blob: 6c4959b0230f7e3bdded3cea1a5df0ebd23bbffc (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
|
name: linux-pam
kind: chunk
build-system: autotools
pre-configure-commands:
- autoreconf -ivf
configure-commands:
- ./configure --prefix=/usr --libdir=/lib
post-install-commands:
- |
install -D -m 0644 /proc/self/fd/0 "$DESTDIR"/etc/pam.d/system-account <<'EOF'
#%PAM-1.0
# Empty passwords are allowed
account required pam_unix.so
EOF
- |
install -D -m 0644 /proc/self/fd/0 "$DESTDIR"/etc/pam.d/system-auth <<'EOF'
#%PAM-1.0
# Empty passwords are allowed
auth required pam_unix.so nullok
EOF
- |
install -D -m 0644 /proc/self/fd/0 "$DESTDIR"/etc/pam.d/system-passwd <<'EOF'
#%PAM-1.0
password required pam_unix.so sha512 shadow try_first_pass
EOF
- |
install -D -m 0644 /proc/self/fd/0 "$DESTDIR"/etc/pam.d/system-session <<'EOF'
#%PAM-1.0
session required pam_unix.so
session optional pam_systemd.so
EOF
- |
install -D -m 0644 /proc/self/fd/0 "$DESTDIR"/etc/pam.d/login <<'EOF'
#%PAM-1.0
# Set failure delay before next prompt to 3 seconds
auth optional pam_faildelay.so delay=3000000
# Check to make sure that the user is allowed to login
auth requisite pam_nologin.so
# Check to make sure that root is allowed to login
# Disabled by default. You will need to create /etc/securetty
# file for this module to function. See man 5 securetty.
#auth required pam_securetty.so
# Additional group memberships - disabled by default
#auth optional pam_group.so
# include the default auth settings
auth include system-auth
# check access for the user
account required pam_access.so
# include the default account settings
account include system-account
# Set default environment variables for the user
session required pam_env.so
# Set resource limits for the user
session required pam_limits.so
# Display date of last login - Disabled by default
#session optional pam_lastlog.so
# Display the message of the day - Disabled by default
#session optional pam_motd.so
# Check user's mail - Disabled by default
#session optional pam_mail.so standard quiet
# include the default session and password settings
session include system-session
password include system-passwd
EOF
- |
install -D -m 0644 /proc/self/fd/0 "$DESTDIR"/etc/pam.d/passwd <<'EOF'
#%PAM-1.0
password include system-passwd
EOF
- |
install -D -m 0644 /proc/self/fd/0 "$DESTDIR"/etc/pam.d/su <<'EOF'
#%PAM-1.0
# always allow root
auth sufficient pam_rootok.so
auth include system-auth
# include the default account settings
account include system-account
# Set default environment variables for the service user
session required pam_env.so
# include system session defaults
session include system-session
EOF
- |
install -D -m 0644 /proc/self/fd/0 "$DESTDIR"/etc/pam.d/chage <<'EOF'
#%PAM-1.0
# always allow root
auth sufficient pam_rootok.so
# include system defaults for auth account and session
auth include system-auth
account include system-account
session include system-session
# Always permit for authentication updates
password required pam_permit.so
EOF
- |
for PROGRAM in chfn chgpasswd chpasswd chsh groupadd groupdel groupmems \
groupmod newusers useradd userdel usermod
do
install -m 0644 "$DESTDIR/etc/pam.d/chage" "$DESTDIR/etc/pam.d/${PROGRAM}"
done
- |
install -D -m 0644 /proc/self/fd/0 <<'EOF' "$DESTDIR"/etc/pam.d/other
#%PAM-1.0
auth include system-auth
account include system-account
password include system-passwd
session include system-session
EOF
|