libcap %}
--session optional pam_cap.so
+-auth optional pam_cap.so
{% endif %}
{% include "templates/system-session.tpl" %}
^ permalink raw reply related [flat|nested] 26+ messages in thread
* [gentoo-commits] proj/pambase:master commit in: templates/
@ 2020-10-28 19:25 Mikle Kolyada
0 siblings, 0 replies; 26+ messages in thread
From: Mikle Kolyada @ 2020-10-28 19:25 UTC (permalink / raw
To: gentoo-commits
commit: de5f97873c345b69c44df5a9d06fcd69ee6c5ccf
Author: Mikle Kolyada <zlogene <AT> gentoo <DOT> org>
AuthorDate: Wed Oct 28 19:24:04 2020 +0000
Commit: Mikle Kolyada <zlogene <AT> gentoo <DOT> org>
CommitDate: Wed Oct 28 19:24:04 2020 +0000
URL: https://gitweb.gentoo.org/proj/pambase.git/commit/?id=de5f9787
fix number of jumps when pam_krb5 used
Signed-off-by: Mikle Kolyada <zlogene <AT> gentoo.org>
templates/system-auth.tpl | 2 +-
templates/system-login.tpl | 1 -
2 files changed, 1 insertion(+), 2 deletions(-)
diff --git a/templates/system-auth.tpl b/templates/system-auth.tpl
index 6edba8d..6964e05 100644
--- a/templates/system-auth.tpl
+++ b/templates/system-auth.tpl
@@ -4,7 +4,7 @@ auth sufficient pam_ssh.so
{% endif %}
{% if krb5 %}
-auth [success=4 default=ignore] pam_krb5.so {{ krb5_params }}
+auth [success=3 default=ignore] pam_krb5.so {{ krb5_params }}
{% endif %}
auth requisite pam_faillock.so preauth
diff --git a/templates/system-login.tpl b/templates/system-login.tpl
index 6a0d544..0c60bb6 100644
--- a/templates/system-login.tpl
+++ b/templates/system-login.tpl
@@ -5,7 +5,6 @@ auth include system-auth
account required pam_access.so {{ debug|default('', true) }}
account required pam_nologin.so
account include system-auth
-account required pam_faillock.so
password include system-auth
session optional pam_loginuid.so
^ permalink raw reply related [flat|nested] 26+ messages in thread
* [gentoo-commits] proj/pambase:master commit in: templates/
@ 2020-10-28 16:15 Mikle Kolyada
0 siblings, 0 replies; 26+ messages in thread
From: Mikle Kolyada @ 2020-10-28 16:15 UTC (permalink / raw
To: gentoo-commits
commit: 74b99b4462138ed6b496725b2499fb5d17ad9371
Author: Mikle Kolyada <zlogene <AT> gentoo <DOT> org>
AuthorDate: Wed Oct 28 16:07:21 2020 +0000
Commit: Mikle Kolyada <zlogene <AT> gentoo <DOT> org>
CommitDate: Wed Oct 28 16:13:35 2020 +0000
URL: https://gitweb.gentoo.org/proj/pambase.git/commit/?id=74b99b44
Do not use use_authtok if no passwd module was stacked
Signed-off-by: Mikle Kolyada <zlogene <AT> gentoo.org>
templates/system-auth.tpl | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/templates/system-auth.tpl b/templates/system-auth.tpl
index 2ffd7ea..6edba8d 100644
--- a/templates/system-auth.tpl
+++ b/templates/system-auth.tpl
@@ -35,7 +35,12 @@ password required pam_pwhistory.so use_authtok remember=5 retry=3
password [success=1 default=ignore] pam_krb5.so {{ krb5_params }}
{% endif %}
+{% if passwdqc or pwquality %}
password required pam_unix.so try_first_pass {{ unix_authtok|default('', true) }} {{ nullok|default('', true) }} {{ unix_extended_encryption|default('', true) }} {{ debug|default('', true) }}
+{% else %}
+password required pam_unix.so try_first_pass {{ nullok|default('', true) }} {{ unix_extended_encryption|default('', true) }} {{ debug|default('', true) }}
+{% endif %}
+
password optional pam_permit.so
{% if pam_ssh %}
^ permalink raw reply related [flat|nested] 26+ messages in thread
* [gentoo-commits] proj/pambase:master commit in: templates/
@ 2020-10-26 22:49 Sam James
0 siblings, 0 replies; 26+ messages in thread
From: Sam James @ 2020-10-26 22:49 UTC (permalink / raw
To: gentoo-commits
commit: 473b931a56c9387cc6a1e1eddef2260fc9f3896f
Author: Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Mon Oct 26 08:33:23 2020 +0000
Commit: Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Mon Oct 26 21:14:00 2020 +0000
URL: https://gitweb.gentoo.org/proj/pambase.git/commit/?id=473b931a
templates/system-login.tpl: always need faillock
Fixes: eb138196aa2d3cb860d5eb5ab1d05985df34ad2c
Signed-off-by: Sam James <sam <AT> gentoo.org>
templates/system-auth.tpl | 2 --
templates/system-login.tpl | 2 --
2 files changed, 4 deletions(-)
diff --git a/templates/system-auth.tpl b/templates/system-auth.tpl
index faf18ee..8b61701 100644
--- a/templates/system-auth.tpl
+++ b/templates/system-auth.tpl
@@ -17,9 +17,7 @@ account [success=1 default=ignore] pam_krb5.so {{ krb5_params }}
{% endif %}
account required pam_unix.so {{ debug|default('', true) }}
account optional pam_permit.so
-{% if not minimal %}
account required pam_faillock.so
-{% endif %}
{% if passwdqc %}
password required pam_passwdqc.so config=/etc/security/passwdqc.conf
diff --git a/templates/system-login.tpl b/templates/system-login.tpl
index 889c2d7..6a0d544 100644
--- a/templates/system-login.tpl
+++ b/templates/system-login.tpl
@@ -5,9 +5,7 @@ auth include system-auth
account required pam_access.so {{ debug|default('', true) }}
account required pam_nologin.so
account include system-auth
-{% if not minimal %}
account required pam_faillock.so
-{% endif %}
password include system-auth
session optional pam_loginuid.so
^ permalink raw reply related [flat|nested] 26+ messages in thread
* [gentoo-commits] proj/pambase:master commit in: templates/
@ 2020-10-26 22:49 Sam James
0 siblings, 0 replies; 26+ messages in thread
From: Sam James @ 2020-10-26 22:49 UTC (permalink / raw
To: gentoo-commits
commit: 99919c4b2b59af27e7ad1daa6fbe8c614a8463c0
Author: Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Mon Oct 26 08:32:29 2020 +0000
Commit: Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Mon Oct 26 22:48:06 2020 +0000
URL: https://gitweb.gentoo.org/proj/pambase.git/commit/?id=99919c4b
templates/system-auth.tpl: skip pam_unix with krb5
Before this change, success on pam_krb5 would result in jumping
one line (over pam_permit) back into pam_unix.
Incidentally, we did the later stanza correctly. This was a regression
from old pambase.
Bug: https://bugs.gentoo.org/748405
Signed-off-by: Sam James <sam <AT> gentoo.org>
templates/system-auth.tpl | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/templates/system-auth.tpl b/templates/system-auth.tpl
index 8b61701..668303f 100644
--- a/templates/system-auth.tpl
+++ b/templates/system-auth.tpl
@@ -4,20 +4,20 @@ auth sufficient pam_ssh.so
{% endif %}
{% if krb5 %}
-auth [success=1 default=ignore] pam_krb5.so {{ krb5_params }}
+auth [success=4 default=ignore] pam_krb5.so {{ krb5_params }}
{% endif %}
-auth optional pam_permit.so
auth requisite pam_faillock.so preauth
auth [success=1 default=ignore] pam_unix.so {{ nullok|default('', true) }} {{ debug|default('', true) }} try_first_pass
auth [default=die] pam_faillock.so authfail
+auth optional pam_permit.so
{% if krb5 %}
-account [success=1 default=ignore] pam_krb5.so {{ krb5_params }}
+account [success=2 default=ignore] pam_krb5.so {{ krb5_params }}
{% endif %}
account required pam_unix.so {{ debug|default('', true) }}
-account optional pam_permit.so
account required pam_faillock.so
+account optional pam_permit.so
{% if passwdqc %}
password required pam_passwdqc.so config=/etc/security/passwdqc.conf
^ permalink raw reply related [flat|nested] 26+ messages in thread
* [gentoo-commits] proj/pambase:master commit in: templates/
@ 2020-10-26 22:49 Sam James
0 siblings, 0 replies; 26+ messages in thread
From: Sam James @ 2020-10-26 22:49 UTC (permalink / raw
To: gentoo-commits
commit: 47a7d6f7477ac279b271babd970d2b4b6839fdb5
Author: Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Mon Oct 26 21:15:18 2020 +0000
Commit: Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Mon Oct 26 22:48:39 2020 +0000
URL: https://gitweb.gentoo.org/proj/pambase.git/commit/?id=47a7d6f7
templates/system-auth.tpl: fix libcap module name
Bug: https://bugs.gentoo.org/750524
Signed-off-by: Sam James <sam <AT> gentoo.org>
templates/system-auth.tpl | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/templates/system-auth.tpl b/templates/system-auth.tpl
index 668303f..2ffd7ea 100644
--- a/templates/system-auth.tpl
+++ b/templates/system-auth.tpl
@@ -43,7 +43,7 @@ session optional pam_ssh.so
{% endif %}
{% if libcap %}
--session optional pam_libcap.so
+-session optional pam_cap.so
{% endif %}
{% include "templates/system-session.tpl" %}
^ permalink raw reply related [flat|nested] 26+ messages in thread
* [gentoo-commits] proj/pambase:master commit in: templates/
@ 2020-10-20 2:38 Sam James
0 siblings, 0 replies; 26+ messages in thread
From: Sam James @ 2020-10-20 2:38 UTC (permalink / raw
To: gentoo-commits
commit: eb138196aa2d3cb860d5eb5ab1d05985df34ad2c
Author: Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Tue Oct 20 02:32:28 2020 +0000
Commit: Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Tue Oct 20 02:38:20 2020 +0000
URL: https://gitweb.gentoo.org/proj/pambase.git/commit/?id=eb138196
templates/system-auth.tpl: use faillock in minimal case
Bug: https://bugs.gentoo.org/748405
Signed-off-by: Sam James <sam <AT> gentoo.org>
templates/system-auth.tpl | 7 ++-----
1 file changed, 2 insertions(+), 5 deletions(-)
diff --git a/templates/system-auth.tpl b/templates/system-auth.tpl
index bc28468..faf18ee 100644
--- a/templates/system-auth.tpl
+++ b/templates/system-auth.tpl
@@ -7,13 +7,10 @@ auth sufficient pam_ssh.so
auth [success=1 default=ignore] pam_krb5.so {{ krb5_params }}
{% endif %}
-auth required pam_unix.so try_first_pass {{ likeauth }} {{ nullok|default('', true) }} {{ debug|default('', true) }}
auth optional pam_permit.so
-{% if not minimal %}
-auth required pam_faillock.so preauth
-auth sufficient pam_unix.so nullok try_first_pass
+auth requisite pam_faillock.so preauth
+auth [success=1 default=ignore] pam_unix.so {{ nullok|default('', true) }} {{ debug|default('', true) }} try_first_pass
auth [default=die] pam_faillock.so authfail
-{% endif %}
{% if krb5 %}
account [success=1 default=ignore] pam_krb5.so {{ krb5_params }}
^ permalink raw reply related [flat|nested] 26+ messages in thread
* [gentoo-commits] proj/pambase:master commit in: templates/
@ 2020-10-12 17:30 Sam James
0 siblings, 0 replies; 26+ messages in thread
From: Sam James @ 2020-10-12 17:30 UTC (permalink / raw
To: gentoo-commits
commit: e0835e729bcf04f501d4610cf3925ec41b37c5f5
Author: Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Mon Oct 12 17:30:18 2020 +0000
Commit: Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Mon Oct 12 17:30:18 2020 +0000
URL: https://gitweb.gentoo.org/proj/pambase.git/commit/?id=e0835e72
templates/system-auth.tpl: drop superfluous conf param on faillock
pam_faillock defaults to /etc/security/faillock.conf anyway.
Closes: https://bugs.gentoo.org/747967
Signed-off-by: Sam James <sam <AT> gentoo.org>
templates/system-auth.tpl | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/templates/system-auth.tpl b/templates/system-auth.tpl
index 557da9b..bc28468 100644
--- a/templates/system-auth.tpl
+++ b/templates/system-auth.tpl
@@ -10,7 +10,7 @@ auth [success=1 default=ignore] pam_krb5.so {{ krb5_params }}
auth required pam_unix.so try_first_pass {{ likeauth }} {{ nullok|default('', true) }} {{ debug|default('', true) }}
auth optional pam_permit.so
{% if not minimal %}
-auth required pam_faillock.so preauth conf=/etc/security/faillock.conf
+auth required pam_faillock.so preauth
auth sufficient pam_unix.so nullok try_first_pass
auth [default=die] pam_faillock.so authfail
{% endif %}
^ permalink raw reply related [flat|nested] 26+ messages in thread
* [gentoo-commits] proj/pambase:master commit in: templates/
@ 2020-10-12 15:32 Sam James
0 siblings, 0 replies; 26+ messages in thread
From: Sam James @ 2020-10-12 15:32 UTC (permalink / raw
To: gentoo-commits
commit: abca630446236ddf83c7686ca8742b305bf8a050
Author: Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Mon Oct 12 15:30:28 2020 +0000
Commit: Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Mon Oct 12 15:30:28 2020 +0000
URL: https://gitweb.gentoo.org/proj/pambase.git/commit/?id=abca6304
templates/system-login.tpl: remove duplicate block already in system-auth
Do it right this time!
Signed-off-by: Sam James <sam <AT> gentoo.org>
templates/system-auth.tpl | 5 +++++
templates/system-login.tpl | 6 ------
2 files changed, 5 insertions(+), 6 deletions(-)
diff --git a/templates/system-auth.tpl b/templates/system-auth.tpl
index 11319d6..557da9b 100644
--- a/templates/system-auth.tpl
+++ b/templates/system-auth.tpl
@@ -9,6 +9,11 @@ auth [success=1 default=ignore] pam_krb5.so {{ krb5_params }}
auth required pam_unix.so try_first_pass {{ likeauth }} {{ nullok|default('', true) }} {{ debug|default('', true) }}
auth optional pam_permit.so
+{% if not minimal %}
+auth required pam_faillock.so preauth conf=/etc/security/faillock.conf
+auth sufficient pam_unix.so nullok try_first_pass
+auth [default=die] pam_faillock.so authfail
+{% endif %}
{% if krb5 %}
account [success=1 default=ignore] pam_krb5.so {{ krb5_params }}
diff --git a/templates/system-login.tpl b/templates/system-login.tpl
index 25843f5..889c2d7 100644
--- a/templates/system-login.tpl
+++ b/templates/system-login.tpl
@@ -2,12 +2,6 @@ auth required pam_shells.so {{ debug|default('', true) }}
auth required pam_nologin.so
auth include system-auth
-{% if not minimal %}
-auth required pam_faillock.so preauth conf=/etc/security/faillock.conf
-auth sufficient pam_unix.so nullok try_first_pass
-auth [default=die] pam_faillock.so authfail
-{% endif %}
-
account required pam_access.so {{ debug|default('', true) }}
account required pam_nologin.so
account include system-auth
^ permalink raw reply related [flat|nested] 26+ messages in thread
* [gentoo-commits] proj/pambase:master commit in: templates/
@ 2020-10-12 15:28 Sam James
0 siblings, 0 replies; 26+ messages in thread
From: Sam James @ 2020-10-12 15:28 UTC (permalink / raw
To: gentoo-commits
commit: 37a3f41da6fa3136c46c9d76a18ad36f4f680303
Author: Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Sun Oct 11 20:57:19 2020 +0000
Commit: Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Mon Oct 12 14:32:12 2020 +0000
URL: https://gitweb.gentoo.org/proj/pambase.git/commit/?id=37a3f41d
templates/system-login.tpl: move systemd, elogind blocks here
Signed-off-by: Sam James <sam <AT> gentoo.org>
templates/system-auth.tpl | 8 --------
templates/system-login.tpl | 8 ++++++++
2 files changed, 8 insertions(+), 8 deletions(-)
diff --git a/templates/system-auth.tpl b/templates/system-auth.tpl
index 46fc131..f8484f1 100644
--- a/templates/system-auth.tpl
+++ b/templates/system-auth.tpl
@@ -47,14 +47,6 @@ password optional pam_permit.so
session optional pam_ssh.so
{% endif %}
-{% if systemd %}
--session optional pam_systemd.so
-{% endif %}
-
-{% if elogind %}
--session optional pam_elogind.so
-{% endif %}
-
{% if libcap %}
-session optional pam_libcap.so
{% endif %}
diff --git a/templates/system-login.tpl b/templates/system-login.tpl
index 99801a1..889c2d7 100644
--- a/templates/system-login.tpl
+++ b/templates/system-login.tpl
@@ -32,3 +32,11 @@ session optional pam_motd.so motd=/etc/motd
{% if not minimal %}
session optional pam_mail.so
{% endif %}
+
+{% if systemd %}
+-session optional pam_systemd.so
+{% endif %}
+
+{% if elogind %}
+-session optional pam_elogind.so
+{% endif %}
^ permalink raw reply related [flat|nested] 26+ messages in thread
* [gentoo-commits] proj/pambase:master commit in: templates/
@ 2020-10-12 15:28 Sam James
0 siblings, 0 replies; 26+ messages in thread
From: Sam James @ 2020-10-12 15:28 UTC (permalink / raw
To: gentoo-commits
commit: 949722adbb7187b68f392164865a964610221604
Author: Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Sun Oct 11 20:48:41 2020 +0000
Commit: Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Mon Oct 12 14:32:12 2020 +0000
URL: https://gitweb.gentoo.org/proj/pambase.git/commit/?id=949722ad
templates/system-session.tpl: include pam_krb5.so module name
Signed-off-by: Sam James <sam <AT> gentoo.org>
templates/system-session.tpl | 5 +----
1 file changed, 1 insertion(+), 4 deletions(-)
diff --git a/templates/system-session.tpl b/templates/system-session.tpl
index 1538429..ce3afa5 100644
--- a/templates/system-session.tpl
+++ b/templates/system-session.tpl
@@ -5,12 +5,9 @@ session optional pam_mktemp.so
{% endif %}
{%if krb5 %}
-session [success=1 default=ignore] {{ krb5_params }}
+session [success=1 default=ignore] pam_krb5.so {{ krb5_params }}
{% endif %}
session required pam_unix.so {{ debug|default('', true) }}
-{%if krb5 %}
-session [success=1 default=ignore] {{ krb5_params }}
-{% endif %}
session optional pam_permit.so
^ permalink raw reply related [flat|nested] 26+ messages in thread
* [gentoo-commits] proj/pambase:master commit in: templates/
@ 2020-10-12 15:28 Sam James
0 siblings, 0 replies; 26+ messages in thread
From: Sam James @ 2020-10-12 15:28 UTC (permalink / raw
To: gentoo-commits
commit: da499cca70c5e77c851c5f75440df188fe2eeabe
Author: Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Sun Oct 11 20:55:39 2020 +0000
Commit: Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Mon Oct 12 14:32:12 2020 +0000
URL: https://gitweb.gentoo.org/proj/pambase.git/commit/?id=da499cca
templates/system-login.tpl: remove duplicate block from system-auth
Bug: https://bugs.gentoo.org/747868
Signed-off-by: Sam James <sam <AT> gentoo.org>
templates/system-login.tpl | 5 -----
1 file changed, 5 deletions(-)
diff --git a/templates/system-login.tpl b/templates/system-login.tpl
index d51481b..99801a1 100644
--- a/templates/system-login.tpl
+++ b/templates/system-login.tpl
@@ -1,11 +1,6 @@
auth required pam_shells.so {{ debug|default('', true) }}
auth required pam_nologin.so
auth include system-auth
-{% if not minimal %}
-auth required pam_faillock.so preauth silent audit deny=3 unlock_time=600
-auth sufficient pam_unix.so nullok try_first_pass
-auth [default=die] pam_faillock.so authfail audit deny=3 unlock_time=600
-{% endif %}
account required pam_access.so {{ debug|default('', true) }}
account required pam_nologin.so
^ permalink raw reply related [flat|nested] 26+ messages in thread
* [gentoo-commits] proj/pambase:master commit in: templates/
@ 2020-10-10 15:40 Mikle Kolyada
0 siblings, 0 replies; 26+ messages in thread
From: Mikle Kolyada @ 2020-10-10 15:40 UTC (permalink / raw
To: gentoo-commits
commit: b54edff3a6724bba19fd803042909cc448d169fd
Author: Mikle Kolyada <zlogene <AT> gentoo <DOT> org>
AuthorDate: Sat Oct 10 15:35:39 2020 +0000
Commit: Mikle Kolyada <zlogene <AT> gentoo <DOT> org>
CommitDate: Sat Oct 10 15:37:14 2020 +0000
URL: https://gitweb.gentoo.org/proj/pambase.git/commit/?id=b54edff3
switch pam_faillock.so to its config file
Signed-off-by: Mikle Kolyada <zlogene <AT> gentoo.org>
templates/system-auth.tpl | 4 ++--
templates/system-login.tpl | 4 ++--
2 files changed, 4 insertions(+), 4 deletions(-)
diff --git a/templates/system-auth.tpl b/templates/system-auth.tpl
index 46fc131..1bb53ae 100644
--- a/templates/system-auth.tpl
+++ b/templates/system-auth.tpl
@@ -10,9 +10,9 @@ auth [success=1 default=ignore] pam_krb5.so {{ krb5_params }}
auth required pam_unix.so try_first_pass {{ likeauth }} {{ nullok|default('', true) }} {{ debug|default('', true) }}
auth optional pam_permit.so
{% if not minimal %}
-auth required pam_faillock.so preauth silent audit deny=3 unlock_time=600
+auth required pam_faillock.so preauth conf=/etc/security/faillock.conf
auth sufficient pam_unix.so {{ nullok|default('', true) }} try_first_pass
-auth [default=die] pam_faillock.so authfail audit deny=3 unlock_time=600
+auth [default=die] pam_faillock.so authfail
{% endif %}
{% if krb5 %}
diff --git a/templates/system-login.tpl b/templates/system-login.tpl
index d51481b..bb4f093 100644
--- a/templates/system-login.tpl
+++ b/templates/system-login.tpl
@@ -2,9 +2,9 @@ auth required pam_shells.so {{ debug|default('', true) }}
auth required pam_nologin.so
auth include system-auth
{% if not minimal %}
-auth required pam_faillock.so preauth silent audit deny=3 unlock_time=600
+auth required pam_faillock.so preauth conf=/etc/security/faillock.conf
auth sufficient pam_unix.so nullok try_first_pass
-auth [default=die] pam_faillock.so authfail audit deny=3 unlock_time=600
+auth [default=die] pam_faillock.so authfail
{% endif %}
account required pam_access.so {{ debug|default('', true) }}
^ permalink raw reply related [flat|nested] 26+ messages in thread
* [gentoo-commits] proj/pambase:master commit in: templates/
@ 2020-09-09 16:36 Mikle Kolyada
0 siblings, 0 replies; 26+ messages in thread
From: Mikle Kolyada @ 2020-09-09 16:36 UTC (permalink / raw
To: gentoo-commits
commit: 1b7c7f7678a6402a0b0aec80b3883fd98516be4e
Author: Mikle Kolyada <zlogene <AT> gentoo <DOT> org>
AuthorDate: Wed Sep 9 16:32:10 2020 +0000
Commit: Mikle Kolyada <zlogene <AT> gentoo <DOT> org>
CommitDate: Wed Sep 9 16:32:10 2020 +0000
URL: https://gitweb.gentoo.org/proj/pambase.git/commit/?id=1b7c7f76
system-auth: switch password modules to configs
* pam_passwdqc.so can by managed by the /etc/security/passwdqc.conf
* pam_pwquality.so can be managed by the /etc/security/pwquality.conf
Both allow users to create their own password polices without touching
files in the /etc/pam.d directory
Signed-off-by: Mikle Kolyada <zlogene <AT> gentoo.org>
templates/system-auth.tpl | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/templates/system-auth.tpl b/templates/system-auth.tpl
index 69cc472..0381e66 100644
--- a/templates/system-auth.tpl
+++ b/templates/system-auth.tpl
@@ -25,11 +25,11 @@ account required pam_faillock.so
{% endif %}
{% if passwdqc %}
-password required pam_passwdqc.so min=8,8,8,8,8 retry=3
+password required pam_passwdqc.so config=/etc/security/passwdqc.conf
{% endif %}
{% if pwquality %}
-password required pam_pwquality.so retry=3 minlen=8 lcredit=2 ucredit=2 dcredit=2 ocredit=2 difok=3 enforce_for_root
+password required pam_pwquality.so
{% endif %}
{% if krb5 %}
^ permalink raw reply related [flat|nested] 26+ messages in thread
* [gentoo-commits] proj/pambase:master commit in: templates/
@ 2020-08-05 6:10 Sam James
0 siblings, 0 replies; 26+ messages in thread
From: Sam James @ 2020-08-05 6:10 UTC (permalink / raw
To: gentoo-commits
commit: 4e5e41c2e5607a298f30f679aa7ba8c4994033e3
Author: Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Wed Aug 5 06:10:02 2020 +0000
Commit: Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Wed Aug 5 06:10:16 2020 +0000
URL: https://gitweb.gentoo.org/proj/pambase.git/commit/?id=4e5e41c2
templates/*: remove unnecessary strips
Now obsolete as of 732fb3bbfd7d007fdca78dd4587f1a7bd34bfa6c.
Signed-off-by: Sam James <sam <AT> gentoo.org>
templates/login.tpl | 4 ++--
templates/system-auth.tpl | 44 ++++++++++++++++++++++----------------------
templates/system-login.tpl | 28 ++++++++++++++--------------
templates/system-session.tpl | 12 ++++++------
4 files changed, 44 insertions(+), 44 deletions(-)
diff --git a/templates/login.tpl b/templates/login.tpl
index 7476cb7..23e262a 100644
--- a/templates/login.tpl
+++ b/templates/login.tpl
@@ -1,6 +1,6 @@
-{% if securetty -%}
+{% if securetty %}
auth required pam_securetty.so
-{% endif -%}
+{% endif %}
auth include system-local-login
account include system-local-login
diff --git a/templates/system-auth.tpl b/templates/system-auth.tpl
index e8a6d91..298e45c 100644
--- a/templates/system-auth.tpl
+++ b/templates/system-auth.tpl
@@ -1,54 +1,54 @@
auth required pam_env.so {{ debug|default('', true) }}
-{% if pam_ssh -%}
+{% if pam_ssh %}
auth sufficient pam_ssh.so
-{% endif -%}
+{% endif %}
-{% if krb5 -%}
+{% if krb5 %}
auth [success=1 default=ignore] pam_krb5.so {{ krb5_params }}
-{% endif -%}
+{% endif %}
auth required pam_unix.so try_first_pass {{ likeauth }} {{ nullok|default('', true) }} {{ debug|default('', true) }}
auth optional pam_permit.so
-{% if not minimal -%}
+{% if not minimal %}
auth required pam_faillock.so preauth silent audit deny=3 unlock_time=600
auth sufficient pam_unix.so {{ nullok|default('', true) }} try_first_pass
auth [default=die] pam_faillock.so authfail audit deny=3 unlock_time=600
-{% endif -%}
+{% endif %}
-{% if krb5 -%}
+{% if krb5 %}
account [success=1 default=ignore] pam_krb5.so {{ krb5_params }}
-{% endif -%}
+{% endif %}
account required pam_unix.so {{ debug|default('', true) }}
account optional pam_permit.so
-{% if not minimal -%}
+{% if not minimal %}
account required pam_faillock.so
-{% endif -%}
+{% endif %}
-{% if passwdqc -%}
+{% if passwdqc %}
password required pam_passwdqc.so min=8,8,8,8,8 retry=3
-{% endif -%}
+{% endif %}
-{% if krb5 -%}
+{% if krb5 %}
password [success=1 default=ignore] pam_krb5.so {{ krb5_params }}
-{% endif -%}
+{% endif %}
password required pam_unix.so try_first_pass {{ unix_authtok|default('', true) }} {{ nullok|default('', true) }} {{ unix_extended_encryption|default('', true) }} {{ debug|default('', true) }}
password optional pam_permit.so
-{%- if pam_ssh %}
+{% if pam_ssh %}
session optional pam_ssh.so
-{% endif -%}
+{% endif %}
-{% if systemd -%}
+{% if systemd %}
-session optional pam_systemd.so
-{% endif -%}
+{% endif %}
-{% if elogind -%}
+{% if elogind %}
-session optional pam_elogind.so
-{% endif -%}
+{% endif %}
-{% if libcap -%}
+{% if libcap %}
-session optional pam_libcap.so
-{% endif -%}
+{% endif %}
{% include "templates/system-session.tpl" %}
diff --git a/templates/system-login.tpl b/templates/system-login.tpl
index d8df530..d51481b 100644
--- a/templates/system-login.tpl
+++ b/templates/system-login.tpl
@@ -1,39 +1,39 @@
auth required pam_shells.so {{ debug|default('', true) }}
auth required pam_nologin.so
auth include system-auth
-{% if not minimal -%}
+{% if not minimal %}
auth required pam_faillock.so preauth silent audit deny=3 unlock_time=600
auth sufficient pam_unix.so nullok try_first_pass
auth [default=die] pam_faillock.so authfail audit deny=3 unlock_time=600
-{% endif -%}
+{% endif %}
account required pam_access.so {{ debug|default('', true) }}
account required pam_nologin.so
account include system-auth
-{% if not minimal -%}
+{% if not minimal %}
account required pam_faillock.so
-{% endif -%}
+{% endif %}
password include system-auth
session optional pam_loginuid.so
-{% if selinux -%}
+{% if selinux %}
session required pam_selinux.so close
-{% endif -%}
+{% endif %}
session required pam_env.so envfile=/etc/profile.env {{ debug|default('', true) }}
-{% if not minimal -%}
+{% if not minimal %}
session optional pam_lastlog.so silent {{ debug|default('', true) }}
-{% endif -%}
+{% endif %}
session include system-auth
-{% if selinux -%}
+{% if selinux %}
# Note: modules that run in the user's context must come after this line.
session required pam_selinux.so multiple open
-{% endif -%}
+{% endif %}
-{% if not minimal -%}
+{% if not minimal %}
session optional pam_motd.so motd=/etc/motd
-{% endif -%}
+{% endif %}
-{% if not minimal -%}
+{% if not minimal %}
session optional pam_mail.so
-{% endif -%}
+{% endif %}
diff --git a/templates/system-session.tpl b/templates/system-session.tpl
index f2622a8..1538429 100644
--- a/templates/system-session.tpl
+++ b/templates/system-session.tpl
@@ -1,16 +1,16 @@
session required pam_limits.so {{ debug|default('', true) }}
session required pam_env.so {{ debug|default('', true) }}
-{% if mktemp -%}
+{% if mktemp %}
session optional pam_mktemp.so
-{% endif -%}
+{% endif %}
-{%if krb5 -%}
+{%if krb5 %}
session [success=1 default=ignore] {{ krb5_params }}
-{% endif -%}
+{% endif %}
session required pam_unix.so {{ debug|default('', true) }}
-{%if krb5 -%}
+{%if krb5 %}
session [success=1 default=ignore] {{ krb5_params }}
-{% endif -%}
+{% endif %}
session optional pam_permit.so
^ permalink raw reply related [flat|nested] 26+ messages in thread
* [gentoo-commits] proj/pambase:master commit in: templates/
@ 2020-08-04 13:36 Mikle Kolyada
0 siblings, 0 replies; 26+ messages in thread
From: Mikle Kolyada @ 2020-08-04 13:36 UTC (permalink / raw
To: gentoo-commits
commit: acd1f9046c8d79ba5e232043131f6c9842d357e7
Author: Mikle Kolyada <zlogene <AT> gentoo <DOT> org>
AuthorDate: Tue Aug 4 13:35:41 2020 +0000
Commit: Mikle Kolyada <zlogene <AT> gentoo <DOT> org>
CommitDate: Tue Aug 4 13:35:41 2020 +0000
URL: https://gitweb.gentoo.org/proj/pambase.git/commit/?id=acd1f904
fix pam_ssh formatting
Signed-off-by: Mikle Kolyada <zlogene <AT> gentoo.org>
templates/system-auth.tpl | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/templates/system-auth.tpl b/templates/system-auth.tpl
index 13f5c0d..e8a6d91 100644
--- a/templates/system-auth.tpl
+++ b/templates/system-auth.tpl
@@ -35,7 +35,7 @@ password [success=1 default=ignore] pam_krb5.so {{ krb5_params }}
password required pam_unix.so try_first_pass {{ unix_authtok|default('', true) }} {{ nullok|default('', true) }} {{ unix_extended_encryption|default('', true) }} {{ debug|default('', true) }}
password optional pam_permit.so
-{%- if pam_ssh -%}
+{%- if pam_ssh %}
session optional pam_ssh.so
{% endif -%}
^ permalink raw reply related [flat|nested] 26+ messages in thread
* [gentoo-commits] proj/pambase:master commit in: templates/
@ 2020-08-04 12:41 Mikle Kolyada
0 siblings, 0 replies; 26+ messages in thread
From: Mikle Kolyada @ 2020-08-04 12:41 UTC (permalink / raw
To: gentoo-commits
commit: 7f7b677eca0487d304e114714890feadae06b9a2
Author: Mikle Kolyada <zlogene <AT> gentoo <DOT> org>
AuthorDate: Tue Aug 4 12:41:04 2020 +0000
Commit: Mikle Kolyada <zlogene <AT> gentoo <DOT> org>
CommitDate: Tue Aug 4 12:41:04 2020 +0000
URL: https://gitweb.gentoo.org/proj/pambase.git/commit/?id=7f7b677e
fix a typo in logic
Signed-off-by: Mikle Kolyada <zlogene <AT> gentoo.org>
templates/system-login.tpl | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/templates/system-login.tpl b/templates/system-login.tpl
index 2f404bc..d8df530 100644
--- a/templates/system-login.tpl
+++ b/templates/system-login.tpl
@@ -21,7 +21,7 @@ session required pam_selinux.so close
{% endif -%}
session required pam_env.so envfile=/etc/profile.env {{ debug|default('', true) }}
-{% if not miniaml -%}
+{% if not minimal -%}
session optional pam_lastlog.so silent {{ debug|default('', true) }}
{% endif -%}
session include system-auth
^ permalink raw reply related [flat|nested] 26+ messages in thread
end of thread, other threads:[~2024-01-28 8:14 UTC | newest]
Thread overview: 26+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2022-08-13 18:29 [gentoo-commits] proj/pambase:master commit in: templates/ Sam James
-- strict thread matches above, loose matches on Subject: below --
2024-01-28 8:14 Sam James
2022-08-13 18:29 Sam James
2022-08-13 18:29 Sam James
2022-02-14 16:52 Sam James
2021-02-02 20:56 Sam James
2020-12-20 17:53 Mikle Kolyada
2020-12-19 22:34 Mikle Kolyada
2020-11-03 7:22 Sam James
2020-11-02 23:41 Sam James
2020-10-28 19:25 Mikle Kolyada
2020-10-28 16:15 Mikle Kolyada
2020-10-26 22:49 Sam James
2020-10-26 22:49 Sam James
2020-10-26 22:49 Sam James
2020-10-20 2:38 Sam James
2020-10-12 17:30 Sam James
2020-10-12 15:32 Sam James
2020-10-12 15:28 Sam James
2020-10-12 15:28 Sam James
2020-10-12 15:28 Sam James
2020-10-10 15:40 Mikle Kolyada
2020-09-09 16:36 Mikle Kolyada
2020-08-05 6:10 Sam James
2020-08-04 13:36 Mikle Kolyada
2020-08-04 12:41 Mikle Kolyada
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox