Initial commit.
This commit is contained in:
9
pam.d/atd
Normal file
9
pam.d/atd
Normal file
@@ -0,0 +1,9 @@
|
||||
# The PAM configuration file for the at daemon
|
||||
#
|
||||
#
|
||||
auth required pam_env.so
|
||||
auth include password-auth
|
||||
account required pam_access.so
|
||||
account include password-auth
|
||||
session required pam_loginuid.so
|
||||
session include password-auth
|
||||
6
pam.d/chfn
Normal file
6
pam.d/chfn
Normal file
@@ -0,0 +1,6 @@
|
||||
#%PAM-1.0
|
||||
auth sufficient pam_rootok.so
|
||||
auth include system-auth
|
||||
account include system-auth
|
||||
password include system-auth
|
||||
session include system-auth
|
||||
6
pam.d/chsh
Normal file
6
pam.d/chsh
Normal file
@@ -0,0 +1,6 @@
|
||||
#%PAM-1.0
|
||||
auth sufficient pam_rootok.so
|
||||
auth include system-auth
|
||||
account include system-auth
|
||||
password include system-auth
|
||||
session include system-auth
|
||||
20
pam.d/cockpit
Normal file
20
pam.d/cockpit
Normal file
@@ -0,0 +1,20 @@
|
||||
#%PAM-1.0
|
||||
# this MUST be first in the "auth" stack as it sets PAM_USER
|
||||
# user_unknown is definitive, so die instead of ignore to avoid subsequent modules mess up the error code
|
||||
-auth [success=done new_authtok_reqd=done user_unknown=die default=ignore] pam_cockpit_cert.so
|
||||
auth required pam_sepermit.so
|
||||
auth substack password-auth
|
||||
auth include postlogin
|
||||
auth optional pam_ssh_add.so
|
||||
account required pam_nologin.so
|
||||
account include password-auth
|
||||
password include password-auth
|
||||
# pam_selinux.so close should be the first session rule
|
||||
session required pam_selinux.so close
|
||||
session required pam_loginuid.so
|
||||
# pam_selinux.so open should only be followed by sessions to be executed in the user context
|
||||
session required pam_selinux.so open env_params
|
||||
session optional pam_keyinit.so force revoke
|
||||
session optional pam_ssh_add.so
|
||||
session include password-auth
|
||||
session include postlogin
|
||||
8
pam.d/config-util
Normal file
8
pam.d/config-util
Normal file
@@ -0,0 +1,8 @@
|
||||
#%PAM-1.0
|
||||
auth sufficient pam_rootok.so
|
||||
auth sufficient pam_timestamp.so
|
||||
auth include system-auth
|
||||
account required pam_permit.so
|
||||
session required pam_permit.so
|
||||
session optional pam_xauth.so
|
||||
session optional pam_timestamp.so
|
||||
11
pam.d/crond
Normal file
11
pam.d/crond
Normal file
@@ -0,0 +1,11 @@
|
||||
#
|
||||
# The PAM configuration file for the cron daemon
|
||||
#
|
||||
#
|
||||
# Although no PAM authentication is called, auth modules
|
||||
# are used for credential setting
|
||||
auth include password-auth
|
||||
account required pam_access.so
|
||||
account include password-auth
|
||||
session required pam_loginuid.so
|
||||
session include password-auth
|
||||
5
pam.d/dovecot
Normal file
5
pam.d/dovecot
Normal file
@@ -0,0 +1,5 @@
|
||||
#%PAM-1.0
|
||||
auth required pam_nologin.so
|
||||
auth include password-auth
|
||||
account include password-auth
|
||||
session include password-auth
|
||||
19
pam.d/fingerprint-auth
Normal file
19
pam.d/fingerprint-auth
Normal file
@@ -0,0 +1,19 @@
|
||||
#%PAM-1.0
|
||||
# This file is auto-generated.
|
||||
# User changes will be destroyed the next time authselect is run.
|
||||
auth required pam_env.so
|
||||
auth sufficient pam_fprintd.so
|
||||
auth required pam_deny.so
|
||||
|
||||
account required pam_unix.so
|
||||
account sufficient pam_localuser.so
|
||||
account sufficient pam_succeed_if.so uid < 500 quiet
|
||||
account required pam_permit.so
|
||||
|
||||
password required pam_deny.so
|
||||
|
||||
session optional pam_keyinit.so revoke
|
||||
session required pam_limits.so
|
||||
-session optional pam_systemd.so
|
||||
session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid
|
||||
session required pam_unix.so
|
||||
17
pam.d/login
Normal file
17
pam.d/login
Normal file
@@ -0,0 +1,17 @@
|
||||
#%PAM-1.0
|
||||
auth substack system-auth
|
||||
auth include postlogin
|
||||
account required pam_nologin.so
|
||||
account include system-auth
|
||||
password include system-auth
|
||||
# pam_selinux.so close should be the first session rule
|
||||
session required pam_selinux.so close
|
||||
session required pam_loginuid.so
|
||||
session optional pam_console.so
|
||||
# pam_selinux.so open should only be followed by sessions to be executed in the user context
|
||||
session required pam_selinux.so open
|
||||
session required pam_namespace.so
|
||||
session optional pam_keyinit.so force revoke
|
||||
session include system-auth
|
||||
session include postlogin
|
||||
-session optional pam_ck_connector.so
|
||||
13
pam.d/mock
Normal file
13
pam.d/mock
Normal file
@@ -0,0 +1,13 @@
|
||||
#%PAM-1.0
|
||||
auth sufficient pam_rootok.so
|
||||
auth sufficient pam_succeed_if.so user ingroup mock use_uid quiet
|
||||
# Uncomment the following line to implicitly trust users in the "wheel" group.
|
||||
#auth sufficient pam_wheel.so trust use_uid
|
||||
# Uncomment the following line to require a user to be in the "wheel" group.
|
||||
#auth required pam_wheel.so use_uid
|
||||
auth include system-auth
|
||||
account sufficient pam_succeed_if.so user ingroup mock use_uid quiet
|
||||
account include system-auth
|
||||
password include system-auth
|
||||
session include system-auth
|
||||
session optional pam_xauth.so
|
||||
5
pam.d/other
Normal file
5
pam.d/other
Normal file
@@ -0,0 +1,5 @@
|
||||
#%PAM-1.0
|
||||
auth required pam_deny.so
|
||||
account required pam_deny.so
|
||||
password required pam_deny.so
|
||||
session required pam_deny.so
|
||||
5
pam.d/passwd
Normal file
5
pam.d/passwd
Normal file
@@ -0,0 +1,5 @@
|
||||
#%PAM-1.0
|
||||
# This tool only uses the password stack.
|
||||
password substack system-auth
|
||||
-password optional pam_gnome_keyring.so use_authtok
|
||||
password substack postlogin
|
||||
17
pam.d/password-auth
Normal file
17
pam.d/password-auth
Normal file
@@ -0,0 +1,17 @@
|
||||
auth required pam_env.so
|
||||
auth sufficient pam_unix.so try_first_pass nullok
|
||||
auth required pam_deny.so
|
||||
auth required pam_tally2.so file=/var/log/tallylog deny=3 even_deny_root unlock_time=1200
|
||||
|
||||
account required pam_unix.so
|
||||
|
||||
password requisite pam_pwquality.so try_first_pass local_users_only retry=3 authtok_type=
|
||||
password sufficient pam_unix.so try_first_pass use_authtok nullok sha512 shadow
|
||||
password required pam_deny.so
|
||||
|
||||
session optional pam_keyinit.so
|
||||
session required pam_limits.so
|
||||
-session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid
|
||||
session required pam_unix.so
|
||||
|
||||
|
||||
6
pam.d/polkit-1
Normal file
6
pam.d/polkit-1
Normal file
@@ -0,0 +1,6 @@
|
||||
#%PAM-1.0
|
||||
|
||||
auth include system-auth
|
||||
account include system-auth
|
||||
password include system-auth
|
||||
session include system-auth
|
||||
8
pam.d/postlogin
Normal file
8
pam.d/postlogin
Normal file
@@ -0,0 +1,8 @@
|
||||
#%PAM-1.0
|
||||
# This file is auto-generated.
|
||||
# User changes will be destroyed the next time authselect is run.
|
||||
|
||||
session optional pam_umask.so silent
|
||||
session [success=1 default=ignore] pam_succeed_if.so service !~ gdm* service !~ su* quiet
|
||||
session [default=1] pam_lastlog.so nowtmp showfailed
|
||||
session optional pam_lastlog.so silent noupdate showfailed
|
||||
5
pam.d/ppp
Normal file
5
pam.d/ppp
Normal file
@@ -0,0 +1,5 @@
|
||||
#%PAM-1.0
|
||||
auth include password-auth
|
||||
account required pam_nologin.so
|
||||
account include password-auth
|
||||
session include password-auth
|
||||
15
pam.d/remote
Normal file
15
pam.d/remote
Normal file
@@ -0,0 +1,15 @@
|
||||
#%PAM-1.0
|
||||
auth substack password-auth
|
||||
auth include postlogin
|
||||
account required pam_nologin.so
|
||||
account include password-auth
|
||||
password include password-auth
|
||||
# pam_selinux.so close should be the first session rule
|
||||
session required pam_selinux.so close
|
||||
session required pam_loginuid.so
|
||||
# pam_selinux.so open should only be followed by sessions to be executed in the user context
|
||||
session required pam_selinux.so open
|
||||
session required pam_namespace.so
|
||||
session optional pam_keyinit.so force revoke
|
||||
session include password-auth
|
||||
session include postlogin
|
||||
5
pam.d/runuser
Normal file
5
pam.d/runuser
Normal file
@@ -0,0 +1,5 @@
|
||||
#%PAM-1.0
|
||||
auth sufficient pam_rootok.so
|
||||
session optional pam_keyinit.so revoke
|
||||
session required pam_limits.so
|
||||
session required pam_unix.so
|
||||
5
pam.d/runuser-l
Normal file
5
pam.d/runuser-l
Normal file
@@ -0,0 +1,5 @@
|
||||
#%PAM-1.0
|
||||
auth include runuser
|
||||
session optional pam_keyinit.so force revoke
|
||||
-session optional pam_systemd.so
|
||||
session include runuser
|
||||
2
pam.d/screen
Normal file
2
pam.d/screen
Normal file
@@ -0,0 +1,2 @@
|
||||
#%PAM-1.0
|
||||
auth include system-auth
|
||||
19
pam.d/smartcard-auth
Normal file
19
pam.d/smartcard-auth
Normal file
@@ -0,0 +1,19 @@
|
||||
#%PAM-1.0
|
||||
# This file is auto-generated.
|
||||
# User changes will be destroyed the next time authselect is run.
|
||||
auth required pam_env.so
|
||||
auth [success=done ignore=ignore default=die] pam_pkcs11.so wait_for_card
|
||||
auth required pam_deny.so
|
||||
|
||||
account required pam_unix.so
|
||||
account sufficient pam_localuser.so
|
||||
account sufficient pam_succeed_if.so uid < 500 quiet
|
||||
account required pam_permit.so
|
||||
|
||||
password optional pam_pkcs11.so
|
||||
|
||||
session optional pam_keyinit.so revoke
|
||||
session required pam_limits.so
|
||||
-session optional pam_systemd.so
|
||||
session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid
|
||||
session required pam_unix.so
|
||||
1
pam.d/smtp
Symbolic link
1
pam.d/smtp
Symbolic link
@@ -0,0 +1 @@
|
||||
/etc/alternatives/mta-pam
|
||||
3
pam.d/smtp.postfix
Normal file
3
pam.d/smtp.postfix
Normal file
@@ -0,0 +1,3 @@
|
||||
#%PAM-1.0
|
||||
auth include password-auth
|
||||
account include password-auth
|
||||
17
pam.d/sshd
Normal file
17
pam.d/sshd
Normal file
@@ -0,0 +1,17 @@
|
||||
#%PAM-1.0
|
||||
auth substack password-auth
|
||||
auth include postlogin
|
||||
account required pam_sepermit.so
|
||||
account required pam_nologin.so
|
||||
account include password-auth
|
||||
password include password-auth
|
||||
# pam_selinux.so close should be the first session rule
|
||||
session required pam_selinux.so close
|
||||
session required pam_loginuid.so
|
||||
# pam_selinux.so open should only be followed by sessions to be executed in the user context
|
||||
session required pam_selinux.so open env_params
|
||||
session required pam_namespace.so
|
||||
session optional pam_keyinit.so force revoke
|
||||
session optional pam_motd.so
|
||||
session include password-auth
|
||||
session include postlogin
|
||||
6
pam.d/sssd-shadowutils
Normal file
6
pam.d/sssd-shadowutils
Normal file
@@ -0,0 +1,6 @@
|
||||
#%PAM-1.0
|
||||
auth [success=done ignore=ignore default=die] pam_unix.so nullok try_first_pass
|
||||
auth required pam_deny.so
|
||||
|
||||
account required pam_unix.so
|
||||
account required pam_permit.so
|
||||
16
pam.d/su
Normal file
16
pam.d/su
Normal file
@@ -0,0 +1,16 @@
|
||||
#%PAM-1.0
|
||||
auth required pam_env.so
|
||||
auth sufficient pam_rootok.so
|
||||
# Uncomment the following line to implicitly trust users in the "wheel" group.
|
||||
#auth sufficient pam_wheel.so trust use_uid
|
||||
# Uncomment the following line to require a user to be in the "wheel" group.
|
||||
#auth required pam_wheel.so use_uid
|
||||
auth substack system-auth
|
||||
auth include postlogin
|
||||
account sufficient pam_succeed_if.so uid = 0 use_uid quiet
|
||||
account include system-auth
|
||||
password include system-auth
|
||||
session include system-auth
|
||||
session include postlogin
|
||||
session optional pam_xauth.so
|
||||
auth required pam_wheel.so use_uid
|
||||
6
pam.d/su-l
Normal file
6
pam.d/su-l
Normal file
@@ -0,0 +1,6 @@
|
||||
#%PAM-1.0
|
||||
auth include su
|
||||
account include su
|
||||
password include su
|
||||
session optional pam_keyinit.so force revoke
|
||||
session include su
|
||||
4
pam.d/subscription-manager
Normal file
4
pam.d/subscription-manager
Normal file
@@ -0,0 +1,4 @@
|
||||
#%PAM-1.0
|
||||
auth include config-util
|
||||
account include config-util
|
||||
session include config-util
|
||||
5
pam.d/sudo
Normal file
5
pam.d/sudo
Normal file
@@ -0,0 +1,5 @@
|
||||
#%PAM-1.0
|
||||
auth include system-auth
|
||||
account include system-auth
|
||||
password include system-auth
|
||||
session include system-auth
|
||||
6
pam.d/sudo-i
Normal file
6
pam.d/sudo-i
Normal file
@@ -0,0 +1,6 @@
|
||||
#%PAM-1.0
|
||||
auth include sudo
|
||||
account include sudo
|
||||
password include sudo
|
||||
session optional pam_keyinit.so force revoke
|
||||
session include sudo
|
||||
18
pam.d/system-auth
Normal file
18
pam.d/system-auth
Normal file
@@ -0,0 +1,18 @@
|
||||
#%PAM-1.0
|
||||
# This file is auto-generated.
|
||||
# User changes will be destroyed the next time authselect is run.
|
||||
auth required pam_env.so
|
||||
auth sufficient pam_unix.so try_first_pass nullok
|
||||
auth required pam_deny.so
|
||||
|
||||
account required pam_unix.so
|
||||
|
||||
password requisite pam_pwquality.so try_first_pass local_users_only retry=3 authtok_type=
|
||||
password sufficient pam_unix.so try_first_pass use_authtok nullok sha512 shadow
|
||||
password required pam_deny.so
|
||||
|
||||
session optional pam_keyinit.so revoke
|
||||
session required pam_limits.so
|
||||
-session optional pam_systemd.so
|
||||
session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid
|
||||
session required pam_unix.so
|
||||
21
pam.d/system-auth-ac
Executable file
21
pam.d/system-auth-ac
Executable file
@@ -0,0 +1,21 @@
|
||||
#%PAM-1.0
|
||||
# This file is auto-generated.
|
||||
# User changes will be destroyed the next time authconfig is run.
|
||||
auth required pam_env.so
|
||||
auth sufficient pam_unix.so nullok try_first_pass
|
||||
auth requisite pam_succeed_if.so uid >= 500 quiet
|
||||
auth required pam_deny.so
|
||||
|
||||
account required pam_unix.so
|
||||
account sufficient pam_localuser.so
|
||||
account sufficient pam_succeed_if.so uid < 500 quiet
|
||||
account required pam_permit.so
|
||||
|
||||
password requisite pam_cracklib.so try_first_pass retry=3 type=
|
||||
password sufficient pam_unix.so sha512 shadow nullok try_first_pass use_authtok
|
||||
password required pam_deny.so
|
||||
|
||||
session optional pam_keyinit.so revoke
|
||||
session required pam_limits.so
|
||||
session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid
|
||||
session required pam_unix.so
|
||||
10
pam.d/systemd-user
Normal file
10
pam.d/systemd-user
Normal file
@@ -0,0 +1,10 @@
|
||||
# This file is part of systemd.
|
||||
#
|
||||
# Used by systemd --user instances.
|
||||
|
||||
account include system-auth
|
||||
|
||||
session required pam_selinux.so close
|
||||
session required pam_selinux.so nottys open
|
||||
session required pam_loginuid.so
|
||||
session include system-auth
|
||||
3
pam.d/vlock
Normal file
3
pam.d/vlock
Normal file
@@ -0,0 +1,3 @@
|
||||
#%PAM-1.0
|
||||
auth include system-auth
|
||||
account required pam_permit.so
|
||||
5
pam.d/vmtoolsd
Normal file
5
pam.d/vmtoolsd
Normal file
@@ -0,0 +1,5 @@
|
||||
#%PAM-1.0
|
||||
auth substack password-auth
|
||||
auth include postlogin
|
||||
account required pam_nologin.so
|
||||
account include password-auth
|
||||
8
pam.d/vsftpd
Normal file
8
pam.d/vsftpd
Normal file
@@ -0,0 +1,8 @@
|
||||
#%PAM-1.0
|
||||
session optional pam_keyinit.so force revoke
|
||||
auth required pam_listfile.so item=user sense=deny file=/etc/vsftpd/ftpusers onerr=succeed
|
||||
auth required pam_shells.so
|
||||
auth include password-auth
|
||||
account include password-auth
|
||||
session required pam_loginuid.so
|
||||
session include password-auth
|
||||
Reference in New Issue
Block a user