Fix shadow pam conf file.
authorRonan Le Martret <ronan@fridu.net>
Tue, 17 Jun 2014 12:46:05 +0000 (14:46 +0200)
committerRonan Le Martret <ronan@fridu.net>
Tue, 17 Jun 2014 12:46:05 +0000 (14:46 +0200)
Change-Id: Ifb742d915566eefd9677cd57bc4708e1173fc200
Signed-off-by: Ronan Le Martret <ronan@fridu.net>
recipes-extended/shadow/files/pam.d/chage [new file with mode: 0644]
recipes-extended/shadow/files/pam.d/chfn [new file with mode: 0644]
recipes-extended/shadow/files/pam.d/chsh [new file with mode: 0644]
recipes-extended/shadow/files/pam.d/login [new file with mode: 0644]
recipes-extended/shadow/files/pam.d/passwd [new file with mode: 0644]
recipes-extended/shadow/files/pam.d/remote [new file with mode: 0644]
recipes-extended/shadow/files/pam.d/shadow [new file with mode: 0644]
recipes-extended/shadow/files/pam.d/su [new file with mode: 0644]
recipes-extended/shadow/files/pam.d/su-l [new file with mode: 0644]
recipes-extended/shadow/files/pam.d/useradd [new file with mode: 0644]
recipes-extended/shadow/shadow_4.1.4.3.bbappend [new file with mode: 0644]

diff --git a/recipes-extended/shadow/files/pam.d/chage b/recipes-extended/shadow/files/pam.d/chage
new file mode 100644 (file)
index 0000000..bee48fa
--- /dev/null
@@ -0,0 +1,6 @@
+#%PAM-1.0
+auth     sufficient    pam_rootok.so
+auth    include        system-auth
+account         include        system-auth
+password include       system-auth
+session         include        system-auth
diff --git a/recipes-extended/shadow/files/pam.d/chfn b/recipes-extended/shadow/files/pam.d/chfn
new file mode 100644 (file)
index 0000000..59df52f
--- /dev/null
@@ -0,0 +1,8 @@
+#%PAM-1.0
+# For chfn command
+auth     sufficient    pam_rootok.so
+auth     include        system-auth
+account  include        system-auth
+password include        system-auth
+session  include        system-auth
+
diff --git a/recipes-extended/shadow/files/pam.d/chsh b/recipes-extended/shadow/files/pam.d/chsh
new file mode 100644 (file)
index 0000000..2e54acc
--- /dev/null
@@ -0,0 +1,8 @@
+#%PAM-1.0
+# For chsh command
+auth     sufficient    pam_rootok.so
+auth     include        system-auth
+account  include        system-auth
+password include        system-auth
+session  include        system-auth
+
diff --git a/recipes-extended/shadow/files/pam.d/login b/recipes-extended/shadow/files/pam.d/login
new file mode 100644 (file)
index 0000000..7f83376
--- /dev/null
@@ -0,0 +1,12 @@
+#%PAM-1.0
+auth     requisite      pam_nologin.so
+auth            [user_unknown=ignore success=ok ignore=ignore default=bad] pam_securetty.so
+auth            include         system-auth
+account         required        pam_nologin.so
+account         include         system-auth
+password        include         system-auth
+
+session         include         system-auth
+session         required        pam_loginuid.so
+session         required        pam_namespace.so
+session         optional        pam_keyinit.so force revoke
diff --git a/recipes-extended/shadow/files/pam.d/passwd b/recipes-extended/shadow/files/pam.d/passwd
new file mode 100644 (file)
index 0000000..6d1bce6
--- /dev/null
@@ -0,0 +1,5 @@
+#%PAM-1.0
+auth    include        system-auth
+account  include       system-auth
+password include       system-auth
+session         include        system-auth
diff --git a/recipes-extended/shadow/files/pam.d/remote b/recipes-extended/shadow/files/pam.d/remote
new file mode 100644 (file)
index 0000000..4786d56
--- /dev/null
@@ -0,0 +1,12 @@
+#%PAM-1.0
+# This file is used by /bin/login in case of remote logins (means where
+# the -h option is used
+auth    requisite      pam_nologin.so
+auth    [user_unknown=ignore success=ok ignore=ignore auth_err=die default=bad]        pam_securetty.so
+auth    include        system-auth
+account  include       system-auth
+password include       system-auth
+session  required      pam_loginuid.so
+session         include        system-auth
+session  optional       pam_lastlog.so nowtmp showfailed
+session  optional       pam_mail.so standard
diff --git a/recipes-extended/shadow/files/pam.d/shadow b/recipes-extended/shadow/files/pam.d/shadow
new file mode 100644 (file)
index 0000000..343efad
--- /dev/null
@@ -0,0 +1,7 @@
+#%PAM-1.0
+auth     sufficient    pam_rootok.so
+auth     required      pam_permit.so
+account  required      pam_permit.so
+#password required     pam_make.so     /var/yp
+password required      pam_permit.so
+session  required      pam_deny.so
diff --git a/recipes-extended/shadow/files/pam.d/su b/recipes-extended/shadow/files/pam.d/su
new file mode 100644 (file)
index 0000000..475f0a1
--- /dev/null
@@ -0,0 +1,8 @@
+#%PAM-1.0
+auth     sufficient     pam_rootok.so
+auth     include        system-auth
+account         sufficient     pam_rootok.so
+account  include        system-auth
+password include        system-auth
+session  include        system-auth
+session  optional       pam_xauth.so
diff --git a/recipes-extended/shadow/files/pam.d/su-l b/recipes-extended/shadow/files/pam.d/su-l
new file mode 100644 (file)
index 0000000..475f0a1
--- /dev/null
@@ -0,0 +1,8 @@
+#%PAM-1.0
+auth     sufficient     pam_rootok.so
+auth     include        system-auth
+account         sufficient     pam_rootok.so
+account  include        system-auth
+password include        system-auth
+session  include        system-auth
+session  optional       pam_xauth.so
diff --git a/recipes-extended/shadow/files/pam.d/useradd b/recipes-extended/shadow/files/pam.d/useradd
new file mode 100644 (file)
index 0000000..76c6c8a
--- /dev/null
@@ -0,0 +1,6 @@
+#%PAM-1.0
+auth     sufficient    pam_rootok.so
+auth     required      pam_permit.so
+account  required      pam_permit.so
+password required      pam_permit.so
+session  required      pam_permit.so
diff --git a/recipes-extended/shadow/shadow_4.1.4.3.bbappend b/recipes-extended/shadow/shadow_4.1.4.3.bbappend
new file mode 100644 (file)
index 0000000..77ad159
--- /dev/null
@@ -0,0 +1,18 @@
+FILESEXTRAPATHS_prepend := "${THISDIR}/files:"
+
+
+# Additional Policy files for PAM from pwdutils
+PAM_SRC_URI = "file://pam.d/chage \
+               file://pam.d/chfn \
+               file://pam.d/chsh \
+               file://pam.d/passwd \
+               file://pam.d/shadow \
+               file://pam.d/useradd \
+              "
+
+# Additional Policy files for PAM from util-linux
+PAM_SRC_URI += "file://pam.d/login \
+                file://pam.d/remote \
+                file://pam.d/su \
+                file://pam.d/su-l \
+               "