Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status
summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
* templates/system-auth.tpl: fix libcap module namepambase-20201026Sam James2020-10-261-1/+1
| | | | | Bug: https://bugs.gentoo.org/750524 Signed-off-by: Sam James <sam@gentoo.org>
* templates/system-auth.tpl: skip pam_unix with krb5Sam James2020-10-261-4/+4
| | | | | | | | | | | Before this change, success on pam_krb5 would result in jumping one line (over pam_permit) back into pam_unix. Incidentally, we did the later stanza correctly. This was a regression from old pambase. Bug: https://bugs.gentoo.org/748405 Signed-off-by: Sam James <sam@gentoo.org>
* templates/system-login.tpl: always need faillockSam James2020-10-262-4/+0
| | | | | Fixes: eb138196aa2d3cb860d5eb5ab1d05985df34ad2c Signed-off-by: Sam James <sam@gentoo.org>
* templates/system-auth.tpl: use faillock in minimal casepambase-20201020Sam James2020-10-201-5/+2
| | | | | Bug: https://bugs.gentoo.org/748405 Signed-off-by: Sam James <sam@gentoo.org>
* templates/system-auth.tpl: drop superfluous conf param on faillockpambase-20201013Sam James2020-10-121-1/+1
| | | | | | | pam_faillock defaults to /etc/security/faillock.conf anyway. Closes: https://bugs.gentoo.org/747967 Signed-off-by: Sam James <sam@gentoo.org>
* templates/system-login.tpl: remove duplicate block already in system-authSam James2020-10-122-6/+5
| | | | | | Do it right this time! Signed-off-by: Sam James <sam@gentoo.org>
* templates/system-login.tpl: remove duplicate block from system-auth (again)Sam James2020-10-122-5/+6
|\ | | | | | | Signed-off-by: Sam James <sam@gentoo.org>
| * switch pam_faillock.so to its config filepambase-20201010Mikle Kolyada2020-10-102-4/+4
| | | | | | | | Signed-off-by: Mikle Kolyada <zlogene@gentoo.org>
* | templates/system-login.tpl: move systemd, elogind blocks hereSam James2020-10-122-8/+8
| | | | | | | | Signed-off-by: Sam James <sam@gentoo.org>
* | templates/system-login.tpl: remove duplicate block from system-authSam James2020-10-121-5/+0
| | | | | | | | | | Bug: https://bugs.gentoo.org/747868 Signed-off-by: Sam James <sam@gentoo.org>
* | templates/system-session.tpl: include pam_krb5.so module nameSam James2020-10-121-4/+1
|/ | | | Signed-off-by: Sam James <sam@gentoo.org>
* system-auth: introduce pam_pwhistorypambase-20200917Mikle Kolyada2020-09-132-0/+5
| | | | Signed-off-by: Mikle Kolyada <zlogene@gentoo.org>
* system-auth: switch password modules to configsMikle Kolyada2020-09-091-2/+2
| | | | | | | | | | * pam_passwdqc.so can by managed by the /etc/security/passwdqc.conf * pam_pwquality.so can be managed by the /etc/security/pwquality.conf Both allow users to create their own password polices without touching files in the /etc/pam.d directory Signed-off-by: Mikle Kolyada <zlogene@gentoo.org>
* make pam_gnome_keyring optionalpambase-20200817Mikle Kolyada2020-08-172-72/+76
| | | | Signed-off-by: Mikle Kolyada <zlogene@gentoo.org>
* Add pam_pwquality.so supportpambase-20200815Mikle Kolyada2020-08-152-0/+5
| | | | Signed-off-by: Mikle Kolyada <zlogene@gentoo.org>
* pambase.py: rename system-service -> system-servicespambase-20200806Sam James2020-08-062-1/+1
| | | | | | | | Some of e.g. OpenRC's installed pam files assume 'system-services': ./supervise-daemon:2:session include system-services ./start-stop-daemon:2:session include system-services Signed-off-by: Sam James <sam@gentoo.org>
* pambase.py: strip trailing whitespace in stackpambase-20200805Sam James2020-08-051-1/+1
| | | | Signed-off-by: Sam James <sam@gentoo.org>
* templates/*: remove unnecessary stripsSam James2020-08-054-44/+44
| | | | | | Now obsolete as of 732fb3bbfd7d007fdca78dd4587f1a7bd34bfa6c. Signed-off-by: Sam James <sam@gentoo.org>
* pambase.py: strip all blank linesSam James2020-08-051-1/+6
| | | | | | | It's simpler to do this in pambase.py than with Jinja 2, at least for now. Signed-off-by: Sam James <sam@gentoo.org>
* fix pam_ssh formattingpambase-20200804Mikle Kolyada2020-08-041-1/+1
| | | | Signed-off-by: Mikle Kolyada <zlogene@gentoo.org>
* fix a typo in logicMikle Kolyada2020-08-041-1/+1
| | | | Signed-off-by: Mikle Kolyada <zlogene@gentoo.org>
* New pambase eraMikle Kolyada2020-08-0423-365/+252
| | | | | | pambase was simplified and rewritten in python Signed-off-by: Mikle Kolyada <zlogene@gentoo.org>
* move faillock last in authpambase-20200618historicalMikle Kolyada2020-06-182-11/+12
| | | | Signed-off-by: Mikle Kolyada <zlogene@gentoo.org>
* fix a typoMikle Kolyada2020-06-171-1/+1
| | | | Signed-off-by: Mikle Kolyada <zlogene@gentoo.org>
* iprove faillock supportMikle Kolyada2020-06-162-2/+17
| | | | Signed-off-by: Mikle Kolyada <zlogene@gentoo.org>
* Revert "allow clang-cpp"Mikle Kolyada2020-06-101-1/+1
| | | | | | This reverts commit 4a97472903679c7d85ca391aeedaea3ce7797acf. Signed-off-by: Mikle Kolyada <zlogene@gentoo.org>
* New releaseMikle Kolyada2020-06-105-19/+7
| | | | | | | - disable cracklib in favor of passwdqc - disable tally{,2} in favor of faillock Signed-off-by: Mikle Kolyada <zlogene@gentoo.org>
* allow clang-cppMikle Kolyada2020-04-301-1/+1
| | | | Signed-off-by: Mikle Kolyada <zlogene@gentoo.org>
* Run pam_env.so after pam_systemd.so for better socket supportpambase-20200304David Seifert2020-03-041-1/+1
| | | | | | | | | * Running pam_systemd.so before setting user environment variables makes it possible for the user to use variables such as `XDG_RUNTIME_DIR` in their own definitions. Bug: https://bugs.gentoo.org/711450 Signed-off-by: David Seifert <soap@gentoo.org>
* handle envfile with pam_env.sopambase-20191128Mikle Kolyada2019-11-282-1/+1
| | | | Signed-off-by: Mikle Kolyada <zlogene@gentoo.org>
* fix libcap function callMikle Kolyada2019-11-271-1/+1
| | | | Signed-off-by: Mikle Kolyada <zlogene@gentoo.org>
* integrate libcap supportMikle Kolyada2019-11-243-0/+8
| | | | Signed-off-by: Mikle Kolyada <zlogene@gentoo.org>
* remove openpam supportMikle Kolyada2019-11-152-30/+1
| | | | Signed-off-by: Mikle Kolyada <zlogene@gentoo.org>
* add vital patches into the sourcespambase-20190402Mikle Kolyada2019-04-024-13/+13
| | | | Signed-off-by: Mikle Kolyada <zlogene@gentoo.org>
* system-login: fix nested selinux commentSven Vermeulen2015-05-171-1/+1
| | | | URL: https://bugs.gentoo.org/540096
* system-login: move pam_gnome_keyring after pam_selinuxpambase-20150213Mike Frysinger2015-02-131-3/+4
| | | | URL: https://bugs.gentoo.org/511600
* trim trailing whitespaceMike Frysinger2015-02-133-8/+6
|
* make nullok into a build time optionMike Frysinger2015-02-133-2/+12
|
* make securetty optionalMike Frysinger2015-02-132-0/+6
| | | | URL: https://bugs.gentoo.org/539508
* Use xz instead of bzip2 for dist.Samuli Suominen2014-03-131-3/+3
|
* Import -lastlog-silent.patch from gentoo-x86, see bug #468798pambase-20140313Samuli Suominen2014-03-132-1/+3
|
* Import -systemd.patch and -systemd-auth.patch from gentoo-x86, see both bugs ↵Samuli Suominen2014-03-132-0/+8
| | | | #372229 and #485470
* Add pam.d files for login, passwd and su.pambase-20120417Pawel Hajdan, Jr2012-03-205-1/+28
| | | | Those should be shared between shadow implementations.
* Implement support for pam_loginuid as needed for bug #342345pambase-20101024Diego Elio Pettenò2010-10-243-0/+7
|
* Add support for building minimal PAM chains.pambase-20100925pambase-20100903Diego Elio Pettenò2010-09-033-8/+20
| | | | | | When setting the MINIMAL flag on, the generated PAM chains will not use tally, motd, mail or lastlog modules, making th elogin quiet and skipping over the update of the login files.
* Also protect account and password from pam_krb5 bad jumps.pambase-20100819Diego Elio 'Flameeyes' Pettenò2010-08-191-0/+4
| | | | Thanks to Simon Alman for reporting, in bug #333393
* Make sure that there is a space between password and session.pambase-20100724Diego Elio 'Flameeyes' Pettenò2010-07-241-1/+1
|
* Fix kerberos authentication.Diego Elio 'Flameeyes' Pettenò2010-07-241-1/+3
|
* Don't define UNIX_AUTHTOK to use_authtok if no former module is called.pambase-20100723Diego Elio 'Flameeyes' Pettenò2010-07-231-1/+1
|
* Add support for pam_krb5 module for Kerberos authentication.Diego Elio 'Flameeyes' Pettenò2010-07-234-4/+55
| | | | | | | | This implements drop-in support for Kerberos (pam_krb5) in Gentoo systems; if the kerberos USE flag has been enabled, it'll use pam_krb5 for login, ignoring pam_unix, but no other module in the chain. It requires Linux-PAM.