From bce4ac0f65ffb8bedcdcbdb94eb796457b12f9e1 Mon Sep 17 00:00:00 2001
From: davidovski <david@davidovski.xyz>
Date: Mon, 11 Apr 2022 13:30:34 +0100
Subject: added files for pam and shadow

---
 extra/shadow/chage.pamd    | 11 +++++++++++
 extra/shadow/chpasswd.pamd | 12 ++++++++++++
 extra/shadow/login.pamd    | 46 ++++++++++++++++++++++++++++++++++++++++++++++
 extra/shadow/newusers.pamd | 12 ++++++++++++
 extra/shadow/passwd.pamd   |  6 ++++++
 extra/shadow/su.pamd       | 27 +++++++++++++++++++++++++++
 6 files changed, 114 insertions(+)
 create mode 100644 extra/shadow/chage.pamd
 create mode 100644 extra/shadow/chpasswd.pamd
 create mode 100644 extra/shadow/login.pamd
 create mode 100644 extra/shadow/newusers.pamd
 create mode 100644 extra/shadow/passwd.pamd
 create mode 100644 extra/shadow/su.pamd

(limited to 'extra/shadow')

diff --git a/extra/shadow/chage.pamd b/extra/shadow/chage.pamd
new file mode 100644
index 0000000..3f277f8
--- /dev/null
+++ b/extra/shadow/chage.pamd
@@ -0,0 +1,11 @@
+# Begin /etc/pam.d/chage
+
+# always allow root
+auth      sufficient  pam_rootok.so
+
+# include system auth and account settings
+auth      include     system-auth
+account   include     system-account
+
+# End /etc/pam.d/chage
+
diff --git a/extra/shadow/chpasswd.pamd b/extra/shadow/chpasswd.pamd
new file mode 100644
index 0000000..81afbee
--- /dev/null
+++ b/extra/shadow/chpasswd.pamd
@@ -0,0 +1,12 @@
+# Begin /etc/pam.d/newusers
+
+# always allow root
+auth      sufficient  pam_rootok.so
+
+# include system auth and account settings
+auth      include     system-auth
+account   include     system-account
+password  include     system-password
+
+# End /etc/pam.d/newusers
+
diff --git a/extra/shadow/login.pamd b/extra/shadow/login.pamd
new file mode 100644
index 0000000..c6410c1
--- /dev/null
+++ b/extra/shadow/login.pamd
@@ -0,0 +1,46 @@
+# Begin /etc/pam.d/login
+
+# Set failure delay before next prompt to 3 seconds
+auth      optional    pam_faildelay.so  delay=3000000
+
+# Check to make sure that the user is allowed to login
+auth      requisite   pam_nologin.so
+
+# Check to make sure that root is allowed to login
+# Disabled by default. You will need to create /etc/securetty
+# file for this module to function. See man 5 securetty.
+#auth      required    pam_securetty.so
+
+# Additional group memberships - disabled by default
+#auth      optional    pam_group.so
+
+# include system auth settings
+auth      include     system-auth
+
+# check access for the user
+account   required    pam_access.so
+
+# include system account settings
+account   include     system-account
+
+# Set default environment variables for the user
+session   required    pam_env.so
+
+# Set resource limits for the user
+session   required    pam_limits.so
+
+# Display date of last login - Disabled by default
+#session   optional    pam_lastlog.so
+
+# Display the message of the day - Disabled by default
+#session   optional    pam_motd.so
+
+# Check user's mail - Disabled by default
+#session   optional    pam_mail.so      standard quiet
+
+# include system session and password settings
+session   include     system-session
+password  include     system-password
+
+# End /etc/pam.d/login
+
diff --git a/extra/shadow/newusers.pamd b/extra/shadow/newusers.pamd
new file mode 100644
index 0000000..57f5cfa
--- /dev/null
+++ b/extra/shadow/newusers.pamd
@@ -0,0 +1,12 @@
+# Begin /etc/pam.d/chpasswd
+
+# always allow root
+auth      sufficient  pam_rootok.so
+
+# include system auth and account settings
+auth      include     system-auth
+account   include     system-account
+password  include     system-password
+
+# End /etc/pam.d/chpasswd
+
diff --git a/extra/shadow/passwd.pamd b/extra/shadow/passwd.pamd
new file mode 100644
index 0000000..83459e3
--- /dev/null
+++ b/extra/shadow/passwd.pamd
@@ -0,0 +1,6 @@
+# Begin /etc/pam.d/passwd
+
+password  include     system-password
+
+# End /etc/pam.d/passwd
+
diff --git a/extra/shadow/su.pamd b/extra/shadow/su.pamd
new file mode 100644
index 0000000..ca6ab90
--- /dev/null
+++ b/extra/shadow/su.pamd
@@ -0,0 +1,27 @@
+# Begin /etc/pam.d/su
+
+# always allow root
+auth      sufficient  pam_rootok.so
+
+# Allow users in the wheel group to execute su without a password
+# disabled by default
+#auth      sufficient  pam_wheel.so trust use_uid
+
+# include system auth settings
+auth      include     system-auth
+
+# limit su to users in the wheel group
+# disabled by default
+#auth      required    pam_wheel.so use_uid
+
+# include system account settings
+account   include     system-account
+
+# Set default environment variables for the service user
+session   required    pam_env.so
+
+# include system session settings
+session   include     system-session
+
+# End /etc/pam.d/su
+
-- 
cgit v1.2.1