name: linux-pam kind: chunk build-system: autotools pre-configure-commands: - autoreconf -ivf configure-commands: - ./configure --prefix=/usr --libdir=/lib post-install-commands: - | install -D -m 0644 /proc/self/fd/0 "$DESTDIR"/etc/pam.d/system-account <<'EOF' #%PAM-1.0 # Empty passwords are allowed account required pam_unix.so EOF - | install -D -m 0644 /proc/self/fd/0 "$DESTDIR"/etc/pam.d/system-auth <<'EOF' #%PAM-1.0 # Empty passwords are allowed auth required pam_unix.so nullok EOF - | install -D -m 0644 /proc/self/fd/0 "$DESTDIR"/etc/pam.d/system-passwd <<'EOF' #%PAM-1.0 password required pam_unix.so sha512 shadow try_first_pass EOF - | install -D -m 0644 /proc/self/fd/0 "$DESTDIR"/etc/pam.d/system-session <<'EOF' #%PAM-1.0 session required pam_unix.so session optional pam_systemd.so EOF - | install -D -m 0644 /proc/self/fd/0 "$DESTDIR"/etc/pam.d/login <<'EOF' #%PAM-1.0 # Set failure delay before next prompt to 3 seconds auth optional pam_faildelay.so delay=3000000 # Check to make sure that the user is allowed to login auth requisite pam_nologin.so # Check to make sure that root is allowed to login # Disabled by default. You will need to create /etc/securetty # file for this module to function. See man 5 securetty. #auth required pam_securetty.so # Additional group memberships - disabled by default #auth optional pam_group.so # include the default auth settings auth include system-auth # check access for the user account required pam_access.so # include the default account settings account include system-account # Set default environment variables for the user session required pam_env.so # Set resource limits for the user session required pam_limits.so # Display date of last login - Disabled by default #session optional pam_lastlog.so # Display the message of the day - Disabled by default #session optional pam_motd.so # Check user's mail - Disabled by default #session optional pam_mail.so standard quiet # include the default session and password settings session include system-session password include system-passwd EOF - | install -D -m 0644 /proc/self/fd/0 "$DESTDIR"/etc/pam.d/passwd <<'EOF' #%PAM-1.0 password include system-passwd EOF - | install -D -m 0644 /proc/self/fd/0 "$DESTDIR"/etc/pam.d/su <<'EOF' #%PAM-1.0 # always allow root auth sufficient pam_rootok.so auth include system-auth # include the default account settings account include system-account # Set default environment variables for the service user session required pam_env.so # include system session defaults session include system-session EOF - | install -D -m 0644 /proc/self/fd/0 "$DESTDIR"/etc/pam.d/chage <<'EOF' #%PAM-1.0 # always allow root auth sufficient pam_rootok.so # include system defaults for auth account and session auth include system-auth account include system-account session include system-session # Always permit for authentication updates password required pam_permit.so EOF - | for PROGRAM in chfn chgpasswd chpasswd chsh groupadd groupdel groupmems \ groupmod newusers useradd userdel usermod do install -m 0644 "$DESTDIR/etc/pam.d/chage" "$DESTDIR/etc/pam.d/${PROGRAM}" done - | install -D -m 0644 /proc/self/fd/0 <<'EOF' "$DESTDIR"/etc/pam.d/other #%PAM-1.0 auth include system-auth account include system-account password include system-passwd session include system-session EOF