enable use of pam with sshd

Change-Id: I8641465164b0ecd9cc1d9b0edbf5fd2b29ef51ca
Signed-off-by: William Douglas <william.douglas@intel.com>

diff --git a/packaging/openssh.spec b/packaging/openssh.spec
index f079787..a5007a6 100644 (file)
--- a/packaging/openssh.spec
+++ b/packaging/openssh.spec
@@ -12,6 +12,7 @@ Source5:        sshd@.service
 Source6:        sshd.socket
 Source7:        sshd-keygen.service
 Source8:        sshd-keygen
+Source9:        sshd.pam
 Source1001:     openssh.manifest
 
 Patch0:         0001-customize-configuration.patch
@@ -34,6 +35,8 @@ BuildRequires:  xauth
 BuildRequires:  zlib-devel
 BuildRequires:  pkgconfig(ncurses)
 BuildRequires:  pkgconfig(openssl)
+BuildRequires:  pam-devel
+
 
 %package clients
 Summary:        The OpenSSH client applications
@@ -103,6 +106,7 @@ LDFLAGS="$LDFLAGS -pie"; export LDFLAGS
        --disable-strip \
        --without-zlib-version-check \
        --with-nss \
+        --with-pam \
        --without-kerberos5
 
 make
@@ -133,6 +137,9 @@ rm -f %{buildroot}%{_sysconfdir}/profile.d/gnome-ssh-askpass.*
 
 mkdir -p %{buildroot}/var/empty/sshd
 
+install -d %{buildroot}%{_sysconfdir}/pam.d/
+install -m644 %{SOURCE9} %{buildroot}%{_sysconfdir}/pam.d/sshd
+
 %remove_docs
 
 rm -rf %{buildroot}%{_datadir}/man
@@ -196,4 +203,4 @@ fi
 %{_libdir}/systemd/system/multi-user.target.wants/sshd.socket
 %{_libdir}/systemd/system/multi-user.target.wants/sshd-keygen.service
 %{_sbindir}/sshd-keygen
-
+%{_sysconfdir}/pam.d/sshd

diff --git a/packaging/sshd.pam b/packaging/sshd.pam
new file mode 100644 (file)
index 0000000..483b714
--- /dev/null
+++ b/packaging/sshd.pam
@@ -0,0 +1,8 @@
+#%PAM-1.0
+auth       include      system-auth
+account    required     pam_nologin.so
+account    include      system-auth
+password   include      system-auth
+session    include      system-auth
+session    required     pam_loginuid.so
+session    optional     pam_keyinit.so force revoke