diff options
Diffstat (limited to 'meta/recipes-extended/shadow/shadow-4.1.4.2/pam.d')
7 files changed, 197 insertions, 0 deletions
diff --git a/meta/recipes-extended/shadow/shadow-4.1.4.2/pam.d/chfn b/meta/recipes-extended/shadow/shadow-4.1.4.2/pam.d/chfn new file mode 100644 index 0000000000..baf7698bba --- /dev/null +++ b/meta/recipes-extended/shadow/shadow-4.1.4.2/pam.d/chfn | |||
@@ -0,0 +1,14 @@ | |||
1 | # | ||
2 | # The PAM configuration file for the Shadow `chfn' service | ||
3 | # | ||
4 | |||
5 | # This allows root to change user infomation without being | ||
6 | # prompted for a password | ||
7 | auth sufficient pam_rootok.so | ||
8 | |||
9 | # The standard Unix authentication modules, used with | ||
10 | # NIS (man nsswitch) as well as normal /etc/passwd and | ||
11 | # /etc/shadow entries. | ||
12 | auth include common-auth | ||
13 | account include common-account | ||
14 | session include common-session | ||
diff --git a/meta/recipes-extended/shadow/shadow-4.1.4.2/pam.d/chpasswd b/meta/recipes-extended/shadow/shadow-4.1.4.2/pam.d/chpasswd new file mode 100644 index 0000000000..9e3efa68ba --- /dev/null +++ b/meta/recipes-extended/shadow/shadow-4.1.4.2/pam.d/chpasswd | |||
@@ -0,0 +1,4 @@ | |||
1 | # The PAM configuration file for the Shadow 'chpasswd' service | ||
2 | # | ||
3 | |||
4 | password include common-password | ||
diff --git a/meta/recipes-extended/shadow/shadow-4.1.4.2/pam.d/chsh b/meta/recipes-extended/shadow/shadow-4.1.4.2/pam.d/chsh new file mode 100644 index 0000000000..8fb169f64e --- /dev/null +++ b/meta/recipes-extended/shadow/shadow-4.1.4.2/pam.d/chsh | |||
@@ -0,0 +1,19 @@ | |||
1 | # | ||
2 | # The PAM configuration file for the Shadow `chsh' service | ||
3 | # | ||
4 | |||
5 | # This will not allow a user to change their shell unless | ||
6 | # their current one is listed in /etc/shells. This keeps | ||
7 | # accounts with special shells from changing them. | ||
8 | auth required pam_shells.so | ||
9 | |||
10 | # This allows root to change user shell without being | ||
11 | # prompted for a password | ||
12 | auth sufficient pam_rootok.so | ||
13 | |||
14 | # The standard Unix authentication modules, used with | ||
15 | # NIS (man nsswitch) as well as normal /etc/passwd and | ||
16 | # /etc/shadow entries. | ||
17 | auth include common-auth | ||
18 | account include common-account | ||
19 | session include common-session | ||
diff --git a/meta/recipes-extended/shadow/shadow-4.1.4.2/pam.d/login b/meta/recipes-extended/shadow/shadow-4.1.4.2/pam.d/login new file mode 100644 index 0000000000..e41eb04ec1 --- /dev/null +++ b/meta/recipes-extended/shadow/shadow-4.1.4.2/pam.d/login | |||
@@ -0,0 +1,91 @@ | |||
1 | # | ||
2 | # The PAM configuration file for the Shadow `login' service | ||
3 | # | ||
4 | |||
5 | # Enforce a minimal delay in case of failure (in microseconds). | ||
6 | # (Replaces the `FAIL_DELAY' setting from login.defs) | ||
7 | # Note that other modules may require another minimal delay. (for example, | ||
8 | # to disable any delay, you should add the nodelay option to pam_unix) | ||
9 | auth optional pam_faildelay.so delay=3000000 | ||
10 | |||
11 | # Outputs an issue file prior to each login prompt (Replaces the | ||
12 | # ISSUE_FILE option from login.defs). Uncomment for use | ||
13 | # auth required pam_issue.so issue=/etc/issue | ||
14 | |||
15 | # Disallows root logins except on tty's listed in /etc/securetty | ||
16 | # (Replaces the `CONSOLE' setting from login.defs) | ||
17 | # Note that it is included as a "requisite" module. No password prompts will | ||
18 | # be displayed if this module fails to avoid having the root password | ||
19 | # transmitted on unsecure ttys. | ||
20 | # You can change it to a "required" module if you think it permits to | ||
21 | # guess valid user names of your system (invalid user names are considered | ||
22 | # as possibly being root). | ||
23 | auth [success=ok ignore=ignore user_unknown=ignore default=die] pam_securetty.so | ||
24 | |||
25 | # Disallows other than root logins when /etc/nologin exists | ||
26 | # (Replaces the `NOLOGINS_FILE' option from login.defs) | ||
27 | auth requisite pam_nologin.so | ||
28 | |||
29 | # SELinux needs to be the first session rule. This ensures that any | ||
30 | # lingering context has been cleared. Without out this it is possible | ||
31 | # that a module could execute code in the wrong domain. | ||
32 | # When the module is present, "required" would be sufficient (When SELinux | ||
33 | # is disabled, this returns success.) | ||
34 | session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so close | ||
35 | |||
36 | # This module parses environment configuration file(s) | ||
37 | # and also allows you to use an extended config | ||
38 | # file /etc/security/pam_env.conf. | ||
39 | # | ||
40 | # parsing /etc/environment needs "readenv=1" | ||
41 | session required pam_env.so readenv=1 | ||
42 | # locale variables are also kept into /etc/default/locale in etch | ||
43 | # reading this file *in addition to /etc/environment* does not hurt | ||
44 | session required pam_env.so readenv=1 envfile=/etc/default/locale | ||
45 | |||
46 | # Standard Un*x authentication. | ||
47 | auth include common-auth | ||
48 | |||
49 | # This allows certain extra groups to be granted to a user | ||
50 | # based on things like time of day, tty, service, and user. | ||
51 | # Please edit /etc/security/group.conf to fit your needs | ||
52 | # (Replaces the `CONSOLE_GROUPS' option in login.defs) | ||
53 | auth optional pam_group.so | ||
54 | |||
55 | # Uncomment and edit /etc/security/time.conf if you need to set | ||
56 | # time restrainst on logins. | ||
57 | # (Replaces the `PORTTIME_CHECKS_ENAB' option from login.defs | ||
58 | # as well as /etc/porttime) | ||
59 | # account requisite pam_time.so | ||
60 | |||
61 | # Uncomment and edit /etc/security/access.conf if you need to | ||
62 | # set access limits. | ||
63 | # (Replaces /etc/login.access file) | ||
64 | # account required pam_access.so | ||
65 | |||
66 | # Sets up user limits according to /etc/security/limits.conf | ||
67 | # (Replaces the use of /etc/limits in old login) | ||
68 | session required pam_limits.so | ||
69 | |||
70 | # Prints the last login info upon succesful login | ||
71 | # (Replaces the `LASTLOG_ENAB' option from login.defs) | ||
72 | session optional pam_lastlog.so | ||
73 | |||
74 | # Prints the motd upon succesful login | ||
75 | # (Replaces the `MOTD_FILE' option in login.defs) | ||
76 | session optional pam_motd.so | ||
77 | |||
78 | # Prints the status of the user's mailbox upon succesful login | ||
79 | # (Replaces the `MAIL_CHECK_ENAB' option from login.defs). | ||
80 | # | ||
81 | # This also defines the MAIL environment variable | ||
82 | # However, userdel also needs MAIL_DIR and MAIL_FILE variables | ||
83 | # in /etc/login.defs to make sure that removing a user | ||
84 | # also removes the user's mail spool file. | ||
85 | # See comments in /etc/login.defs | ||
86 | session optional pam_mail.so standard | ||
87 | |||
88 | # Standard Un*x account and session | ||
89 | account include common-account | ||
90 | password include common-password | ||
91 | session include common-session | ||
diff --git a/meta/recipes-extended/shadow/shadow-4.1.4.2/pam.d/newusers b/meta/recipes-extended/shadow/shadow-4.1.4.2/pam.d/newusers new file mode 100644 index 0000000000..4aa3dde48b --- /dev/null +++ b/meta/recipes-extended/shadow/shadow-4.1.4.2/pam.d/newusers | |||
@@ -0,0 +1,4 @@ | |||
1 | # The PAM configuration file for the Shadow 'newusers' service | ||
2 | # | ||
3 | |||
4 | password include common-password | ||
diff --git a/meta/recipes-extended/shadow/shadow-4.1.4.2/pam.d/passwd b/meta/recipes-extended/shadow/shadow-4.1.4.2/pam.d/passwd new file mode 100644 index 0000000000..f534992435 --- /dev/null +++ b/meta/recipes-extended/shadow/shadow-4.1.4.2/pam.d/passwd | |||
@@ -0,0 +1,5 @@ | |||
1 | # | ||
2 | # The PAM configuration file for the Shadow `passwd' service | ||
3 | # | ||
4 | |||
5 | password include common-password | ||
diff --git a/meta/recipes-extended/shadow/shadow-4.1.4.2/pam.d/su b/meta/recipes-extended/shadow/shadow-4.1.4.2/pam.d/su new file mode 100644 index 0000000000..8e35137f37 --- /dev/null +++ b/meta/recipes-extended/shadow/shadow-4.1.4.2/pam.d/su | |||
@@ -0,0 +1,60 @@ | |||
1 | # | ||
2 | # The PAM configuration file for the Shadow `su' service | ||
3 | # | ||
4 | |||
5 | # This allows root to su without passwords (normal operation) | ||
6 | auth sufficient pam_rootok.so | ||
7 | |||
8 | # Uncomment this to force users to be a member of group root | ||
9 | # before they can use `su'. You can also add "group=foo" | ||
10 | # to the end of this line if you want to use a group other | ||
11 | # than the default "root" (but this may have side effect of | ||
12 | # denying "root" user, unless she's a member of "foo" or explicitly | ||
13 | # permitted earlier by e.g. "sufficient pam_rootok.so"). | ||
14 | # (Replaces the `SU_WHEEL_ONLY' option from login.defs) | ||
15 | # auth required pam_wheel.so | ||
16 | |||
17 | # Uncomment this if you want wheel members to be able to | ||
18 | # su without a password. | ||
19 | # auth sufficient pam_wheel.so trust | ||
20 | |||
21 | # Uncomment this if you want members of a specific group to not | ||
22 | # be allowed to use su at all. | ||
23 | # auth required pam_wheel.so deny group=nosu | ||
24 | |||
25 | # Uncomment and edit /etc/security/time.conf if you need to set | ||
26 | # time restrainst on su usage. | ||
27 | # (Replaces the `PORTTIME_CHECKS_ENAB' option from login.defs | ||
28 | # as well as /etc/porttime) | ||
29 | # account requisite pam_time.so | ||
30 | |||
31 | # This module parses environment configuration file(s) | ||
32 | # and also allows you to use an extended config | ||
33 | # file /etc/security/pam_env.conf. | ||
34 | # | ||
35 | # parsing /etc/environment needs "readenv=1" | ||
36 | session required pam_env.so readenv=1 | ||
37 | # locale variables are also kept into /etc/default/locale in etch | ||
38 | # reading this file *in addition to /etc/environment* does not hurt | ||
39 | session required pam_env.so readenv=1 envfile=/etc/default/locale | ||
40 | |||
41 | # Defines the MAIL environment variable | ||
42 | # However, userdel also needs MAIL_DIR and MAIL_FILE variables | ||
43 | # in /etc/login.defs to make sure that removing a user | ||
44 | # also removes the user's mail spool file. | ||
45 | # See comments in /etc/login.defs | ||
46 | # | ||
47 | # "nopen" stands to avoid reporting new mail when su'ing to another user | ||
48 | session optional pam_mail.so nopen | ||
49 | |||
50 | # Sets up user limits, please uncomment and read /etc/security/limits.conf | ||
51 | # to enable this functionality. | ||
52 | # (Replaces the use of /etc/limits in old login) | ||
53 | # session required pam_limits.so | ||
54 | |||
55 | # The standard Unix authentication modules, used with | ||
56 | # NIS (man nsswitch) as well as normal /etc/passwd and | ||
57 | # /etc/shadow entries. | ||
58 | auth include common-auth | ||
59 | account include common-account | ||
60 | session include common-session | ||