[Lunar-commits] r14882 - in moonbase/trunk/security: Linux-PAM/pam.d shadow/pam.d

Stefan Wold ratler at lunar-linux.org
Fri May 20 16:03:10 UTC 2005


Author: ratler
Date: 2005-05-20 16:03:07 +0000 (Fri, 20 May 2005)
New Revision: 14882

Modified:
   moonbase/trunk/security/Linux-PAM/pam.d/system-auth
   moonbase/trunk/security/shadow/pam.d/chfn
   moonbase/trunk/security/shadow/pam.d/chsh
   moonbase/trunk/security/shadow/pam.d/groupadd
   moonbase/trunk/security/shadow/pam.d/login
   moonbase/trunk/security/shadow/pam.d/passwd
   moonbase/trunk/security/shadow/pam.d/shadow
   moonbase/trunk/security/shadow/pam.d/su
   moonbase/trunk/security/shadow/pam.d/useradd
Log:
Pretty much rewritten all pam.d files. If changes are needed only edit system-auth and all pam.d files will take advantage of it.


Modified: moonbase/trunk/security/Linux-PAM/pam.d/system-auth
===================================================================
--- moonbase/trunk/security/Linux-PAM/pam.d/system-auth	2005-05-20 15:28:04 UTC (rev 14881)
+++ moonbase/trunk/security/Linux-PAM/pam.d/system-auth	2005-05-20 16:03:07 UTC (rev 14882)
@@ -4,9 +4,11 @@
 auth        required      pam_deny.so
 
 account     required      pam_unix.so
+account     sufficient	  pam_succeed_if.so uid < 100 quiet
+account     required      pam_permit.so
 
-password    required      pam_cracklib.so retry=3 type=
-password    sufficient    pam_unix.so nullok use_authok md5 shadow
+password    requisite     pam_cracklib.so retry=3
+password    sufficient    pam_unix.so nullok use_authtok md5 shadow
 password    required      pam_deny.so
 
 session     required      pam_limits.so

Modified: moonbase/trunk/security/shadow/pam.d/chfn
===================================================================
--- moonbase/trunk/security/shadow/pam.d/chfn	2005-05-20 15:28:04 UTC (rev 14881)
+++ moonbase/trunk/security/shadow/pam.d/chfn	2005-05-20 16:03:07 UTC (rev 14882)
@@ -1,7 +1,8 @@
 #
 # The PAM configuration file for the `chfn' service
 #
-auth     required  pam_unix.so nullok
-account  required  pam_unix.so
-session  required  pam_unix.so
-password required  pam_cracklib.so retry=3 type=Lunar
+auth		sufficient	pam_rootok.so
+auth		required	pam_stack.so service=system-auth
+account		required	pam_stack.so service=system-auth
+password	required	pam_stack.so service=system-auth
+session		required	pam_stack.so service=system-auth

Modified: moonbase/trunk/security/shadow/pam.d/chsh
===================================================================
--- moonbase/trunk/security/shadow/pam.d/chsh	2005-05-20 15:28:04 UTC (rev 14881)
+++ moonbase/trunk/security/shadow/pam.d/chsh	2005-05-20 16:03:07 UTC (rev 14882)
@@ -1,8 +1,8 @@
 #
 # The PAM configuration file for the `chsh' service
 #
-auth      required pam_unix.so nullok
-account   required pam_unix.so
-session   required pam_unix.so
-password  required pam_cracklib.so retry=3 type=Lunar
-password  required pam_unix.so shadow md5 use_authtok
+auth		sufficient	pam_rootok.so
+auth		required	pam_stack.so service=system-auth
+account		required	pam_stack.so service=system-auth
+password	required	pam_stack.so service=system-auth
+session		required	pam_stack.so service=system-auth

Modified: moonbase/trunk/security/shadow/pam.d/groupadd
===================================================================
--- moonbase/trunk/security/shadow/pam.d/groupadd	2005-05-20 15:28:04 UTC (rev 14881)
+++ moonbase/trunk/security/shadow/pam.d/groupadd	2005-05-20 16:03:07 UTC (rev 14882)
@@ -1,7 +1,8 @@
 #
 # The PAM configuration file for the `groupadd' service
 #
-auth     sufficient pam_rootok.so
-auth     required   pam_unix_auth.so
-account  required   pam_unix.so
-password required   pam_permit.so
+auth		sufficient	pam_rootok.so
+auth		required	pam_stack.so service=system-auth
+account		required	pam_stack.so service=system-auth
+session		required	pam_stack.so service=system-auth
+password	required	pam_permit.so

Modified: moonbase/trunk/security/shadow/pam.d/login
===================================================================
--- moonbase/trunk/security/shadow/pam.d/login	2005-05-20 15:28:04 UTC (rev 14881)
+++ moonbase/trunk/security/shadow/pam.d/login	2005-05-20 16:03:07 UTC (rev 14882)
@@ -1,11 +1,10 @@
 #
 # The PAM configuration file for the `login' service
 #
-auth      requisite pam_securetty.so
-auth      required  pam_unix.so
-auth      optional  pam_group.so
-account   requisite pam_time.so
-account   required  pam_unix.so
-password  required  pam_cracklib.so retry=3 type=Lunar
-password  required  pam_unix.so shadow md5 use_authtok
-session   required  pam_unix.so
+auth		required	pam_securetty.so
+auth		required	pam_stack.so service=system-auth
+auth		required	pam_nologin.so
+account		required	pam_stack.so service=system-auth
+password	required	pam_stack.so service=system-auth
+session		required	pam_stack.so service=system-auth
+session		optional	pam_console.so

Modified: moonbase/trunk/security/shadow/pam.d/passwd
===================================================================
--- moonbase/trunk/security/shadow/pam.d/passwd	2005-05-20 15:28:04 UTC (rev 14881)
+++ moonbase/trunk/security/shadow/pam.d/passwd	2005-05-20 16:03:07 UTC (rev 14882)
@@ -1,5 +1,6 @@
 #
 # The PAM configuration file for the `passwd' service
 #
-password  requisite  pam_cracklib.so retry=3 type=Lunar
-password  required   pam_unix.so     shadow   md5 use_authtok
+auth		required	pam_stack.so service=system-auth
+account		required	pam_stack.so service=system-auth
+password	required	pam_stack.so service=system-auth

Modified: moonbase/trunk/security/shadow/pam.d/shadow
===================================================================
--- moonbase/trunk/security/shadow/pam.d/shadow	2005-05-20 15:28:04 UTC (rev 14881)
+++ moonbase/trunk/security/shadow/pam.d/shadow	2005-05-20 16:03:07 UTC (rev 14882)
@@ -1,7 +1,8 @@
 #
 # The PAM configuration file for the `shadow' service
 #
-auth      sufficient pam_rootok.so
-auth      required   pam_unix_auth.so
-account   required   pam_unix.so
-password  required   pam_permit.so
+auth		sufficient 	pam_rootok.so
+auth		required	pam_stack.so service=system-auth
+account		required	pam_stack.so service=system-auth
+session		required	pam_stack.so service=system-auth
+password	required	pam_stack.so service=system-auth

Modified: moonbase/trunk/security/shadow/pam.d/su
===================================================================
--- moonbase/trunk/security/shadow/pam.d/su	2005-05-20 15:28:04 UTC (rev 14881)
+++ moonbase/trunk/security/shadow/pam.d/su	2005-05-20 16:03:07 UTC (rev 14882)
@@ -1,8 +1,12 @@
 #
 # The PAM configuration file for the `su' service
 #
-# auth		required	pam_wheel.so
-auth    sufficient pam_rootok.so
-auth    required   pam_unix.so
-account required   pam_unix.so
-session required   pam_unix.so
+auth		sufficient	pam_rootok.so
+# Uncomment the following row if a user is required to be in wheel group
+# auth		required	pam_wheel.so use_uid
+auth		required	pam_stack.so service=system-auth
+account		required	pam_stack.so service=system-auth
+password	required	pam_stack.so service=system-auth
+session		required	pam_stack.so service=system-auth
+session		optional	pam_xauth.so
+

Modified: moonbase/trunk/security/shadow/pam.d/useradd
===================================================================
--- moonbase/trunk/security/shadow/pam.d/useradd	2005-05-20 15:28:04 UTC (rev 14881)
+++ moonbase/trunk/security/shadow/pam.d/useradd	2005-05-20 16:03:07 UTC (rev 14882)
@@ -1,7 +1,8 @@
 #
 # The PAM configuration file for the `useradd' service
 #
-auth     sufficient pam_rootok.so
-auth     required   pam_unix_auth.so
-account  required   pam_unix.so
-password required   pam_permit.so
+auth		sufficient	pam_rootok.so
+auth		required	pam_stack.so service=system-auth
+account		required	pam_stack.so service=system-auth
+session		required	pam_stack.so service=system-auth
+password	required	pam_permit.so



More information about the Lunar-commits mailing list