From 17d7c30814b6835c0707b66ddf895100482296da Mon Sep 17 00:00:00 2001 From: Andreas Baumann Date: Wed, 2 Nov 2022 17:36:28 +0100 Subject: also have a non-systemd system-auth for pam --- iso/mkarchiso486 | 1 + iso/system-auth | 27 +++++++++++++++++++++++++++ iso/system-login | 4 ++-- 3 files changed, 30 insertions(+), 2 deletions(-) create mode 100644 iso/system-auth (limited to 'iso') diff --git a/iso/mkarchiso486 b/iso/mkarchiso486 index 4b56ca6..fc4e3ef 100755 --- a/iso/mkarchiso486 +++ b/iso/mkarchiso486 @@ -73,6 +73,7 @@ chmod 0400 "$ROOTFS"/etc/ssh/ssh_host_*_key cp $BASE/motd "$ROOTFS"/etc/motd linux32 arch-chroot "$ROOTMNT" /bin/bash -c 'echo "root:arch" | /usr/bin/chpasswd' cp $BASE/system-login "$ROOTMNT"/etc/pam.d/system-login +cp $BASE/system-auth "$ROOTMNT"/etc/pam.d/system-auth echo "Installining syslinux (isolinux).." if test ! -d "$ROOTFS/isolinux"; then diff --git a/iso/system-auth b/iso/system-auth new file mode 100644 index 0000000..0d39434 --- /dev/null +++ b/iso/system-auth @@ -0,0 +1,27 @@ +#%PAM-1.0 + +auth required pam_faillock.so preauth +# Optionally use requisite above if you do not want to prompt for the password +# on locked accounts. +#-auth [success=2 default=ignore] pam_systemd_home.so +auth [success=1 default=bad] pam_unix.so try_first_pass nullok +auth [default=die] pam_faillock.so authfail +auth optional pam_permit.so +auth required pam_env.so +auth required pam_faillock.so authsucc +# If you drop the above call to pam_faillock.so the lock will be done also +# on non-consecutive authentication failures. + +#-account [success=1 default=ignore] pam_systemd_home.so +account required pam_unix.so +account optional pam_permit.so +account required pam_time.so + +#-password [success=1 default=ignore] pam_systemd_home.so +password required pam_unix.so try_first_pass nullok shadow sha512 +password optional pam_permit.so + +#-session optional pam_systemd_home.so +session required pam_limits.so +session required pam_unix.so +session optional pam_permit.so diff --git a/iso/system-login b/iso/system-login index 35c1897..9fbad51 100644 --- a/iso/system-login +++ b/iso/system-login @@ -13,7 +13,7 @@ password include system-auth session optional pam_loginuid.so session optional pam_keyinit.so force revoke session include system-auth -session optional pam_motd.so motd=/etc/motd +session optional pam_motd.so session optional pam_mail.so dir=/var/spool/mail standard quiet #-session optional pam_systemd.so -session required pam_env.so user_readenv=1 +session required pam_env.so -- cgit v1.2.3-70-g09d2