parent
46c429147f
commit
6befb284ad
@ -0,0 +1 @@
|
|||||||
|
{% calculate append = 'skip' %}
|
@ -0,0 +1 @@
|
|||||||
|
{% calculate path='/lib/udev', name='rules.d', package='sys-auth/elogind' %}
|
@ -0,0 +1 @@
|
|||||||
|
{% calculate append='remove', pkg('sys-fs/eudev') or pkg('sys-fs/udev') %}
|
@ -0,0 +1 @@
|
|||||||
|
{% calculate path='/etc', name='pam.d', package='sys-auth/pambase' %}
|
@ -0,0 +1,31 @@
|
|||||||
|
#%PAM-1.0
|
||||||
|
|
||||||
|
auth sufficient pam_rootok.so
|
||||||
|
|
||||||
|
# If you want to restrict users begin allowed to su even more,
|
||||||
|
# create /etc/security/suauth.allow (or to that matter) that is only
|
||||||
|
# writable by root, and add users that are allowed to su to that
|
||||||
|
# file, one per line.
|
||||||
|
#auth required pam_listfile.so item=ruser sense=allow onerr=fail file=/etc/security/suauth.allow
|
||||||
|
|
||||||
|
# Uncomment this to allow users in the wheel group to su without
|
||||||
|
# entering a passwd.
|
||||||
|
#auth sufficient pam_wheel.so use_uid trust
|
||||||
|
|
||||||
|
# Alternatively to above, you can implement a list of users that do
|
||||||
|
# not need to supply a passwd with a list.
|
||||||
|
#auth sufficient pam_listfile.so item=ruser sense=allow onerr=fail file=/etc/security/suauth.nopass
|
||||||
|
|
||||||
|
# Comment this to allow any user, even those not in the 'wheel'
|
||||||
|
# group to su
|
||||||
|
auth required pam_wheel.so use_uid
|
||||||
|
|
||||||
|
auth include system-auth
|
||||||
|
|
||||||
|
account include system-auth
|
||||||
|
|
||||||
|
password include system-auth
|
||||||
|
|
||||||
|
session include system-auth
|
||||||
|
session required pam_env.so
|
||||||
|
session optional pam_xauth.so
|
@ -0,0 +1,20 @@
|
|||||||
|
{% calculate comment='#', chmod='644', chown='root:root' %}
|
||||||
|
auth required pam_env.so
|
||||||
|
auth required pam_unix.so try_first_pass
|
||||||
|
|
||||||
|
account required pam_unix.so
|
||||||
|
|
||||||
|
{% if pkg('sys-libs/pam') >= '1.4' %}
|
||||||
|
password required pam_passwdqc.so min=8,8,8,8,8 retry=3
|
||||||
|
{% else %}
|
||||||
|
password required pam_cracklib.so difok=2 minlen=8 dcredit=2 ocredit=2 retry=3
|
||||||
|
{% endif %}
|
||||||
|
password sufficient pam_unix.so nullok sha256 shadow use_authtok
|
||||||
|
password required pam_deny.so
|
||||||
|
|
||||||
|
session required pam_limits.so
|
||||||
|
{% if pkg('sys-auth/elogind') %}
|
||||||
|
-session optional pam_loginuid.so
|
||||||
|
-session optional pam_elogind.so
|
||||||
|
{% endif %}
|
||||||
|
session required pam_unix.so
|
@ -0,0 +1,19 @@
|
|||||||
|
{% calculate comment='#' %}
|
||||||
|
|
||||||
|
auth required pam_nologin.so
|
||||||
|
auth substack system-auth
|
||||||
|
auth required pam_shells.so
|
||||||
|
|
||||||
|
account required pam_access.so
|
||||||
|
account required pam_nologin.so
|
||||||
|
account include system-auth
|
||||||
|
|
||||||
|
password include system-auth
|
||||||
|
|
||||||
|
session required pam_env.so
|
||||||
|
session include system-auth
|
||||||
|
#session optional pam_motd.so motd=/etc/motd
|
||||||
|
session optional pam_mail.so
|
||||||
|
{% if pkg('sys-auth/pam_update') %}
|
||||||
|
session optional pam_update.so
|
||||||
|
{% endif %}
|
Loading…
Reference in new issue