packages/pam
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

update config

Browse Source
This commit is contained in:
guoxiaoqi 2020-01-12 15:59:21 +08:00
parent 5661d4c7c5
commit 70bb4f2c51
8 changed files with 35 additions and 193 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

36
config-util.5
View File

@ -1,36 +0,0 @@
.TH SYSTEM-AUTH 5 "2006 Feb 3" "Red Hat" "Linux-PAM Manual"
.SH NAME
config-util \- Common PAM configuration file for configuration utilities
.SH SYNOPSIS
.B /etc/pam.d/config-util
.sp 2
.SH DESCRIPTION
The purpose of this configuration file is to provide common
configuration file for all configuration utilities which must be run
from the supervisor account and use the userhelper wrapper application.
.sp
The
.BR config-util
configuration file is included from all individual configuration
files of such utilities with the help of the
.BR include
directive.
There are not usually any other modules in the individual configuration
files of these utilities.
.sp
It is possible for example to modify duration of the validity of the
authentication timestamp there. See
.BR pam_timestamp(8)
for details.
.SH BUGS
.sp 2
None known.
.SH "SEE ALSO"
pam(8), config-util(5), pam_timestamp(8)

19
fingerprint-auth.pamd
View File

@ -1,19 +0,0 @@
#%PAM-1.0
# This file is auto-generated.
# User changes will be destroyed the next time authconfig is run.
auth required pam_env.so
auth sufficient pam_fprintd.so
auth required pam_deny.so
account required pam_unix.so
account sufficient pam_localuser.so
account sufficient pam_succeed_if.so uid < 500 quiet
account required pam_permit.so
password required pam_deny.so
session optional pam_keyinit.so revoke
session required pam_limits.so
-session optional pam_systemd.so
session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid
session required pam_unix.so

11
pam.spec
View File

@ -4,7 +4,7 @@
%define _pamconfdir %{_sysconfdir}/pam.d
Name: pam
Version: 1.3.1
Release: 7
Release: 8
Summary: Pluggable Authentication Modules for Linux
License: BSD and GPLv2+
URL: http://www.linux-pam.org/
@ -13,8 +13,6 @@ Source1: https://github.com/linux-pam/linux-pam/releases/download/v%{version}/Li
Source5: other.pamd
Source6: system-auth.pamd
Source7: password-auth.pamd
Source8: fingerprint-auth.pamd
Source9: smartcard-auth.pamd
Source10: config-util.pamd
Source15: pamtmp.conf
Source16: postlogin.pamd
@ -84,8 +82,6 @@ install -d -m 755 $RPM_BUILD_ROOT%{_pamconfdir}
install -m 644 %{SOURCE5} $RPM_BUILD_ROOT%{_pamconfdir}/other
install -m 644 %{SOURCE6} $RPM_BUILD_ROOT%{_pamconfdir}/system-auth
install -m 644 %{SOURCE7} $RPM_BUILD_ROOT%{_pamconfdir}/password-auth
install -m 644 %{SOURCE8} $RPM_BUILD_ROOT%{_pamconfdir}/fingerprint-auth
install -m 644 %{SOURCE9} $RPM_BUILD_ROOT%{_pamconfdir}/smartcard-auth
install -m 644 %{SOURCE10} $RPM_BUILD_ROOT%{_pamconfdir}/config-util
install -m 644 %{SOURCE16} $RPM_BUILD_ROOT%{_pamconfdir}/postlogin
install -m 600 /dev/null $RPM_BUILD_ROOT%{_secconfdir}/opasswd
@ -124,8 +120,6 @@ fi
%config(noreplace) %{_pamconfdir}/other
%config(noreplace) %{_pamconfdir}/system-auth
%config(noreplace) %{_pamconfdir}/password-auth
%config(noreplace) %{_pamconfdir}/fingerprint-auth
%config(noreplace) %{_pamconfdir}/smartcard-auth
%config(noreplace) %{_pamconfdir}/config-util
%config(noreplace) %{_pamconfdir}/postlogin
%{_pamlibdir}/libpam.so.*
@ -173,6 +167,9 @@ fi
%changelog
* Sun Jan 12 2020 openEuler Buildteam <buildteam@openeuler.org> - 1.3.1-8
- update config
* Fri Jan 10 2020 openEuler Buildteam <buildteam@openeuler.org> - 1.3.1-7
- clean code

19
password-auth.pamd
View File

@ -1,14 +1,24 @@
#%PAM-1.0
# This file is auto-generated.
# User changes will be destroyed the next time authconfig is run.
auth required pam_env.so
auth sufficient pam_unix.so try_first_pass nullok
auth required pam_faillock.so preauth audit deny=3 even_deny_root unlock_time=60
-auth sufficient pam_fprintd.so
auth sufficient pam_unix.so nullok try_first_pass
-auth sufficient pam_sss.so use_first_pass
auth [default=die] pam_faillock.so authfail audit deny=3 even_deny_root unlock_time=60
auth sufficient pam_faillock.so authsucc audit deny=3 even_deny_root unlock_time=60
auth requisite pam_succeed_if.so uid >= 1000 quiet_success
auth required pam_deny.so
account required pam_unix.so
account sufficient pam_localuser.so
account sufficient pam_succeed_if.so uid < 1000 quiet
-account [default=bad success=ok user_unknown=ignore] pam_sss.so
account required pam_permit.so
password requisite pam_pwquality.so try_first_pass local_users_only retry=3 authtok_type=
password sufficient pam_unix.so try_first_pass use_authtok nullok sha512 shadow
password requisite pam_pwquality.so try_first_pass local_users_only
password sufficient pam_unix.so sha512 shadow nullok try_first_pass use_authtok
-password sufficient pam_sss.so use_authtok
password required pam_deny.so
session optional pam_keyinit.so revoke
@ -16,3 +26,4 @@ session required pam_limits.so
-session optional pam_systemd.so
session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid
session required pam_unix.so
-session optional pam_sss.so

46
postlogin.5
View File

@ -1,46 +0,0 @@
.TH POSTLOGIN 5 "2010 Dec 22" "Red Hat" "Linux-PAM Manual"
.SH NAME
postlogin \- Common configuration file for PAMified services
.SH SYNOPSIS
.B /etc/pam.d/postlogin
.sp 2
.SH DESCRIPTION
The purpose of this PAM configuration file is to provide a common
place for all PAM modules which should be called after the stack
configured in
.BR system-auth
or the other common PAM configuration files.
.sp
The
.BR postlogin
configuration file is included from all individual service configuration
files that provide login service with shell or file access.
.SH NOTES
The modules in the postlogin configuration file are executed regardless
of the success or failure of the modules in the
.BR system-auth
configuration file.
.SH BUGS
.sp 2
Sometimes it would be useful to be able to skip the postlogin modules in
case the substack of the
.BR system-auth
modules failed. Unfortunately the current Linux-PAM library does not
provide any way how to achieve this.
.SH "SEE ALSO"
pam(8), config-util(5), system-auth(5)
The three
.BR Linux-PAM
Guides, for
.BR "system administrators" ", "
.BR "module developers" ", "
and
.BR "application developers" ". "

19
smartcard-auth.pamd
View File

@ -1,19 +0,0 @@
#%PAM-1.0
# This file is auto-generated.
# User changes will be destroyed the next time authconfig is run.
auth required pam_env.so
auth [success=done ignore=ignore default=die] pam_pkcs11.so wait_for_card
auth required pam_deny.so
account required pam_unix.so
account sufficient pam_localuser.so
account sufficient pam_succeed_if.so uid < 500 quiet
account required pam_permit.so
password optional pam_pkcs11.so
session optional pam_keyinit.so revoke
session required pam_limits.so
-session optional pam_systemd.so
session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid
session required pam_unix.so

58
system-auth.5
View File

@ -1,58 +0,0 @@
.TH SYSTEM-AUTH 5 "2010 Dec 22" "Red Hat" "Linux-PAM Manual"
.SH NAME
system-auth \- Common configuration file for PAMified services
.SH SYNOPSIS
.B /etc/pam.d/system-auth
.B /etc/pam.d/password-auth
.B /etc/pam.d/fingerprint-auth
.B /etc/pam.d/smartcard-auth
.sp 2
.SH DESCRIPTION
The purpose of these configuration files are to provide a common
interface for all applications and service daemons calling into
the PAM library.
.sp
The
.BR system-auth
configuration file is included from nearly all individual service configuration
files with the help of the
.BR substack
directive.
.sp
The
.BR password-auth
.BR fingerprint-auth
.BR smartcard-auth
configuration files are for applications which handle authentication from
different types of devices via simultaneously running individual conversations
instead of one aggregate conversation.
.SH NOTES
Previously these common configuration files were included with the help
of the
.BR include
directive. This limited the use of the different action types of modules.
With the use of
.BR substack
directive to include these common configuration files this limitation
no longer applies.
.SH BUGS
.sp 2
None known.
.SH "SEE ALSO"
pam(8), config-util(5), postlogin(5)
The three
.BR Linux-PAM
Guides, for
.BR "system administrators" ", "
.BR "module developers" ", "
and
.BR "application developers" ". "

20
system-auth.pamd
View File

@ -1,14 +1,25 @@
#%PAM-1.0
# This file is auto-generated.
# User changes will be destroyed the next time authconfig is run.
auth required pam_env.so
auth sufficient pam_unix.so try_first_pass nullok
auth required pam_faillock.so preauth audit deny=3 even_deny_root unlock_time=60
-auth sufficient pam_fprintd.so
auth sufficient pam_unix.so nullok try_first_pass
-auth sufficient pam_sss.so use_first_pass
auth [default=die] pam_faillock.so authfail audit deny=3 even_deny_root unlock_time=60
auth sufficient pam_faillock.so authsucc audit deny=3 even_deny_root unlock_time=60
auth requisite pam_succeed_if.so uid >= 1000 quiet_success
auth required pam_deny.so
account required pam_unix.so
account required pam_faillock.so
account sufficient pam_localuser.so
account sufficient pam_succeed_if.so uid < 1000 quiet
-account [default=bad success=ok user_unknown=ignore] pam_sss.so
account required pam_permit.so
password requisite pam_pwquality.so try_first_pass local_users_only retry=3 authtok_type=
password sufficient pam_unix.so try_first_pass use_authtok nullok sha512 shadow
password requisite pam_pwquality.so try_first_pass local_users_only
password sufficient pam_unix.so sha512 shadow nullok try_first_pass use_authtok
-password sufficient pam_sss.so use_authtok
password required pam_deny.so
session optional pam_keyinit.so revoke
@ -16,3 +27,4 @@ session required pam_limits.so
-session optional pam_systemd.so
session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid
session required pam_unix.so
-session optional pam_sss.so