summaryrefslogtreecommitdiff
path: root/extra/shadow
diff options
context:
space:
mode:
authordavidovski <david@davidovski.xyz>2022-04-11 13:30:34 +0100
committerdavidovski <david@davidovski.xyz>2022-04-11 13:30:34 +0100
commitbce4ac0f65ffb8bedcdcbdb94eb796457b12f9e1 (patch)
tree5070b9f21b192e6aa0f2a92584a7cbbc6a00d68c /extra/shadow
parent65f2daa1e41f38db5e29a73af9c02d6c390b1d24 (diff)
added files for pam and shadow
Diffstat (limited to 'extra/shadow')
-rw-r--r--extra/shadow/chage.pamd11
-rw-r--r--extra/shadow/chpasswd.pamd12
-rw-r--r--extra/shadow/login.pamd46
-rw-r--r--extra/shadow/newusers.pamd12
-rw-r--r--extra/shadow/passwd.pamd6
-rw-r--r--extra/shadow/su.pamd27
6 files changed, 114 insertions, 0 deletions
diff --git a/extra/shadow/chage.pamd b/extra/shadow/chage.pamd
new file mode 100644
index 0000000..3f277f8
--- /dev/null
+++ b/extra/shadow/chage.pamd
@@ -0,0 +1,11 @@
+# Begin /etc/pam.d/chage
+
+# always allow root
+auth sufficient pam_rootok.so
+
+# include system auth and account settings
+auth include system-auth
+account include system-account
+
+# End /etc/pam.d/chage
+
diff --git a/extra/shadow/chpasswd.pamd b/extra/shadow/chpasswd.pamd
new file mode 100644
index 0000000..81afbee
--- /dev/null
+++ b/extra/shadow/chpasswd.pamd
@@ -0,0 +1,12 @@
+# Begin /etc/pam.d/newusers
+
+# always allow root
+auth sufficient pam_rootok.so
+
+# include system auth and account settings
+auth include system-auth
+account include system-account
+password include system-password
+
+# End /etc/pam.d/newusers
+
diff --git a/extra/shadow/login.pamd b/extra/shadow/login.pamd
new file mode 100644
index 0000000..c6410c1
--- /dev/null
+++ b/extra/shadow/login.pamd
@@ -0,0 +1,46 @@
+# Begin /etc/pam.d/login
+
+# Set failure delay before next prompt to 3 seconds
+auth optional pam_faildelay.so delay=3000000
+
+# Check to make sure that the user is allowed to login
+auth requisite pam_nologin.so
+
+# Check to make sure that root is allowed to login
+# Disabled by default. You will need to create /etc/securetty
+# file for this module to function. See man 5 securetty.
+#auth required pam_securetty.so
+
+# Additional group memberships - disabled by default
+#auth optional pam_group.so
+
+# include system auth settings
+auth include system-auth
+
+# check access for the user
+account required pam_access.so
+
+# include system account settings
+account include system-account
+
+# Set default environment variables for the user
+session required pam_env.so
+
+# Set resource limits for the user
+session required pam_limits.so
+
+# Display date of last login - Disabled by default
+#session optional pam_lastlog.so
+
+# Display the message of the day - Disabled by default
+#session optional pam_motd.so
+
+# Check user's mail - Disabled by default
+#session optional pam_mail.so standard quiet
+
+# include system session and password settings
+session include system-session
+password include system-password
+
+# End /etc/pam.d/login
+
diff --git a/extra/shadow/newusers.pamd b/extra/shadow/newusers.pamd
new file mode 100644
index 0000000..57f5cfa
--- /dev/null
+++ b/extra/shadow/newusers.pamd
@@ -0,0 +1,12 @@
+# Begin /etc/pam.d/chpasswd
+
+# always allow root
+auth sufficient pam_rootok.so
+
+# include system auth and account settings
+auth include system-auth
+account include system-account
+password include system-password
+
+# End /etc/pam.d/chpasswd
+
diff --git a/extra/shadow/passwd.pamd b/extra/shadow/passwd.pamd
new file mode 100644
index 0000000..83459e3
--- /dev/null
+++ b/extra/shadow/passwd.pamd
@@ -0,0 +1,6 @@
+# Begin /etc/pam.d/passwd
+
+password include system-password
+
+# End /etc/pam.d/passwd
+
diff --git a/extra/shadow/su.pamd b/extra/shadow/su.pamd
new file mode 100644
index 0000000..ca6ab90
--- /dev/null
+++ b/extra/shadow/su.pamd
@@ -0,0 +1,27 @@
+# Begin /etc/pam.d/su
+
+# always allow root
+auth sufficient pam_rootok.so
+
+# Allow users in the wheel group to execute su without a password
+# disabled by default
+#auth sufficient pam_wheel.so trust use_uid
+
+# include system auth settings
+auth include system-auth
+
+# limit su to users in the wheel group
+# disabled by default
+#auth required pam_wheel.so use_uid
+
+# include system account settings
+account include system-account
+
+# Set default environment variables for the service user
+session required pam_env.so
+
+# include system session settings
+session include system-session
+
+# End /etc/pam.d/su
+