Send patches - preferably formatted by git format-patch - to patches at archlinux32 dot org.
summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rwxr-xr-xiso/mkarchiso4861
-rw-r--r--iso/system-auth27
-rw-r--r--iso/system-login4
3 files changed, 30 insertions, 2 deletions
diff --git a/iso/mkarchiso486 b/iso/mkarchiso486
index 4b56ca6..fc4e3ef 100755
--- a/iso/mkarchiso486
+++ b/iso/mkarchiso486
@@ -73,6 +73,7 @@ chmod 0400 "$ROOTFS"/etc/ssh/ssh_host_*_key
cp $BASE/motd "$ROOTFS"/etc/motd
linux32 arch-chroot "$ROOTMNT" /bin/bash -c 'echo "root:arch" | /usr/bin/chpasswd'
cp $BASE/system-login "$ROOTMNT"/etc/pam.d/system-login
+cp $BASE/system-auth "$ROOTMNT"/etc/pam.d/system-auth
echo "Installining syslinux (isolinux).."
if test ! -d "$ROOTFS/isolinux"; then
diff --git a/iso/system-auth b/iso/system-auth
new file mode 100644
index 0000000..0d39434
--- /dev/null
+++ b/iso/system-auth
@@ -0,0 +1,27 @@
+#%PAM-1.0
+
+auth required pam_faillock.so preauth
+# Optionally use requisite above if you do not want to prompt for the password
+# on locked accounts.
+#-auth [success=2 default=ignore] pam_systemd_home.so
+auth [success=1 default=bad] pam_unix.so try_first_pass nullok
+auth [default=die] pam_faillock.so authfail
+auth optional pam_permit.so
+auth required pam_env.so
+auth required pam_faillock.so authsucc
+# If you drop the above call to pam_faillock.so the lock will be done also
+# on non-consecutive authentication failures.
+
+#-account [success=1 default=ignore] pam_systemd_home.so
+account required pam_unix.so
+account optional pam_permit.so
+account required pam_time.so
+
+#-password [success=1 default=ignore] pam_systemd_home.so
+password required pam_unix.so try_first_pass nullok shadow sha512
+password optional pam_permit.so
+
+#-session optional pam_systemd_home.so
+session required pam_limits.so
+session required pam_unix.so
+session optional pam_permit.so
diff --git a/iso/system-login b/iso/system-login
index 35c1897..9fbad51 100644
--- a/iso/system-login
+++ b/iso/system-login
@@ -13,7 +13,7 @@ password include system-auth
session optional pam_loginuid.so
session optional pam_keyinit.so force revoke
session include system-auth
-session optional pam_motd.so motd=/etc/motd
+session optional pam_motd.so
session optional pam_mail.so dir=/var/spool/mail standard quiet
#-session optional pam_systemd.so
-session required pam_env.so user_readenv=1
+session required pam_env.so

Copyright © 2002-2022 Judd Vinet and Aaron Griffin. Copyright © 2022 Erich Eckner.
The Arch Linux name and logo are recognized trademarks. Some rights reserved. The registered trademark Linux® is used pursuant to a sublicense from LMI, the exclusive licensee of Linus Torvalds, owner of the mark on a world-wide basis.