Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
View | Details | Raw Unified | Return to bug 726050
Collapse All | Expand All

(-)a/pambase.py (-1 / +6 lines)
Lines 19-24 def main(): Link Here
19 
    parser.add_argument('--mktemp', action="store_true", help='enable pam_mktemp.so module')
 19 
    parser.add_argument('--mktemp', action="store_true", help='enable pam_mktemp.so module')
20 
    parser.add_argument('--pam-ssh', action="store_true", help='enable pam_ssh.so module')
 20 
    parser.add_argument('--pam-ssh', action="store_true", help='enable pam_ssh.so module')
21 
    parser.add_argument('--securetty', action="store_true", help='enable pam_securetty.so module')
 21 
    parser.add_argument('--securetty', action="store_true", help='enable pam_securetty.so module')
22 
    parser.add_argument('--sssd', action="store_true", help='enable sssd.so module')
22 
    parser.add_argument('--yescrypt', action="store_true", help='enable yescrypt option for pam_unix.so module')
 23 
    parser.add_argument('--yescrypt', action="store_true", help='enable yescrypt option for pam_unix.so module')
23 
    parser.add_argument('--sha512', action="store_true", help='enable sha512 option for pam_unix.so module')
 24 
    parser.add_argument('--sha512', action="store_true", help='enable sha512 option for pam_unix.so module')
24 
    parser.add_argument('--krb5', action="store_true", help='enable pam_krb5.so module')
 25 
    parser.add_argument('--krb5', action="store_true", help='enable pam_krb5.so module')
Lines 41-47 def process_args(args): Link Here
41 
        "unix_authtok",
 42 
        "unix_authtok",
42 
        "unix_extended_encryption",
 43 
        "unix_extended_encryption",
43 
        "likeauth",
 44 
        "likeauth",
44 
        "nullok"
 45 
        "nullok",
46 
        "local_users_only"
45 
    ]
 47 
    ]
46 

          48
          

        

        

          47
          
    # create a blank dictionary

          49
          
    # create a blank dictionary

        

  

    
      
            Lines 62-67
          def process_args(args):
      
      
        Link Here
      
    
  

        

          62
          
    if args.krb5:

          64
          
    if args.krb5:

        

        

          63
          
        output["krb5_params"] = "{0} ignore_root try_first_pass".format("debug").strip()

          65
          
        output["krb5_params"] = "{0} ignore_root try_first_pass".format("debug").strip()

        

        

          64
          

          66
          

        

            

              
              
              67
              
    if args.sssd:

            

            

              68
              
        output["local_users_only"] = "local_users_only"

            

            

              69
              

            

        

          65
          
    if args.yescrypt:

          70
          
    if args.yescrypt:

        

        

          66
          
        output["unix_extended_encryption"] = "yescrypt shadow"

          71
          
        output["unix_extended_encryption"] = "yescrypt shadow"

        

        

          67
          
    elif args.sha512:

          72
          
    elif args.sha512:

        



(-)a/templates/system-auth.tpl
      (-6 / +32 lines)




  

    
      
            Lines 7-40
          auth		sufficient	pam_ssh.so
      
      
        Link Here
      
    
  

        

          7
          
auth		[success={{ 4 if homed else 3 }} default=ignore]      pam_krb5.so {{ krb5_params }}

          7
          
auth		[success={{ 4 if homed else 3 }} default=ignore]      pam_krb5.so {{ krb5_params }}

        

        

          8
          
{% endif %}

          8
          
{% endif %}

        

        

          9
          

          9
          

        

            

              
              
              10
              
{% if sssd %}

            

            

              11
              
auth		[default=1 ignore=ignore success=ok]	pam_usertype.so isregular

            

            

              12
              
auth		[default=3 ignore=ignore success=ok]	pam_localuser.so

            

            

              13
              
{% endif %}

            

            

              14
              

            

        

          10
          
auth		requisite	pam_faillock.so preauth

          15
          
auth		requisite	pam_faillock.so preauth

        

            

              
              
              16
              

            

        

          11
          
{% if homed %}

          17
          
{% if homed %}

        

        

          12
          
auth            [success=2 default=ignore]      pam_systemd_home.so

          18
          
auth            [success=2 default=ignore]      pam_systemd_home.so

        

        

          13
          
{% endif %}

          19
          
{% endif %}

        

            

              
              
              20
              

            

            

              21
              
{% if sssd %}

            

            

              22
              
auth            sufficient    pam_unix.so {{ nullok|default('', true) }} {{ debug|default('', true) }}

            

            

              23
              
{% else %}

            

        

          14
          
auth            [success=1 default=ignore]      pam_unix.so {{ nullok|default('', true) }} {{ debug|default('', true) }} try_first_pass

          24
          
auth            [success=1 default=ignore]      pam_unix.so {{ nullok|default('', true) }} {{ debug|default('', true) }} try_first_pass

        

            

              
              
              25
              
{% endif %}

            

        

          15
          
auth		[default=die]	pam_faillock.so authfail

          26
          
auth		[default=die]	pam_faillock.so authfail

        

          
            

              16
              


              27
              
{% if sssd %}

            

            

              
              

              28
              
auth		sufficient	pam_sss.so forward_pass {{ debug|default('', true) }}

            

            


              29
              
{% endif %}

            

        

          17
          
{% if caps %}

          30
          
{% if caps %}

        

        

          18
          
auth		optional	pam_cap.so

          31
          
auth		optional	pam_cap.so

        

        

          19
          
{% endif %}

          32
          
{% endif %}

        

          
            

              20
              


              33
              
{% if sssd %}

            

            

              
              

              34
              
auth		sufficient	pam_deny.so

            

            


              35
              
{% endif %}

            

        

          21
          
{% if krb5 %}

          36
          
{% if krb5 %}

        

        

          22
          
account		[success=2 default=ignore]	pam_krb5.so {{ krb5_params }}

          37
          
account		[success=2 default=ignore]	pam_krb5.so {{ krb5_params }}

        

        

          23
          
{% endif %}

          38
          
{% endif %}

        

        

          24
          

          39
          

        

        

          25
          
{% if homed %}

          40
          
{% if homed %}

        

          
            

              26
              
account         [success=1 default=ignore]      pam_systemd_home.so


              41
              
account         [success={{ 2 if sssd else 1 }} default=ignore]      pam_systemd_home.so

            

        

          27
          
{% endif %}

          42
          
{% endif %}

        

        

          28
          

          43
          

        

        

          29
          
account		required	pam_unix.so {{ debug|default('', true) }}

          44
          
account		required	pam_unix.so {{ debug|default('', true) }}

        

        

          30
          
account         required        pam_faillock.so

          45
          
account         required        pam_faillock.so

        

            

              
              
              46
              
{% if sssd %}

            

            

              47
              
account		sufficient	pam_localuser.so

            

            

              48
              
account		sufficient	pam_usertype.so issystem

            

            

              49
              
account		[default=bad success=ok user_unknown=ignore] pam_sss.so {{ debug|default('', true) }}

            

            

              50
              
account		required	pam_permit.so

            

            

              51
              
{% endif %}

            

        

          31
          

          52
          

        

        

          32
          
{% if passwdqc %}

          53
          
{% if passwdqc %}

        

        

          33
          
password	required	pam_passwdqc.so config=/etc/security/passwdqc.conf

          54
          
password	required	pam_passwdqc.so config=/etc/security/passwdqc.conf

        

        

          34
          
{% endif %}

          55
          
{% endif %}

        

        

          35
          

          56
          

        

        

          36
          
{% if pwquality %}

          57
          
{% if pwquality %}

        

          
            

              37
              
password        required        pam_pwquality.so


              58
              
password        required        pam_pwquality.so {{ local_users_only|default('', true ) }}

            

        

          38
          
{% endif %}

          59
          
{% endif %}

        

        

          39
          

          60
          

        

        

          40
          
{% if pwhistory %}

          61
          
{% if pwhistory %}

        

  

    
      
            Lines 50-58
          password        [success=1 default=ignore]      pam_systemd_home.so
      
      
        Link Here
      
    
  

        

          50
          
{% endif %}

          71
          
{% endif %}

        

        

          51
          

          72
          

        

        

          52
          
{% if passwdqc or pwquality %}

          73
          
{% if passwdqc or pwquality %}

        

          
            

              53
              
password	required	pam_unix.so try_first_pass {{ unix_authtok|default('', true) }} {{ nullok|default('', true) }} {{ unix_extended_encryption|default('', true) }} {{ debug|default('', true) }}


              74
              
password	{{ 'sufficient' if sssd else 'required' }}	pam_unix.so try_first_pass {{ unix_authtok|default('', true) }} {{ nullok|default('', true) }} {{ unix_extended_encryption|default('', true) }} {{ debug|default('', true) }}

            

        

          54
          
{% else %}

          75
          
{% else %}

        

          
            

              55
              
password        required        pam_unix.so try_first_pass {{ nullok|default('', true) }} {{ unix_extended_encryption|default('', true) }} {{ debug|default('', true) }}


              76
              
password        {{ 'sufficient' if sssd else 'required' }}        pam_unix.so try_first_pass {{ nullok|default('', true) }} {{ unix_extended_encryption|default('', true) }} {{ debug|default('', true) }}

            

            

              
              

              77
              
{% endif %}

            

            


              78
              

            

            


              79
              
{% if sssd %}

            

            


              80
              
password	sufficient	pam_sss.so use_authtok

            

            


              81
              
password	required	pam_deny.so

            

        

          56
          
{% endif %}

          82
          
{% endif %}

        

        

          57
          

          83
          

        

        

          58
          
{% if pam_ssh %}

          84
          
{% if pam_ssh %}

        



(-)a/templates/system-session.tpl
      (-1 / +4 lines)




  

    
      
            Lines 13-15
          session         [success=1 default=ignore]      pam_systemd_home.so
      
      
        Link Here
      
    
  

        

          13
          
{% endif %}

          13
          
{% endif %}

        

        

          14
          

          14
          

        

        

          15
          
session		required	pam_unix.so {{ debug|default('', true) }}

          15
          
session		required	pam_unix.so {{ debug|default('', true) }}

        

          
            

              16
              
- 


              16
              

            

            

              
              

              17
              
{% if sssd %}

            

            


              18
              
session		optional	pam_sss.so {{ debug|default('', true) }}

            

            


              19
              
{% endif %}

            






  

  Return to bug 726050