Send patches - preferably formatted by git format-patch - to patches at archlinux32 dot org.
summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAndreas Baumann <mail@andreasbaumann.cc>2022-11-02 17:36:28 +0100
committerAndreas Baumann <mail@andreasbaumann.cc>2022-11-02 17:36:28 +0100
commit17d7c30814b6835c0707b66ddf895100482296da (patch)
treeb148eb768aa45502925ed2186d34b961be00a7da
parent1afcc9f0ff8c5307267dbf30fe34070cbe379eca (diff)
also have a non-systemd system-auth for pamHEADmaster
Diffstat
-rwxr-xr-xiso/mkarchiso4861
-rw-r--r--iso/system-auth27
-rw-r--r--iso/system-login4
3 files changed, 30 insertions, 2 deletions
diff --git a/iso/mkarchiso486 b/iso/mkarchiso486
index 4b56ca6..fc4e3ef 100755
--- a/iso/mkarchiso486
+++ b/iso/mkarchiso486
@@ -73,6 +73,7 @@ chmod 0400 "$ROOTFS"/etc/ssh/ssh_host_*_key
cp $BASE/motd "$ROOTFS"/etc/motd
linux32 arch-chroot "$ROOTMNT" /bin/bash -c 'echo "root:arch" | /usr/bin/chpasswd'
cp $BASE/system-login "$ROOTMNT"/etc/pam.d/system-login
+cp $BASE/system-auth "$ROOTMNT"/etc/pam.d/system-auth
echo "Installining syslinux (isolinux).."
if test ! -d "$ROOTFS/isolinux"; then
diff --git a/iso/system-auth b/iso/system-auth
new file mode 100644
index 0000000..0d39434
--- /dev/null
+++ b/iso/system-auth
@@ -0,0 +1,27 @@
+#%PAM-1.0
+
+auth required pam_faillock.so preauth
+# Optionally use requisite above if you do not want to prompt for the password
+# on locked accounts.
+#-auth [success=2 default=ignore] pam_systemd_home.so
+auth [success=1 default=bad] pam_unix.so try_first_pass nullok
+auth [default=die] pam_faillock.so authfail
+auth optional pam_permit.so
+auth required pam_env.so
+auth required pam_faillock.so authsucc
+# If you drop the above call to pam_faillock.so the lock will be done also
+# on non-consecutive authentication failures.
+
+#-account [success=1 default=ignore] pam_systemd_home.so
+account required pam_unix.so
+account optional pam_permit.so
+account required pam_time.so
+
+#-password [success=1 default=ignore] pam_systemd_home.so
+password required pam_unix.so try_first_pass nullok shadow sha512
+password optional pam_permit.so
+
+#-session optional pam_systemd_home.so
+session required pam_limits.so
+session required pam_unix.so
+session optional pam_permit.so
diff --git a/iso/system-login b/iso/system-login
index 35c1897..9fbad51 100644
--- a/iso/system-login
+++ b/iso/system-login
@@ -13,7 +13,7 @@ password include system-auth
session optional pam_loginuid.so
session optional pam_keyinit.so force revoke
session include system-auth
-session optional pam_motd.so motd=/etc/motd
+session optional pam_motd.so
session optional pam_mail.so dir=/var/spool/mail standard quiet
#-session optional pam_systemd.so
-session required pam_env.so user_readenv=1
+session required pam_env.so

Copyright © 2002-2022 Judd Vinet and Aaron Griffin. Copyright © 2022 Erich Eckner.
The Arch Linux name and logo are recognized trademarks. Some rights reserved. The registered trademark Linux® is used pursuant to a sublicense from LMI, the exclusive licensee of Linus Torvalds, owner of the mark on a world-wide basis.