From bce4ac0f65ffb8bedcdcbdb94eb796457b12f9e1 Mon Sep 17 00:00:00 2001 From: davidovski Date: Mon, 11 Apr 2022 13:30:34 +0100 Subject: added files for pam and shadow --- extra/shadow/chage.pamd | 11 +++++++++++ extra/shadow/chpasswd.pamd | 12 ++++++++++++ extra/shadow/login.pamd | 46 ++++++++++++++++++++++++++++++++++++++++++++++ extra/shadow/newusers.pamd | 12 ++++++++++++ extra/shadow/passwd.pamd | 6 ++++++ extra/shadow/su.pamd | 27 +++++++++++++++++++++++++++ 6 files changed, 114 insertions(+) create mode 100644 extra/shadow/chage.pamd create mode 100644 extra/shadow/chpasswd.pamd create mode 100644 extra/shadow/login.pamd create mode 100644 extra/shadow/newusers.pamd create mode 100644 extra/shadow/passwd.pamd create mode 100644 extra/shadow/su.pamd (limited to 'extra/shadow') diff --git a/extra/shadow/chage.pamd b/extra/shadow/chage.pamd new file mode 100644 index 0000000..3f277f8 --- /dev/null +++ b/extra/shadow/chage.pamd @@ -0,0 +1,11 @@ +# Begin /etc/pam.d/chage + +# always allow root +auth sufficient pam_rootok.so + +# include system auth and account settings +auth include system-auth +account include system-account + +# End /etc/pam.d/chage + diff --git a/extra/shadow/chpasswd.pamd b/extra/shadow/chpasswd.pamd new file mode 100644 index 0000000..81afbee --- /dev/null +++ b/extra/shadow/chpasswd.pamd @@ -0,0 +1,12 @@ +# Begin /etc/pam.d/newusers + +# always allow root +auth sufficient pam_rootok.so + +# include system auth and account settings +auth include system-auth +account include system-account +password include system-password + +# End /etc/pam.d/newusers + diff --git a/extra/shadow/login.pamd b/extra/shadow/login.pamd new file mode 100644 index 0000000..c6410c1 --- /dev/null +++ b/extra/shadow/login.pamd @@ -0,0 +1,46 @@ +# Begin /etc/pam.d/login + +# Set failure delay before next prompt to 3 seconds +auth optional pam_faildelay.so delay=3000000 + +# Check to make sure that the user is allowed to login +auth requisite pam_nologin.so + +# Check to make sure that root is allowed to login +# Disabled by default. You will need to create /etc/securetty +# file for this module to function. See man 5 securetty. +#auth required pam_securetty.so + +# Additional group memberships - disabled by default +#auth optional pam_group.so + +# include system auth settings +auth include system-auth + +# check access for the user +account required pam_access.so + +# include system account settings +account include system-account + +# Set default environment variables for the user +session required pam_env.so + +# Set resource limits for the user +session required pam_limits.so + +# Display date of last login - Disabled by default +#session optional pam_lastlog.so + +# Display the message of the day - Disabled by default +#session optional pam_motd.so + +# Check user's mail - Disabled by default +#session optional pam_mail.so standard quiet + +# include system session and password settings +session include system-session +password include system-password + +# End /etc/pam.d/login + diff --git a/extra/shadow/newusers.pamd b/extra/shadow/newusers.pamd new file mode 100644 index 0000000..57f5cfa --- /dev/null +++ b/extra/shadow/newusers.pamd @@ -0,0 +1,12 @@ +# Begin /etc/pam.d/chpasswd + +# always allow root +auth sufficient pam_rootok.so + +# include system auth and account settings +auth include system-auth +account include system-account +password include system-password + +# End /etc/pam.d/chpasswd + diff --git a/extra/shadow/passwd.pamd b/extra/shadow/passwd.pamd new file mode 100644 index 0000000..83459e3 --- /dev/null +++ b/extra/shadow/passwd.pamd @@ -0,0 +1,6 @@ +# Begin /etc/pam.d/passwd + +password include system-password + +# End /etc/pam.d/passwd + diff --git a/extra/shadow/su.pamd b/extra/shadow/su.pamd new file mode 100644 index 0000000..ca6ab90 --- /dev/null +++ b/extra/shadow/su.pamd @@ -0,0 +1,27 @@ +# Begin /etc/pam.d/su + +# always allow root +auth sufficient pam_rootok.so + +# Allow users in the wheel group to execute su without a password +# disabled by default +#auth sufficient pam_wheel.so trust use_uid + +# include system auth settings +auth include system-auth + +# limit su to users in the wheel group +# disabled by default +#auth required pam_wheel.so use_uid + +# include system account settings +account include system-account + +# Set default environment variables for the service user +session required pam_env.so + +# include system session settings +session include system-session + +# End /etc/pam.d/su + -- cgit v1.2.1