From 2daf9ba9dd2524e737ddcaf35bce32c8ed38464f Mon Sep 17 00:00:00 2001 From: Donald Buczek Date: Mon, 4 Mar 2024 14:40:22 +0100 Subject: [PATCH 1/3] etc/pam.d: Import existing files into repository Import existing "wild" files (not installed by bee packages) into repository. --- etc/pam.d/chage | 5 +++++ etc/pam.d/chfn | 5 +++++ etc/pam.d/chgpasswd | 5 +++++ etc/pam.d/chpasswd | 5 +++++ etc/pam.d/chsh | 5 +++++ etc/pam.d/crond | 10 ++++++++++ etc/pam.d/elager | 2 ++ etc/pam.d/gdm | 11 +++++++++++ etc/pam.d/gdm-fingerprint | 17 +++++++++++++++++ etc/pam.d/gdm-password | 11 +++++++++++ etc/pam.d/gdm-password.notok | 19 +++++++++++++++++++ etc/pam.d/gdm-password.ok | 11 +++++++++++ etc/pam.d/gdm-smartcard | 18 ++++++++++++++++++ etc/pam.d/gdm-welcome | 9 +++++++++ etc/pam.d/groupadd | 5 +++++ etc/pam.d/groupdel | 5 +++++ etc/pam.d/groupmems | 5 +++++ etc/pam.d/groupmod | 5 +++++ etc/pam.d/imap | 2 ++ etc/pam.d/kde | 5 +++++ etc/pam.d/lightdm | 20 ++++++++++++++++++++ etc/pam.d/lightdm-autologin | 20 ++++++++++++++++++++ etc/pam.d/lightdm-greeter | 17 +++++++++++++++++ etc/pam.d/login | 16 ++++++++++++++++ etc/pam.d/newusers | 5 +++++ etc/pam.d/other | 12 ++++++++++++ etc/pam.d/passwd | 5 +++++ etc/pam.d/pop | 2 ++ etc/pam.d/sieve | 2 ++ etc/pam.d/smtp | 2 ++ etc/pam.d/sshd | 16 ++++++++++++++++ etc/pam.d/su | 9 +++++++++ etc/pam.d/sudo | 7 +++++++ etc/pam.d/system-auth | 16 ++++++++++++++++ etc/pam.d/useradd | 5 +++++ etc/pam.d/userdel | 5 +++++ etc/pam.d/usermod | 5 +++++ etc/pam.d/xscreensaver | 6 ++++++ 38 files changed, 330 insertions(+) create mode 100644 etc/pam.d/chage create mode 100644 etc/pam.d/chfn create mode 100644 etc/pam.d/chgpasswd create mode 100644 etc/pam.d/chpasswd create mode 100644 etc/pam.d/chsh create mode 100644 etc/pam.d/crond create mode 100644 etc/pam.d/elager create mode 100644 etc/pam.d/gdm create mode 100644 etc/pam.d/gdm-fingerprint create mode 100644 etc/pam.d/gdm-password create mode 100644 etc/pam.d/gdm-password.notok create mode 100644 etc/pam.d/gdm-password.ok create mode 100644 etc/pam.d/gdm-smartcard create mode 100644 etc/pam.d/gdm-welcome create mode 100644 etc/pam.d/groupadd create mode 100644 etc/pam.d/groupdel create mode 100644 etc/pam.d/groupmems create mode 100644 etc/pam.d/groupmod create mode 100644 etc/pam.d/imap create mode 100644 etc/pam.d/kde create mode 100644 etc/pam.d/lightdm create mode 100644 etc/pam.d/lightdm-autologin create mode 100644 etc/pam.d/lightdm-greeter create mode 100644 etc/pam.d/login create mode 100644 etc/pam.d/newusers create mode 100644 etc/pam.d/other create mode 100644 etc/pam.d/passwd create mode 100644 etc/pam.d/pop create mode 100644 etc/pam.d/sieve create mode 100644 etc/pam.d/smtp create mode 100644 etc/pam.d/sshd create mode 100644 etc/pam.d/su create mode 100644 etc/pam.d/sudo create mode 100644 etc/pam.d/system-auth create mode 100644 etc/pam.d/useradd create mode 100644 etc/pam.d/userdel create mode 100644 etc/pam.d/usermod create mode 100644 etc/pam.d/xscreensaver diff --git a/etc/pam.d/chage b/etc/pam.d/chage new file mode 100644 index 0000000..d200f4a --- /dev/null +++ b/etc/pam.d/chage @@ -0,0 +1,5 @@ +auth sufficient pam_rootok.so +auth required pam_unix.so +account required pam_unix.so +session required pam_unix.so +password required pam_permit.so diff --git a/etc/pam.d/chfn b/etc/pam.d/chfn new file mode 100644 index 0000000..d200f4a --- /dev/null +++ b/etc/pam.d/chfn @@ -0,0 +1,5 @@ +auth sufficient pam_rootok.so +auth required pam_unix.so +account required pam_unix.so +session required pam_unix.so +password required pam_permit.so diff --git a/etc/pam.d/chgpasswd b/etc/pam.d/chgpasswd new file mode 100644 index 0000000..d200f4a --- /dev/null +++ b/etc/pam.d/chgpasswd @@ -0,0 +1,5 @@ +auth sufficient pam_rootok.so +auth required pam_unix.so +account required pam_unix.so +session required pam_unix.so +password required pam_permit.so diff --git a/etc/pam.d/chpasswd b/etc/pam.d/chpasswd new file mode 100644 index 0000000..d200f4a --- /dev/null +++ b/etc/pam.d/chpasswd @@ -0,0 +1,5 @@ +auth sufficient pam_rootok.so +auth required pam_unix.so +account required pam_unix.so +session required pam_unix.so +password required pam_permit.so diff --git a/etc/pam.d/chsh b/etc/pam.d/chsh new file mode 100644 index 0000000..d200f4a --- /dev/null +++ b/etc/pam.d/chsh @@ -0,0 +1,5 @@ +auth sufficient pam_rootok.so +auth required pam_unix.so +account required pam_unix.so +session required pam_unix.so +password required pam_permit.so diff --git a/etc/pam.d/crond b/etc/pam.d/crond new file mode 100644 index 0000000..59b58e5 --- /dev/null +++ b/etc/pam.d/crond @@ -0,0 +1,10 @@ +# +# The PAM configuration file for the cron daemon +auth sufficient pam_rootok.so +# +# deny cron-access to users listed in the /etc/cron.deny file +# +auth required pam_unix.so quiet +account required pam_listfile.so onerr=succeed item=user sense=deny file=/etc/cron.deny +account required pam_unix.so +session required pam_unix.so diff --git a/etc/pam.d/elager b/etc/pam.d/elager new file mode 100644 index 0000000..704376b --- /dev/null +++ b/etc/pam.d/elager @@ -0,0 +1,2 @@ +auth required pam_unix.so shadow nodelay +account required pam_unix.so diff --git a/etc/pam.d/gdm b/etc/pam.d/gdm new file mode 100644 index 0000000..37ce8aa --- /dev/null +++ b/etc/pam.d/gdm @@ -0,0 +1,11 @@ +#%PAM-1.0 +auth required pam_env.so +auth required pam_succeed_if.so user != root quiet +auth sufficient pam_succeed_if.so user ingroup nopasswdlogin +auth include system-auth +account required pam_nologin.so +account include system-auth +password include system-auth +session optional pam_keyinit.so force revoke +session include system-auth +session required pam_loginuid.so diff --git a/etc/pam.d/gdm-fingerprint b/etc/pam.d/gdm-fingerprint new file mode 100644 index 0000000..1a1c777 --- /dev/null +++ b/etc/pam.d/gdm-fingerprint @@ -0,0 +1,17 @@ +# Sample PAM file for doing fingerprint authentication. +# Distros should replace this with what makes sense for them. +auth required pam_env.so +auth required pam_fprintd.so +auth sufficient pam_succeed_if.so uid >= 500 quiet +auth required pam_deny.so + +account required pam_unix.so +account sufficient pam_localuser.so +account sufficient pam_succeed_if.so uid < 500 quiet +account required pam_permit.so + +password required pam_deny.so + +session optional pam_keyinit.so revoke +session required pam_limits.so +session required pam_unix.so diff --git a/etc/pam.d/gdm-password b/etc/pam.d/gdm-password new file mode 100644 index 0000000..37ce8aa --- /dev/null +++ b/etc/pam.d/gdm-password @@ -0,0 +1,11 @@ +#%PAM-1.0 +auth required pam_env.so +auth required pam_succeed_if.so user != root quiet +auth sufficient pam_succeed_if.so user ingroup nopasswdlogin +auth include system-auth +account required pam_nologin.so +account include system-auth +password include system-auth +session optional pam_keyinit.so force revoke +session include system-auth +session required pam_loginuid.so diff --git a/etc/pam.d/gdm-password.notok b/etc/pam.d/gdm-password.notok new file mode 100644 index 0000000..bac431d --- /dev/null +++ b/etc/pam.d/gdm-password.notok @@ -0,0 +1,19 @@ +# Sample PAM file for doing password authentication. +# Distros should replace this with what makes sense for them. +auth required pam_env.so +auth sufficient pam_unix.so nullok try_first_pass +auth requisite pam_succeed_if.so uid >= 500 quiet +auth required pam_deny.so + +account required pam_unix.so +account sufficient pam_localuser.so +account sufficient pam_succeed_if.so uid < 500 quiet +account required pam_permit.so + +password requisite pam_cracklib.so try_first_pass retry=3 type= +password sufficient pam_unix.so nullok try_first_pass use_authtok +password required pam_deny.so + +session optional pam_keyinit.so revoke +session required pam_limits.so +session required pam_unix.so diff --git a/etc/pam.d/gdm-password.ok b/etc/pam.d/gdm-password.ok new file mode 100644 index 0000000..37ce8aa --- /dev/null +++ b/etc/pam.d/gdm-password.ok @@ -0,0 +1,11 @@ +#%PAM-1.0 +auth required pam_env.so +auth required pam_succeed_if.so user != root quiet +auth sufficient pam_succeed_if.so user ingroup nopasswdlogin +auth include system-auth +account required pam_nologin.so +account include system-auth +password include system-auth +session optional pam_keyinit.so force revoke +session include system-auth +session required pam_loginuid.so diff --git a/etc/pam.d/gdm-smartcard b/etc/pam.d/gdm-smartcard new file mode 100644 index 0000000..d5ac1fa --- /dev/null +++ b/etc/pam.d/gdm-smartcard @@ -0,0 +1,18 @@ +# Sample PAM file for doing smartcard authentication. +# Distros should replace this with what makes sense for them. +auth required pam_env.so +auth [success=done ignore=ignore default=die] pam_pkcs11.so wait_for_card card_only +auth requisite pam_succeed_if.so uid >= 500 quiet +auth required pam_deny.so + +account required pam_unix.so +account sufficient pam_localuser.so +account sufficient pam_succeed_if.so uid < 500 quiet +account required pam_permit.so + +password optional pam_pkcs11.so +password requisite pam_cracklib.so try_first_pass retry=3 type= + +session optional pam_keyinit.so revoke +session required pam_limits.so +session required pam_unix.so diff --git a/etc/pam.d/gdm-welcome b/etc/pam.d/gdm-welcome new file mode 100644 index 0000000..b301f4f --- /dev/null +++ b/etc/pam.d/gdm-welcome @@ -0,0 +1,9 @@ +#%PAM-1.0 +auth required pam_env.so +auth required pam_permit.so +account required pam_nologin.so +account include system-auth +password include system-auth +session required pam_loginuid.so +session optional pam_keyinit.so force revoke +session include system-auth diff --git a/etc/pam.d/groupadd b/etc/pam.d/groupadd new file mode 100644 index 0000000..d200f4a --- /dev/null +++ b/etc/pam.d/groupadd @@ -0,0 +1,5 @@ +auth sufficient pam_rootok.so +auth required pam_unix.so +account required pam_unix.so +session required pam_unix.so +password required pam_permit.so diff --git a/etc/pam.d/groupdel b/etc/pam.d/groupdel new file mode 100644 index 0000000..d200f4a --- /dev/null +++ b/etc/pam.d/groupdel @@ -0,0 +1,5 @@ +auth sufficient pam_rootok.so +auth required pam_unix.so +account required pam_unix.so +session required pam_unix.so +password required pam_permit.so diff --git a/etc/pam.d/groupmems b/etc/pam.d/groupmems new file mode 100644 index 0000000..d200f4a --- /dev/null +++ b/etc/pam.d/groupmems @@ -0,0 +1,5 @@ +auth sufficient pam_rootok.so +auth required pam_unix.so +account required pam_unix.so +session required pam_unix.so +password required pam_permit.so diff --git a/etc/pam.d/groupmod b/etc/pam.d/groupmod new file mode 100644 index 0000000..d200f4a --- /dev/null +++ b/etc/pam.d/groupmod @@ -0,0 +1,5 @@ +auth sufficient pam_rootok.so +auth required pam_unix.so +account required pam_unix.so +session required pam_unix.so +password required pam_permit.so diff --git a/etc/pam.d/imap b/etc/pam.d/imap new file mode 100644 index 0000000..7d9d6c2 --- /dev/null +++ b/etc/pam.d/imap @@ -0,0 +1,2 @@ +auth required pam_unix.so +account required pam_unix.so diff --git a/etc/pam.d/kde b/etc/pam.d/kde new file mode 100644 index 0000000..cac6f86 --- /dev/null +++ b/etc/pam.d/kde @@ -0,0 +1,5 @@ +auth requisite pam_nologin.so +auth required pam_securetty.so +auth required pam_env.so +auth required pam_unix.so + diff --git a/etc/pam.d/lightdm b/etc/pam.d/lightdm new file mode 100644 index 0000000..fed8a9b --- /dev/null +++ b/etc/pam.d/lightdm @@ -0,0 +1,20 @@ +#%PAM-1.0 + +# Block login if they are globally disabled +auth required pam_nologin.so + +# Load environment from /etc/environment and ~/.pam_environment +auth required pam_env.so + +# Use /etc/passwd and /etc/shadow for passwords +auth required pam_unix.so + +# Check account is active, change password if required +account required pam_unix.so + +# Allow password to be changed +password required pam_unix.so + +# Setup session +session required pam_unix.so +session optional pam_systemd.so diff --git a/etc/pam.d/lightdm-autologin b/etc/pam.d/lightdm-autologin new file mode 100644 index 0000000..ba7a68c --- /dev/null +++ b/etc/pam.d/lightdm-autologin @@ -0,0 +1,20 @@ +#%PAM-1.0 + +# Block login if they are globally disabled +auth required pam_nologin.so + +# Load environment from /etc/environment and ~/.pam_environment +auth required pam_env.so + +# Allow access without authentication +auth required pam_permit.so + +# Stop autologin if account requires action +account required pam_unix.so + +# Can't change password +password required pam_deny.so + +# Setup session +session required pam_unix.so +session optional pam_systemd.so diff --git a/etc/pam.d/lightdm-greeter b/etc/pam.d/lightdm-greeter new file mode 100644 index 0000000..9a6862b --- /dev/null +++ b/etc/pam.d/lightdm-greeter @@ -0,0 +1,17 @@ +#%PAM-1.0 + +# Load environment from /etc/environment and ~/.pam_environment +auth required pam_env.so + +# Always let the greeter start without authentication +auth required pam_permit.so + +# No action required for account management +account required pam_permit.so + +# Can't change password +password required pam_deny.so + +# Setup session +session required pam_unix.so +session optional pam_systemd.so diff --git a/etc/pam.d/login b/etc/pam.d/login new file mode 100644 index 0000000..6518d93 --- /dev/null +++ b/etc/pam.d/login @@ -0,0 +1,16 @@ +auth requisite pam_nologin.so +auth required pam_securetty.so +auth required pam_env.so +auth required pam_unix.so +auth required pam_shells.so + +account required pam_access.so +account required pam_unix.so +session required pam_motd.so +session required pam_limits.so +#session optional pam_mail.so dir=/var/mail standard +session optional pam_lastlog.so +session required pam_unix.so +password required pam_unix.so md5 shadow +session required pam_loginuid.so +session optional pam_ck_connector.so diff --git a/etc/pam.d/newusers b/etc/pam.d/newusers new file mode 100644 index 0000000..d200f4a --- /dev/null +++ b/etc/pam.d/newusers @@ -0,0 +1,5 @@ +auth sufficient pam_rootok.so +auth required pam_unix.so +account required pam_unix.so +session required pam_unix.so +password required pam_permit.so diff --git a/etc/pam.d/other b/etc/pam.d/other new file mode 100644 index 0000000..0e377b9 --- /dev/null +++ b/etc/pam.d/other @@ -0,0 +1,12 @@ +# Begin /etc/pam.d/other + +auth required pam_deny.so +auth required pam_warn.so +account required pam_deny.so +account required pam_warn.so +password required pam_deny.so +password required pam_warn.so +session required pam_deny.so +session required pam_warn.so + +# End /etc/pam.d/other diff --git a/etc/pam.d/passwd b/etc/pam.d/passwd new file mode 100644 index 0000000..f586f2c --- /dev/null +++ b/etc/pam.d/passwd @@ -0,0 +1,5 @@ +# Begin /etc/pam.d/passwd + +password required pam_unix.so md5 shadow + +# End /etc/pam.d/passwd diff --git a/etc/pam.d/pop b/etc/pam.d/pop new file mode 100644 index 0000000..7d9d6c2 --- /dev/null +++ b/etc/pam.d/pop @@ -0,0 +1,2 @@ +auth required pam_unix.so +account required pam_unix.so diff --git a/etc/pam.d/sieve b/etc/pam.d/sieve new file mode 100644 index 0000000..7d9d6c2 --- /dev/null +++ b/etc/pam.d/sieve @@ -0,0 +1,2 @@ +auth required pam_unix.so +account required pam_unix.so diff --git a/etc/pam.d/smtp b/etc/pam.d/smtp new file mode 100644 index 0000000..7d9d6c2 --- /dev/null +++ b/etc/pam.d/smtp @@ -0,0 +1,2 @@ +auth required pam_unix.so +account required pam_unix.so diff --git a/etc/pam.d/sshd b/etc/pam.d/sshd new file mode 100644 index 0000000..e2a3ec1 --- /dev/null +++ b/etc/pam.d/sshd @@ -0,0 +1,16 @@ +auth requisite pam_nologin.so +#auth required pam_securetty.so +auth required pam_env.so +auth required pam_unix.so +auth required pam_google_authenticator.so nullok no_increment_hotp +auth required pam_shells.so +account required pam_access.so +account required pam_unix.so +#session required pam_motd.so +session required pam_limits.so +#session optional pam_mail.so dir=/var/mail standard +#session optional pam_lastlog.so +session required pam_unix.so +password required pam_unix.so md5 shadow +session required pam_loginuid.so +session optional pam_systemd.so diff --git a/etc/pam.d/su b/etc/pam.d/su new file mode 100644 index 0000000..a4ccffd --- /dev/null +++ b/etc/pam.d/su @@ -0,0 +1,9 @@ +auth sufficient pam_rootok.so +auth required pam_unix.so +auth required pam_shells.so +account required pam_unix.so +#session optional pam_mail.so dir=/var/mail standard +session optional pam_xauth.so +session required pam_limits.so +session required pam_env.so +session required pam_unix.so diff --git a/etc/pam.d/sudo b/etc/pam.d/sudo new file mode 100644 index 0000000..5f59595 --- /dev/null +++ b/etc/pam.d/sudo @@ -0,0 +1,7 @@ +auth sufficient pam_rootok.so +auth required pam_unix.so +auth required pam_shells.so +account required pam_unix.so +session optional pam_mail.so dir=/var/mail standard +session required pam_unix.so + diff --git a/etc/pam.d/system-auth b/etc/pam.d/system-auth new file mode 100644 index 0000000..726779e --- /dev/null +++ b/etc/pam.d/system-auth @@ -0,0 +1,16 @@ +auth required pam_nologin.so +auth required pam_shells.so +auth required pam_securetty.so +auth required pam_env.so +auth required pam_unix.so + +account required pam_access.so +account required pam_unix.so + +password required pam_unix.so md5 shadow + +session required pam_unix.so +session required pam_limits.so + +session required pam_loginuid.so +session optional pam_systemd.so diff --git a/etc/pam.d/useradd b/etc/pam.d/useradd new file mode 100644 index 0000000..d200f4a --- /dev/null +++ b/etc/pam.d/useradd @@ -0,0 +1,5 @@ +auth sufficient pam_rootok.so +auth required pam_unix.so +account required pam_unix.so +session required pam_unix.so +password required pam_permit.so diff --git a/etc/pam.d/userdel b/etc/pam.d/userdel new file mode 100644 index 0000000..d200f4a --- /dev/null +++ b/etc/pam.d/userdel @@ -0,0 +1,5 @@ +auth sufficient pam_rootok.so +auth required pam_unix.so +account required pam_unix.so +session required pam_unix.so +password required pam_permit.so diff --git a/etc/pam.d/usermod b/etc/pam.d/usermod new file mode 100644 index 0000000..d200f4a --- /dev/null +++ b/etc/pam.d/usermod @@ -0,0 +1,5 @@ +auth sufficient pam_rootok.so +auth required pam_unix.so +account required pam_unix.so +session required pam_unix.so +password required pam_permit.so diff --git a/etc/pam.d/xscreensaver b/etc/pam.d/xscreensaver new file mode 100644 index 0000000..bdc8e19 --- /dev/null +++ b/etc/pam.d/xscreensaver @@ -0,0 +1,6 @@ +auth requisite pam_nologin.so +auth required pam_securetty.so +auth required pam_env.so +auth required pam_shells.so +auth required pam_unix.so + From 2c83b58baa96bfc9f95a093152c26fe40499ab79 Mon Sep 17 00:00:00 2001 From: Donald Buczek Date: Mon, 4 Mar 2024 14:44:00 +0100 Subject: [PATCH 2/3] etc/pam.d: Remove obsolete pam_ck_connector (ConsoleKit) --- etc/pam.d/login | 1 - 1 file changed, 1 deletion(-) diff --git a/etc/pam.d/login b/etc/pam.d/login index 6518d93..cee1d57 100644 --- a/etc/pam.d/login +++ b/etc/pam.d/login @@ -13,4 +13,3 @@ session optional pam_lastlog.so session required pam_unix.so password required pam_unix.so md5 shadow session required pam_loginuid.so -session optional pam_ck_connector.so From c0d4ef1f718ac1f229a57ceb9a74cb83221a4499 Mon Sep 17 00:00:00 2001 From: Donald Buczek Date: Mon, 4 Mar 2024 14:52:31 +0100 Subject: [PATCH 3/3] etc/pam.d: Remove junk --- etc/pam.d/chage | 5 ----- etc/pam.d/chfn | 5 ----- etc/pam.d/chgpasswd | 5 ----- etc/pam.d/chpasswd | 5 ----- etc/pam.d/chsh | 5 ----- etc/pam.d/gdm | 11 ----------- etc/pam.d/gdm-fingerprint | 17 ----------------- etc/pam.d/gdm-password | 11 ----------- etc/pam.d/gdm-password.notok | 19 ------------------- etc/pam.d/gdm-password.ok | 11 ----------- etc/pam.d/gdm-smartcard | 18 ------------------ etc/pam.d/gdm-welcome | 9 --------- etc/pam.d/groupadd | 5 ----- etc/pam.d/groupdel | 5 ----- etc/pam.d/groupmems | 5 ----- etc/pam.d/groupmod | 5 ----- etc/pam.d/lightdm-autologin | 20 -------------------- etc/pam.d/newusers | 5 ----- etc/pam.d/useradd | 5 ----- etc/pam.d/userdel | 5 ----- etc/pam.d/usermod | 5 ----- 21 files changed, 181 deletions(-) delete mode 100644 etc/pam.d/chage delete mode 100644 etc/pam.d/chfn delete mode 100644 etc/pam.d/chgpasswd delete mode 100644 etc/pam.d/chpasswd delete mode 100644 etc/pam.d/chsh delete mode 100644 etc/pam.d/gdm delete mode 100644 etc/pam.d/gdm-fingerprint delete mode 100644 etc/pam.d/gdm-password delete mode 100644 etc/pam.d/gdm-password.notok delete mode 100644 etc/pam.d/gdm-password.ok delete mode 100644 etc/pam.d/gdm-smartcard delete mode 100644 etc/pam.d/gdm-welcome delete mode 100644 etc/pam.d/groupadd delete mode 100644 etc/pam.d/groupdel delete mode 100644 etc/pam.d/groupmems delete mode 100644 etc/pam.d/groupmod delete mode 100644 etc/pam.d/lightdm-autologin delete mode 100644 etc/pam.d/newusers delete mode 100644 etc/pam.d/useradd delete mode 100644 etc/pam.d/userdel delete mode 100644 etc/pam.d/usermod diff --git a/etc/pam.d/chage b/etc/pam.d/chage deleted file mode 100644 index d200f4a..0000000 --- a/etc/pam.d/chage +++ /dev/null @@ -1,5 +0,0 @@ -auth sufficient pam_rootok.so -auth required pam_unix.so -account required pam_unix.so -session required pam_unix.so -password required pam_permit.so diff --git a/etc/pam.d/chfn b/etc/pam.d/chfn deleted file mode 100644 index d200f4a..0000000 --- a/etc/pam.d/chfn +++ /dev/null @@ -1,5 +0,0 @@ -auth sufficient pam_rootok.so -auth required pam_unix.so -account required pam_unix.so -session required pam_unix.so -password required pam_permit.so diff --git a/etc/pam.d/chgpasswd b/etc/pam.d/chgpasswd deleted file mode 100644 index d200f4a..0000000 --- a/etc/pam.d/chgpasswd +++ /dev/null @@ -1,5 +0,0 @@ -auth sufficient pam_rootok.so -auth required pam_unix.so -account required pam_unix.so -session required pam_unix.so -password required pam_permit.so diff --git a/etc/pam.d/chpasswd b/etc/pam.d/chpasswd deleted file mode 100644 index d200f4a..0000000 --- a/etc/pam.d/chpasswd +++ /dev/null @@ -1,5 +0,0 @@ -auth sufficient pam_rootok.so -auth required pam_unix.so -account required pam_unix.so -session required pam_unix.so -password required pam_permit.so diff --git a/etc/pam.d/chsh b/etc/pam.d/chsh deleted file mode 100644 index d200f4a..0000000 --- a/etc/pam.d/chsh +++ /dev/null @@ -1,5 +0,0 @@ -auth sufficient pam_rootok.so -auth required pam_unix.so -account required pam_unix.so -session required pam_unix.so -password required pam_permit.so diff --git a/etc/pam.d/gdm b/etc/pam.d/gdm deleted file mode 100644 index 37ce8aa..0000000 --- a/etc/pam.d/gdm +++ /dev/null @@ -1,11 +0,0 @@ -#%PAM-1.0 -auth required pam_env.so -auth required pam_succeed_if.so user != root quiet -auth sufficient pam_succeed_if.so user ingroup nopasswdlogin -auth include system-auth -account required pam_nologin.so -account include system-auth -password include system-auth -session optional pam_keyinit.so force revoke -session include system-auth -session required pam_loginuid.so diff --git a/etc/pam.d/gdm-fingerprint b/etc/pam.d/gdm-fingerprint deleted file mode 100644 index 1a1c777..0000000 --- a/etc/pam.d/gdm-fingerprint +++ /dev/null @@ -1,17 +0,0 @@ -# Sample PAM file for doing fingerprint authentication. -# Distros should replace this with what makes sense for them. -auth required pam_env.so -auth required pam_fprintd.so -auth sufficient pam_succeed_if.so uid >= 500 quiet -auth required pam_deny.so - -account required pam_unix.so -account sufficient pam_localuser.so -account sufficient pam_succeed_if.so uid < 500 quiet -account required pam_permit.so - -password required pam_deny.so - -session optional pam_keyinit.so revoke -session required pam_limits.so -session required pam_unix.so diff --git a/etc/pam.d/gdm-password b/etc/pam.d/gdm-password deleted file mode 100644 index 37ce8aa..0000000 --- a/etc/pam.d/gdm-password +++ /dev/null @@ -1,11 +0,0 @@ -#%PAM-1.0 -auth required pam_env.so -auth required pam_succeed_if.so user != root quiet -auth sufficient pam_succeed_if.so user ingroup nopasswdlogin -auth include system-auth -account required pam_nologin.so -account include system-auth -password include system-auth -session optional pam_keyinit.so force revoke -session include system-auth -session required pam_loginuid.so diff --git a/etc/pam.d/gdm-password.notok b/etc/pam.d/gdm-password.notok deleted file mode 100644 index bac431d..0000000 --- a/etc/pam.d/gdm-password.notok +++ /dev/null @@ -1,19 +0,0 @@ -# Sample PAM file for doing password authentication. -# Distros should replace this with what makes sense for them. -auth required pam_env.so -auth sufficient pam_unix.so nullok try_first_pass -auth requisite pam_succeed_if.so uid >= 500 quiet -auth required pam_deny.so - -account required pam_unix.so -account sufficient pam_localuser.so -account sufficient pam_succeed_if.so uid < 500 quiet -account required pam_permit.so - -password requisite pam_cracklib.so try_first_pass retry=3 type= -password sufficient pam_unix.so nullok try_first_pass use_authtok -password required pam_deny.so - -session optional pam_keyinit.so revoke -session required pam_limits.so -session required pam_unix.so diff --git a/etc/pam.d/gdm-password.ok b/etc/pam.d/gdm-password.ok deleted file mode 100644 index 37ce8aa..0000000 --- a/etc/pam.d/gdm-password.ok +++ /dev/null @@ -1,11 +0,0 @@ -#%PAM-1.0 -auth required pam_env.so -auth required pam_succeed_if.so user != root quiet -auth sufficient pam_succeed_if.so user ingroup nopasswdlogin -auth include system-auth -account required pam_nologin.so -account include system-auth -password include system-auth -session optional pam_keyinit.so force revoke -session include system-auth -session required pam_loginuid.so diff --git a/etc/pam.d/gdm-smartcard b/etc/pam.d/gdm-smartcard deleted file mode 100644 index d5ac1fa..0000000 --- a/etc/pam.d/gdm-smartcard +++ /dev/null @@ -1,18 +0,0 @@ -# Sample PAM file for doing smartcard authentication. -# Distros should replace this with what makes sense for them. -auth required pam_env.so -auth [success=done ignore=ignore default=die] pam_pkcs11.so wait_for_card card_only -auth requisite pam_succeed_if.so uid >= 500 quiet -auth required pam_deny.so - -account required pam_unix.so -account sufficient pam_localuser.so -account sufficient pam_succeed_if.so uid < 500 quiet -account required pam_permit.so - -password optional pam_pkcs11.so -password requisite pam_cracklib.so try_first_pass retry=3 type= - -session optional pam_keyinit.so revoke -session required pam_limits.so -session required pam_unix.so diff --git a/etc/pam.d/gdm-welcome b/etc/pam.d/gdm-welcome deleted file mode 100644 index b301f4f..0000000 --- a/etc/pam.d/gdm-welcome +++ /dev/null @@ -1,9 +0,0 @@ -#%PAM-1.0 -auth required pam_env.so -auth required pam_permit.so -account required pam_nologin.so -account include system-auth -password include system-auth -session required pam_loginuid.so -session optional pam_keyinit.so force revoke -session include system-auth diff --git a/etc/pam.d/groupadd b/etc/pam.d/groupadd deleted file mode 100644 index d200f4a..0000000 --- a/etc/pam.d/groupadd +++ /dev/null @@ -1,5 +0,0 @@ -auth sufficient pam_rootok.so -auth required pam_unix.so -account required pam_unix.so -session required pam_unix.so -password required pam_permit.so diff --git a/etc/pam.d/groupdel b/etc/pam.d/groupdel deleted file mode 100644 index d200f4a..0000000 --- a/etc/pam.d/groupdel +++ /dev/null @@ -1,5 +0,0 @@ -auth sufficient pam_rootok.so -auth required pam_unix.so -account required pam_unix.so -session required pam_unix.so -password required pam_permit.so diff --git a/etc/pam.d/groupmems b/etc/pam.d/groupmems deleted file mode 100644 index d200f4a..0000000 --- a/etc/pam.d/groupmems +++ /dev/null @@ -1,5 +0,0 @@ -auth sufficient pam_rootok.so -auth required pam_unix.so -account required pam_unix.so -session required pam_unix.so -password required pam_permit.so diff --git a/etc/pam.d/groupmod b/etc/pam.d/groupmod deleted file mode 100644 index d200f4a..0000000 --- a/etc/pam.d/groupmod +++ /dev/null @@ -1,5 +0,0 @@ -auth sufficient pam_rootok.so -auth required pam_unix.so -account required pam_unix.so -session required pam_unix.so -password required pam_permit.so diff --git a/etc/pam.d/lightdm-autologin b/etc/pam.d/lightdm-autologin deleted file mode 100644 index ba7a68c..0000000 --- a/etc/pam.d/lightdm-autologin +++ /dev/null @@ -1,20 +0,0 @@ -#%PAM-1.0 - -# Block login if they are globally disabled -auth required pam_nologin.so - -# Load environment from /etc/environment and ~/.pam_environment -auth required pam_env.so - -# Allow access without authentication -auth required pam_permit.so - -# Stop autologin if account requires action -account required pam_unix.so - -# Can't change password -password required pam_deny.so - -# Setup session -session required pam_unix.so -session optional pam_systemd.so diff --git a/etc/pam.d/newusers b/etc/pam.d/newusers deleted file mode 100644 index d200f4a..0000000 --- a/etc/pam.d/newusers +++ /dev/null @@ -1,5 +0,0 @@ -auth sufficient pam_rootok.so -auth required pam_unix.so -account required pam_unix.so -session required pam_unix.so -password required pam_permit.so diff --git a/etc/pam.d/useradd b/etc/pam.d/useradd deleted file mode 100644 index d200f4a..0000000 --- a/etc/pam.d/useradd +++ /dev/null @@ -1,5 +0,0 @@ -auth sufficient pam_rootok.so -auth required pam_unix.so -account required pam_unix.so -session required pam_unix.so -password required pam_permit.so diff --git a/etc/pam.d/userdel b/etc/pam.d/userdel deleted file mode 100644 index d200f4a..0000000 --- a/etc/pam.d/userdel +++ /dev/null @@ -1,5 +0,0 @@ -auth sufficient pam_rootok.so -auth required pam_unix.so -account required pam_unix.so -session required pam_unix.so -password required pam_permit.so diff --git a/etc/pam.d/usermod b/etc/pam.d/usermod deleted file mode 100644 index d200f4a..0000000 --- a/etc/pam.d/usermod +++ /dev/null @@ -1,5 +0,0 @@ -auth sufficient pam_rootok.so -auth required pam_unix.so -account required pam_unix.so -session required pam_unix.so -password required pam_permit.so