[Lunar-commits] r14882 - in moonbase/trunk/security: Linux-PAM/pam.d shadow/pam.d
Stefan Wold
ratler at lunar-linux.org
Fri May 20 16:03:10 UTC 2005
Author: ratler
Date: 2005-05-20 16:03:07 +0000 (Fri, 20 May 2005)
New Revision: 14882
Modified:
moonbase/trunk/security/Linux-PAM/pam.d/system-auth
moonbase/trunk/security/shadow/pam.d/chfn
moonbase/trunk/security/shadow/pam.d/chsh
moonbase/trunk/security/shadow/pam.d/groupadd
moonbase/trunk/security/shadow/pam.d/login
moonbase/trunk/security/shadow/pam.d/passwd
moonbase/trunk/security/shadow/pam.d/shadow
moonbase/trunk/security/shadow/pam.d/su
moonbase/trunk/security/shadow/pam.d/useradd
Log:
Pretty much rewritten all pam.d files. If changes are needed only edit system-auth and all pam.d files will take advantage of it.
Modified: moonbase/trunk/security/Linux-PAM/pam.d/system-auth
===================================================================
--- moonbase/trunk/security/Linux-PAM/pam.d/system-auth 2005-05-20 15:28:04 UTC (rev 14881)
+++ moonbase/trunk/security/Linux-PAM/pam.d/system-auth 2005-05-20 16:03:07 UTC (rev 14882)
@@ -4,9 +4,11 @@
auth required pam_deny.so
account required pam_unix.so
+account sufficient pam_succeed_if.so uid < 100 quiet
+account required pam_permit.so
-password required pam_cracklib.so retry=3 type=
-password sufficient pam_unix.so nullok use_authok md5 shadow
+password requisite pam_cracklib.so retry=3
+password sufficient pam_unix.so nullok use_authtok md5 shadow
password required pam_deny.so
session required pam_limits.so
Modified: moonbase/trunk/security/shadow/pam.d/chfn
===================================================================
--- moonbase/trunk/security/shadow/pam.d/chfn 2005-05-20 15:28:04 UTC (rev 14881)
+++ moonbase/trunk/security/shadow/pam.d/chfn 2005-05-20 16:03:07 UTC (rev 14882)
@@ -1,7 +1,8 @@
#
# The PAM configuration file for the `chfn' service
#
-auth required pam_unix.so nullok
-account required pam_unix.so
-session required pam_unix.so
-password required pam_cracklib.so retry=3 type=Lunar
+auth sufficient pam_rootok.so
+auth required pam_stack.so service=system-auth
+account required pam_stack.so service=system-auth
+password required pam_stack.so service=system-auth
+session required pam_stack.so service=system-auth
Modified: moonbase/trunk/security/shadow/pam.d/chsh
===================================================================
--- moonbase/trunk/security/shadow/pam.d/chsh 2005-05-20 15:28:04 UTC (rev 14881)
+++ moonbase/trunk/security/shadow/pam.d/chsh 2005-05-20 16:03:07 UTC (rev 14882)
@@ -1,8 +1,8 @@
#
# The PAM configuration file for the `chsh' service
#
-auth required pam_unix.so nullok
-account required pam_unix.so
-session required pam_unix.so
-password required pam_cracklib.so retry=3 type=Lunar
-password required pam_unix.so shadow md5 use_authtok
+auth sufficient pam_rootok.so
+auth required pam_stack.so service=system-auth
+account required pam_stack.so service=system-auth
+password required pam_stack.so service=system-auth
+session required pam_stack.so service=system-auth
Modified: moonbase/trunk/security/shadow/pam.d/groupadd
===================================================================
--- moonbase/trunk/security/shadow/pam.d/groupadd 2005-05-20 15:28:04 UTC (rev 14881)
+++ moonbase/trunk/security/shadow/pam.d/groupadd 2005-05-20 16:03:07 UTC (rev 14882)
@@ -1,7 +1,8 @@
#
# The PAM configuration file for the `groupadd' service
#
-auth sufficient pam_rootok.so
-auth required pam_unix_auth.so
-account required pam_unix.so
-password required pam_permit.so
+auth sufficient pam_rootok.so
+auth required pam_stack.so service=system-auth
+account required pam_stack.so service=system-auth
+session required pam_stack.so service=system-auth
+password required pam_permit.so
Modified: moonbase/trunk/security/shadow/pam.d/login
===================================================================
--- moonbase/trunk/security/shadow/pam.d/login 2005-05-20 15:28:04 UTC (rev 14881)
+++ moonbase/trunk/security/shadow/pam.d/login 2005-05-20 16:03:07 UTC (rev 14882)
@@ -1,11 +1,10 @@
#
# The PAM configuration file for the `login' service
#
-auth requisite pam_securetty.so
-auth required pam_unix.so
-auth optional pam_group.so
-account requisite pam_time.so
-account required pam_unix.so
-password required pam_cracklib.so retry=3 type=Lunar
-password required pam_unix.so shadow md5 use_authtok
-session required pam_unix.so
+auth required pam_securetty.so
+auth required pam_stack.so service=system-auth
+auth required pam_nologin.so
+account required pam_stack.so service=system-auth
+password required pam_stack.so service=system-auth
+session required pam_stack.so service=system-auth
+session optional pam_console.so
Modified: moonbase/trunk/security/shadow/pam.d/passwd
===================================================================
--- moonbase/trunk/security/shadow/pam.d/passwd 2005-05-20 15:28:04 UTC (rev 14881)
+++ moonbase/trunk/security/shadow/pam.d/passwd 2005-05-20 16:03:07 UTC (rev 14882)
@@ -1,5 +1,6 @@
#
# The PAM configuration file for the `passwd' service
#
-password requisite pam_cracklib.so retry=3 type=Lunar
-password required pam_unix.so shadow md5 use_authtok
+auth required pam_stack.so service=system-auth
+account required pam_stack.so service=system-auth
+password required pam_stack.so service=system-auth
Modified: moonbase/trunk/security/shadow/pam.d/shadow
===================================================================
--- moonbase/trunk/security/shadow/pam.d/shadow 2005-05-20 15:28:04 UTC (rev 14881)
+++ moonbase/trunk/security/shadow/pam.d/shadow 2005-05-20 16:03:07 UTC (rev 14882)
@@ -1,7 +1,8 @@
#
# The PAM configuration file for the `shadow' service
#
-auth sufficient pam_rootok.so
-auth required pam_unix_auth.so
-account required pam_unix.so
-password required pam_permit.so
+auth sufficient pam_rootok.so
+auth required pam_stack.so service=system-auth
+account required pam_stack.so service=system-auth
+session required pam_stack.so service=system-auth
+password required pam_stack.so service=system-auth
Modified: moonbase/trunk/security/shadow/pam.d/su
===================================================================
--- moonbase/trunk/security/shadow/pam.d/su 2005-05-20 15:28:04 UTC (rev 14881)
+++ moonbase/trunk/security/shadow/pam.d/su 2005-05-20 16:03:07 UTC (rev 14882)
@@ -1,8 +1,12 @@
#
# The PAM configuration file for the `su' service
#
-# auth required pam_wheel.so
-auth sufficient pam_rootok.so
-auth required pam_unix.so
-account required pam_unix.so
-session required pam_unix.so
+auth sufficient pam_rootok.so
+# Uncomment the following row if a user is required to be in wheel group
+# auth required pam_wheel.so use_uid
+auth required pam_stack.so service=system-auth
+account required pam_stack.so service=system-auth
+password required pam_stack.so service=system-auth
+session required pam_stack.so service=system-auth
+session optional pam_xauth.so
+
Modified: moonbase/trunk/security/shadow/pam.d/useradd
===================================================================
--- moonbase/trunk/security/shadow/pam.d/useradd 2005-05-20 15:28:04 UTC (rev 14881)
+++ moonbase/trunk/security/shadow/pam.d/useradd 2005-05-20 16:03:07 UTC (rev 14882)
@@ -1,7 +1,8 @@
#
# The PAM configuration file for the `useradd' service
#
-auth sufficient pam_rootok.so
-auth required pam_unix_auth.so
-account required pam_unix.so
-password required pam_permit.so
+auth sufficient pam_rootok.so
+auth required pam_stack.so service=system-auth
+account required pam_stack.so service=system-auth
+session required pam_stack.so service=system-auth
+password required pam_permit.so
More information about the Lunar-commits
mailing list