diff options
author | Amish | 2018-10-12 17:57:26 +0530 |
---|---|---|
committer | Amish | 2018-10-12 18:08:07 +0530 |
commit | b8413316f8e5b434044160d01c4f15c9dcc408f3 (patch) | |
tree | dbb79e6bc7e96ee5341f8905f7b60655e457e6de | |
parent | 6dd93d2e8eee616d6e299d96c27cac4ff350abcb (diff) | |
download | aur-b8413316f8e5b434044160d01c4f15c9dcc408f3.tar.gz |
Improve PAM service file to use Arch Linux system-remote-login
-rw-r--r-- | .SRCINFO | 5 | ||||
-rw-r--r-- | PKGBUILD | 26 | ||||
-rw-r--r-- | php | 17 |
3 files changed, 21 insertions, 27 deletions
@@ -1,7 +1,7 @@ pkgbase = php-pam pkgdesc = This extension provides PAM (Pluggable Authentication Modules) integration in PHP. pkgver = 2.1.0 - pkgrel = 1 + pkgrel = 2 url = https://github.com/amishmm/php-pam arch = i686 arch = x86_64 @@ -10,10 +10,9 @@ pkgbase = php-pam depends = php>=7.2.0 depends = pam depends = php-pear + backup = etc/pam.d/php source = php-pam-2.1.0.tar.gz::https://github.com/amishmm/php-pam/archive/v2.1.0.tar.gz - source = php md5sums = 0182234a17611e79f537c0b16927fe8e - md5sums = 5fb207f61ff94b0cc7a2dcc1e3c1c388 pkgname = php-pam @@ -3,17 +3,16 @@ pkgname=php-pam pkgver=2.1.0 -pkgrel=1 +pkgrel=2 pkgdesc="This extension provides PAM (Pluggable Authentication Modules) integration in PHP." arch=('i686' 'x86_64') url="https://github.com/amishmm/php-pam" license=('PHP') depends=('php>=7.2.0' 'pam' 'php-pear') makedepends=('autoconf') -#install=php-pam.install -source=("${pkgname}-${pkgver}.tar.gz::https://github.com/amishmm/${pkgname}/archive/v${pkgver}.tar.gz" php) -md5sums=('0182234a17611e79f537c0b16927fe8e' - '5fb207f61ff94b0cc7a2dcc1e3c1c388') +source=("${pkgname}-${pkgver}.tar.gz::https://github.com/amishmm/${pkgname}/archive/v${pkgver}.tar.gz") +md5sums=('0182234a17611e79f537c0b16927fe8e') +backup=('etc/pam.d/php') build() { cd "${pkgname}-${pkgver}" @@ -25,7 +24,20 @@ build() { package() { cd "${pkgname}-${pkgver}" make INSTALL_ROOT="${pkgdir}" install - echo -e "extension=pam.so;\npam.servicename=\"php\";" | \ + + echo -e "extension=pam.so;\npam.servicename=\"php\";\npam.force_servicename=0;" | \ install -Dm644 /dev/stdin "${pkgdir}/etc/php/conf.d/pam.ini" - install -Dm644 "${srcdir}/php" ${pkgdir}/etc/pam.d/php + + # use archlinux's own system-remote-login as PAM service + # because that is expected to be well tested for security + # and all future modifications will also automatically apply + # NOTE: content copied from /etc/pam.d/sshd + install -Dm644 /dev/stdin "${pkgdir}/etc/pam.d/php" << 'EOF' +#%PAM-1.0 +#auth required pam_securetty.so #disable remote root +auth include system-remote-login +account include system-remote-login +password include system-remote-login +session include system-remote-login +EOF } diff --git a/php b/php deleted file mode 100644 index f1feae4d01fd..000000000000 --- a/php +++ /dev/null @@ -1,17 +0,0 @@ -#%PAM-1.0 -auth required pam_securetty.so -auth requisite pam_nologin.so -auth required pam_unix.so nullok -auth required pam_tally.so onerr=succeed file=/var/log/faillog -# use this to lockout accounts for 10 minutes after 3 failed attempts -#auth required pam_tally.so deny=2 unlock_time=600 onerr=succeed file=/var/log/faillog -account required pam_access.so -account required pam_time.so -account required pam_unix.so -session required pam_unix.so -session required pam_env.so -session required pam_motd.so -session required pam_limits.so -session optional pam_lastlog.so -session optional pam_loginuid.so - |