summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--nonsystemd/pambase/PKGBUILD10
-rw-r--r--nonsystemd/pambase/system-auth29
-rw-r--r--nonsystemd/pambase/system-login4
3 files changed, 24 insertions, 19 deletions
diff --git a/nonsystemd/pambase/PKGBUILD b/nonsystemd/pambase/PKGBUILD
index ebce9502c..81e0f85ad 100644
--- a/nonsystemd/pambase/PKGBUILD
+++ b/nonsystemd/pambase/PKGBUILD
@@ -2,14 +2,14 @@
# Maintainer (Arch): Dave Reisner <dreisner@archlinux.org>
pkgname=pambase
-pkgver=20190105.1
+pkgver=20200721.1
pkgrel=2
pkgrel+=.nonsystemd1
pkgdesc="Base PAM configuration for services"
arch=('any')
-depends=('opensysusers')
-url="https://www.artixlinux.org"
+url="https://www.parabola.nu"
license=('GPL')
+depends=('opensysusers')
source=('system-auth'
'system-local-login'
'system-login'
@@ -22,9 +22,9 @@ backup=('etc/pam.d/system-auth'
'etc/pam.d/system-remote-login'
'etc/pam.d/system-services'
'etc/pam.d/other')
-sha256sums=('3eb67872e436817ec97c4f3795adba2cf1d3829ea4e107ef5747569e4eeb5746'
+sha256sums=('a3304c0e332c47dc9b7f2caa99e69861bccb31cc7317d52c289d20da8c6f281c'
'005736b9bd650ff5e5d82a7e288853776d5bb8c90185d5774c07231c1e1c64a9'
- 'b6eb59f7aaee4b168f70df8e1b941eb533f6f73dbea8beb6457537106c32fde8'
+ '85dfcde6339dfb9683ad2fffd8e34bd30c8d05d3a0be8565b05fb109bf4eba8d'
'005736b9bd650ff5e5d82a7e288853776d5bb8c90185d5774c07231c1e1c64a9'
'6eb1acdd3fa9f71a7f93fbd529be57ea65bcafc6e3a98a06af4d88013fc6a567'
'd5ed59ec2157c19c87964a162f7ca84d53c19fb2bd68d3fbc1671ba8d906346f')
diff --git a/nonsystemd/pambase/system-auth b/nonsystemd/pambase/system-auth
index 264504360..9b2da4567 100644
--- a/nonsystemd/pambase/system-auth
+++ b/nonsystemd/pambase/system-auth
@@ -1,16 +1,23 @@
#%PAM-1.0
-auth required pam_unix.so try_first_pass nullok
-auth optional pam_permit.so
-auth required pam_env.so
+auth required pam_faillock.so preauth
+# Optionally use requisite above if you do not want to prompt for the password
+# on locked accounts.
+auth [success=1 default=ignore] pam_unix.so try_first_pass nullok
+auth [default=die] pam_faillock.so authfail
+auth optional pam_permit.so
+auth required pam_env.so
+auth required pam_faillock.so authsucc
+# If you drop the above call to pam_faillock.so the lock will be done also
+# on non-consecutive authentication failures.
-account required pam_unix.so
-account optional pam_permit.so
-account required pam_time.so
+account required pam_unix.so
+account optional pam_permit.so
+account required pam_time.so
-password required pam_unix.so try_first_pass nullok sha512 shadow
-password optional pam_permit.so
+password required pam_unix.so try_first_pass nullok shadow
+password optional pam_permit.so
-session required pam_limits.so
-session required pam_unix.so
-session optional pam_permit.so
+session required pam_limits.so
+session required pam_unix.so
+session optional pam_permit.so
diff --git a/nonsystemd/pambase/system-login b/nonsystemd/pambase/system-login
index 79493ab45..9f51d987d 100644
--- a/nonsystemd/pambase/system-login
+++ b/nonsystemd/pambase/system-login
@@ -1,11 +1,9 @@
#%PAM-1.0
-auth required pam_tally2.so onerr=succeed file=/var/log/tallylog
auth required pam_shells.so
auth requisite pam_nologin.so
auth include system-auth
-account required pam_tally2.so
account required pam_access.so
account required pam_nologin.so
account include system-auth
@@ -18,4 +16,4 @@ session include system-auth
session optional pam_motd.so motd=/etc/motd
session optional pam_mail.so dir=/var/spool/mail standard quiet
-session optional pam_elogind.so
-session required pam_env.so
+session required pam_env.so user_readenv=1