summarylogtreecommitdiffstats
path: root/0004-Add-Arch-Linux-defaults-for-etc-pam.d.patch
diff options
context:
space:
mode:
Diffstat (limited to '0004-Add-Arch-Linux-defaults-for-etc-pam.d.patch')
-rw-r--r--0004-Add-Arch-Linux-defaults-for-etc-pam.d.patch201
1 files changed, 201 insertions, 0 deletions
diff --git a/0004-Add-Arch-Linux-defaults-for-etc-pam.d.patch b/0004-Add-Arch-Linux-defaults-for-etc-pam.d.patch
new file mode 100644
index 000000000000..b39284c6ad03
--- /dev/null
+++ b/0004-Add-Arch-Linux-defaults-for-etc-pam.d.patch
@@ -0,0 +1,201 @@
+From 6f1cf7cbe378532b808ca6dc5ec7e5c56d877bbc Mon Sep 17 00:00:00 2001
+From: David Runge <dvzrv@archlinux.org>
+Date: Sat, 5 Nov 2022 22:52:58 +0100
+Subject: [PATCH 4/4] Add Arch Linux defaults for /etc/pam.d/
+
+etc/pam.d/Makefile.am:
+Disable chfn, chsh and login.
+Enable shadow.
+Always install the PAM integration for the account tools (even if they
+are not setuid).
+
+etc/pam.d/{chage,chpasswd,group{add,del,mod},newusers,passwd,shadow,user{add,del,mod}}:
+Add distribution defaults for Arch Linux.
+
+s
+---
+ etc/pam.d/Makefile.am | 7 ++-----
+ etc/pam.d/chage | 6 ++++--
+ etc/pam.d/chpasswd | 6 ++++--
+ etc/pam.d/groupadd | 6 ++++--
+ etc/pam.d/groupdel | 6 ++++--
+ etc/pam.d/groupmod | 6 ++++--
+ etc/pam.d/newusers | 6 ++++--
+ etc/pam.d/passwd | 4 +---
+ etc/pam.d/shadow | 6 ++++++
+ etc/pam.d/useradd | 6 ++++--
+ etc/pam.d/userdel | 6 ++++--
+ etc/pam.d/usermod | 6 ++++--
+ 12 files changed, 45 insertions(+), 26 deletions(-)
+ create mode 100644 etc/pam.d/shadow
+
+diff --git a/etc/pam.d/Makefile.am b/etc/pam.d/Makefile.am
+index 38ff26ae..41e43e01 100644
+--- a/etc/pam.d/Makefile.am
++++ b/etc/pam.d/Makefile.am
+@@ -2,10 +2,8 @@
+ # and also cooperate to make a distribution for `make dist'
+
+ pamd_files = \
+- chfn \
+- chsh \
+ groupmems \
+- login \
++ shadow \
+ passwd
+
+ pamd_acct_tools_files = \
+@@ -23,10 +21,9 @@ pamd_acct_tools_files = \
+ if USE_PAM
+ pamddir = $(sysconfdir)/pam.d
+ pamd_DATA = $(pamd_files)
+-if ACCT_TOOLS_SETUID
++# NOTE: we are always installing the PAM integration for the account tools
+ pamd_DATA += $(pamd_acct_tools_files)
+ endif
+-endif
+
+ if WITH_SU
+ pamd_files += su
+diff --git a/etc/pam.d/chage b/etc/pam.d/chage
+index 8f49f5cc..a7bf8a4a 100644
+--- a/etc/pam.d/chage
++++ b/etc/pam.d/chage
+@@ -1,4 +1,6 @@
+ #%PAM-1.0
+ auth sufficient pam_rootok.so
+-account required pam_permit.so
+-password include system-auth
++auth required pam_unix.so
++account required pam_unix.so
++session required pam_unix.so
++password required pam_permit.so
+diff --git a/etc/pam.d/chpasswd b/etc/pam.d/chpasswd
+index 8f49f5cc..5d447985 100644
+--- a/etc/pam.d/chpasswd
++++ b/etc/pam.d/chpasswd
+@@ -1,4 +1,6 @@
+ #%PAM-1.0
+ auth sufficient pam_rootok.so
+-account required pam_permit.so
+-password include system-auth
++auth required pam_unix.so
++account required pam_unix.so
++session required pam_unix.so
++password required pam_unix.so sha512 shadow
+diff --git a/etc/pam.d/groupadd b/etc/pam.d/groupadd
+index 8f49f5cc..a7bf8a4a 100644
+--- a/etc/pam.d/groupadd
++++ b/etc/pam.d/groupadd
+@@ -1,4 +1,6 @@
+ #%PAM-1.0
+ auth sufficient pam_rootok.so
+-account required pam_permit.so
+-password include system-auth
++auth required pam_unix.so
++account required pam_unix.so
++session required pam_unix.so
++password required pam_permit.so
+diff --git a/etc/pam.d/groupdel b/etc/pam.d/groupdel
+index 8f49f5cc..a7bf8a4a 100644
+--- a/etc/pam.d/groupdel
++++ b/etc/pam.d/groupdel
+@@ -1,4 +1,6 @@
+ #%PAM-1.0
+ auth sufficient pam_rootok.so
+-account required pam_permit.so
+-password include system-auth
++auth required pam_unix.so
++account required pam_unix.so
++session required pam_unix.so
++password required pam_permit.so
+diff --git a/etc/pam.d/groupmod b/etc/pam.d/groupmod
+index 8f49f5cc..a7bf8a4a 100644
+--- a/etc/pam.d/groupmod
++++ b/etc/pam.d/groupmod
+@@ -1,4 +1,6 @@
+ #%PAM-1.0
+ auth sufficient pam_rootok.so
+-account required pam_permit.so
+-password include system-auth
++auth required pam_unix.so
++account required pam_unix.so
++session required pam_unix.so
++password required pam_permit.so
+diff --git a/etc/pam.d/newusers b/etc/pam.d/newusers
+index 8f49f5cc..5d447985 100644
+--- a/etc/pam.d/newusers
++++ b/etc/pam.d/newusers
+@@ -1,4 +1,6 @@
+ #%PAM-1.0
+ auth sufficient pam_rootok.so
+-account required pam_permit.so
+-password include system-auth
++auth required pam_unix.so
++account required pam_unix.so
++session required pam_unix.so
++password required pam_unix.so sha512 shadow
+diff --git a/etc/pam.d/passwd b/etc/pam.d/passwd
+index 731c0d36..08d819b2 100644
+--- a/etc/pam.d/passwd
++++ b/etc/pam.d/passwd
+@@ -1,4 +1,2 @@
+ #%PAM-1.0
+-auth include system-auth
+-account include system-auth
+-password include system-auth
++password required pam_unix.so sha512 shadow nullok
+diff --git a/etc/pam.d/shadow b/etc/pam.d/shadow
+new file mode 100644
+index 00000000..a7bf8a4a
+--- /dev/null
++++ b/etc/pam.d/shadow
+@@ -0,0 +1,6 @@
++#%PAM-1.0
++auth sufficient pam_rootok.so
++auth required pam_unix.so
++account required pam_unix.so
++session required pam_unix.so
++password required pam_permit.so
+diff --git a/etc/pam.d/useradd b/etc/pam.d/useradd
+index 8f49f5cc..a7bf8a4a 100644
+--- a/etc/pam.d/useradd
++++ b/etc/pam.d/useradd
+@@ -1,4 +1,6 @@
+ #%PAM-1.0
+ auth sufficient pam_rootok.so
+-account required pam_permit.so
+-password include system-auth
++auth required pam_unix.so
++account required pam_unix.so
++session required pam_unix.so
++password required pam_permit.so
+diff --git a/etc/pam.d/userdel b/etc/pam.d/userdel
+index 8f49f5cc..a7bf8a4a 100644
+--- a/etc/pam.d/userdel
++++ b/etc/pam.d/userdel
+@@ -1,4 +1,6 @@
+ #%PAM-1.0
+ auth sufficient pam_rootok.so
+-account required pam_permit.so
+-password include system-auth
++auth required pam_unix.so
++account required pam_unix.so
++session required pam_unix.so
++password required pam_permit.so
+diff --git a/etc/pam.d/usermod b/etc/pam.d/usermod
+index 8f49f5cc..a7bf8a4a 100644
+--- a/etc/pam.d/usermod
++++ b/etc/pam.d/usermod
+@@ -1,4 +1,6 @@
+ #%PAM-1.0
+ auth sufficient pam_rootok.so
+-account required pam_permit.so
+-password include system-auth
++auth required pam_unix.so
++account required pam_unix.so
++session required pam_unix.so
++password required pam_permit.so
+--
+2.38.1
+