This repository has been archived by the owner on May 20, 2023. It is now read-only.
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Remove options not supported by faillock, Drop sha512 option to pam_u…
…nix, Fix pam_faillock support, Pass option user_readenv=1 to pam_env at end of session in system-login git-svn-id: file:///srv/repos/svn-packages/svn@393562 eb2447ed-0c53-47e4-bac8-5bc4a241df78
- Loading branch information
tpowa
authored and
svntogit
committed
Aug 12, 2020
1 parent
001648d
commit 2d5af94
Showing
3 changed files
with
25 additions
and
17 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Original file line | Diff line number | Diff line change |
---|---|---|---|
@@ -1,16 +1,26 @@ | |||
#%PAM-1.0 | #%PAM-1.0 | ||
|
|
||
auth required pam_unix.so try_first_pass nullok | auth required pam_faillock.so preauth | ||
auth optional pam_permit.so | # Optionally use requisite above if you do not want to prompt for the password | ||
auth required pam_env.so | # on locked accounts. | ||
auth [success=2 default=ignore] pam_unix.so try_first_pass nullok | |||
-auth [success=1 default=ignore] pam_systemd_home.so | |||
auth [default=die] pam_faillock.so authfail | |||
auth optional pam_permit.so | |||
auth required pam_env.so | |||
auth required pam_faillock.so authsucc | |||
# If you drop the above call to pam_faillock.so the lock will be done also | |||
# on non-consecutive authentication failures. | |||
|
|
||
account required pam_unix.so | -account [success=1 default=ignore] pam_systemd_home.so | ||
account optional pam_permit.so | account required pam_unix.so | ||
account required pam_time.so | account optional pam_permit.so | ||
account required pam_time.so | |||
|
|
||
password required pam_unix.so try_first_pass nullok sha512 shadow | -password [success=1 default=ignore] pam_systemd_home.so | ||
password optional pam_permit.so | password required pam_unix.so try_first_pass nullok shadow | ||
password optional pam_permit.so | |||
|
|
||
session required pam_limits.so | session required pam_limits.so | ||
session required pam_unix.so | session required pam_unix.so | ||
session optional pam_permit.so | session optional pam_permit.so |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters