parent
46c429147f
commit
6befb284ad
@ -0,0 +1 @@
|
||||
{% calculate append = 'skip' %}
|
@ -0,0 +1 @@
|
||||
{% calculate path='/lib/udev', name='rules.d', package='sys-auth/elogind' %}
|
@ -0,0 +1 @@
|
||||
{% calculate append='remove', pkg('sys-fs/eudev') or pkg('sys-fs/udev') %}
|
@ -0,0 +1 @@
|
||||
{% calculate path='/etc', name='pam.d', package='sys-auth/pambase' %}
|
@ -0,0 +1,31 @@
|
||||
#%PAM-1.0
|
||||
|
||||
auth sufficient pam_rootok.so
|
||||
|
||||
# If you want to restrict users begin allowed to su even more,
|
||||
# create /etc/security/suauth.allow (or to that matter) that is only
|
||||
# writable by root, and add users that are allowed to su to that
|
||||
# file, one per line.
|
||||
#auth required pam_listfile.so item=ruser sense=allow onerr=fail file=/etc/security/suauth.allow
|
||||
|
||||
# Uncomment this to allow users in the wheel group to su without
|
||||
# entering a passwd.
|
||||
#auth sufficient pam_wheel.so use_uid trust
|
||||
|
||||
# Alternatively to above, you can implement a list of users that do
|
||||
# not need to supply a passwd with a list.
|
||||
#auth sufficient pam_listfile.so item=ruser sense=allow onerr=fail file=/etc/security/suauth.nopass
|
||||
|
||||
# Comment this to allow any user, even those not in the 'wheel'
|
||||
# group to su
|
||||
auth required pam_wheel.so use_uid
|
||||
|
||||
auth include system-auth
|
||||
|
||||
account include system-auth
|
||||
|
||||
password include system-auth
|
||||
|
||||
session include system-auth
|
||||
session required pam_env.so
|
||||
session optional pam_xauth.so
|
@ -0,0 +1,20 @@
|
||||
{% calculate comment='#', chmod='644', chown='root:root' %}
|
||||
auth required pam_env.so
|
||||
auth required pam_unix.so try_first_pass
|
||||
|
||||
account required pam_unix.so
|
||||
|
||||
{% if pkg('sys-libs/pam') >= '1.4' %}
|
||||
password required pam_passwdqc.so min=8,8,8,8,8 retry=3
|
||||
{% else %}
|
||||
password required pam_cracklib.so difok=2 minlen=8 dcredit=2 ocredit=2 retry=3
|
||||
{% endif %}
|
||||
password sufficient pam_unix.so nullok sha256 shadow use_authtok
|
||||
password required pam_deny.so
|
||||
|
||||
session required pam_limits.so
|
||||
{% if pkg('sys-auth/elogind') %}
|
||||
-session optional pam_loginuid.so
|
||||
-session optional pam_elogind.so
|
||||
{% endif %}
|
||||
session required pam_unix.so
|
@ -0,0 +1,19 @@
|
||||
{% calculate comment='#' %}
|
||||
|
||||
auth required pam_nologin.so
|
||||
auth substack system-auth
|
||||
auth required pam_shells.so
|
||||
|
||||
account required pam_access.so
|
||||
account required pam_nologin.so
|
||||
account include system-auth
|
||||
|
||||
password include system-auth
|
||||
|
||||
session required pam_env.so
|
||||
session include system-auth
|
||||
#session optional pam_motd.so motd=/etc/motd
|
||||
session optional pam_mail.so
|
||||
{% if pkg('sys-auth/pam_update') %}
|
||||
session optional pam_update.so
|
||||
{% endif %}
|
Loading…
Reference in new issue