summaryrefslogtreecommitdiff
path: root/strata/core/linux-pam.morph
diff options
context:
space:
mode:
Diffstat (limited to 'strata/core/linux-pam.morph')
-rw-r--r--strata/core/linux-pam.morph125
1 files changed, 125 insertions, 0 deletions
diff --git a/strata/core/linux-pam.morph b/strata/core/linux-pam.morph
new file mode 100644
index 00000000..6c4959b0
--- /dev/null
+++ b/strata/core/linux-pam.morph
@@ -0,0 +1,125 @@
+name: linux-pam
+kind: chunk
+build-system: autotools
+pre-configure-commands:
+- autoreconf -ivf
+configure-commands:
+- ./configure --prefix=/usr --libdir=/lib
+post-install-commands:
+- |
+ install -D -m 0644 /proc/self/fd/0 "$DESTDIR"/etc/pam.d/system-account <<'EOF'
+ #%PAM-1.0
+ # Empty passwords are allowed
+ account required pam_unix.so
+ EOF
+- |
+ install -D -m 0644 /proc/self/fd/0 "$DESTDIR"/etc/pam.d/system-auth <<'EOF'
+ #%PAM-1.0
+ # Empty passwords are allowed
+ auth required pam_unix.so nullok
+ EOF
+- |
+ install -D -m 0644 /proc/self/fd/0 "$DESTDIR"/etc/pam.d/system-passwd <<'EOF'
+ #%PAM-1.0
+ password required pam_unix.so sha512 shadow try_first_pass
+ EOF
+- |
+ install -D -m 0644 /proc/self/fd/0 "$DESTDIR"/etc/pam.d/system-session <<'EOF'
+ #%PAM-1.0
+ session required pam_unix.so
+ session optional pam_systemd.so
+ EOF
+- |
+ install -D -m 0644 /proc/self/fd/0 "$DESTDIR"/etc/pam.d/login <<'EOF'
+ #%PAM-1.0
+ # Set failure delay before next prompt to 3 seconds
+ auth optional pam_faildelay.so delay=3000000
+
+ # Check to make sure that the user is allowed to login
+ auth requisite pam_nologin.so
+
+ # Check to make sure that root is allowed to login
+ # Disabled by default. You will need to create /etc/securetty
+ # file for this module to function. See man 5 securetty.
+ #auth required pam_securetty.so
+
+ # Additional group memberships - disabled by default
+ #auth optional pam_group.so
+
+ # include the default auth settings
+ auth include system-auth
+
+ # check access for the user
+ account required pam_access.so
+
+ # include the default account settings
+ account include system-account
+
+ # Set default environment variables for the user
+ session required pam_env.so
+
+ # Set resource limits for the user
+ session required pam_limits.so
+
+ # Display date of last login - Disabled by default
+ #session optional pam_lastlog.so
+
+ # Display the message of the day - Disabled by default
+ #session optional pam_motd.so
+
+ # Check user's mail - Disabled by default
+ #session optional pam_mail.so standard quiet
+
+ # include the default session and password settings
+ session include system-session
+ password include system-passwd
+ EOF
+- |
+ install -D -m 0644 /proc/self/fd/0 "$DESTDIR"/etc/pam.d/passwd <<'EOF'
+ #%PAM-1.0
+ password include system-passwd
+ EOF
+- |
+ install -D -m 0644 /proc/self/fd/0 "$DESTDIR"/etc/pam.d/su <<'EOF'
+ #%PAM-1.0
+ # always allow root
+ auth sufficient pam_rootok.so
+ auth include system-auth
+
+ # include the default account settings
+ account include system-account
+
+ # Set default environment variables for the service user
+ session required pam_env.so
+
+ # include system session defaults
+ session include system-session
+ EOF
+- |
+ install -D -m 0644 /proc/self/fd/0 "$DESTDIR"/etc/pam.d/chage <<'EOF'
+ #%PAM-1.0
+ # always allow root
+ auth sufficient pam_rootok.so
+
+ # include system defaults for auth account and session
+ auth include system-auth
+ account include system-account
+ session include system-session
+
+ # Always permit for authentication updates
+ password required pam_permit.so
+ EOF
+- |
+ for PROGRAM in chfn chgpasswd chpasswd chsh groupadd groupdel groupmems \
+ groupmod newusers useradd userdel usermod
+ do
+ install -m 0644 "$DESTDIR/etc/pam.d/chage" "$DESTDIR/etc/pam.d/${PROGRAM}"
+ done
+- |
+ install -D -m 0644 /proc/self/fd/0 <<'EOF' "$DESTDIR"/etc/pam.d/other
+ #%PAM-1.0
+ auth include system-auth
+ account include system-account
+ password include system-passwd
+ session include system-session
+ EOF
View Lorry Controller Status