1 |
commit: 639b45ccb986de7314372a4a841e6f04c536c49a |
2 |
Author: Sam James <sam <AT> gentoo <DOT> org> |
3 |
AuthorDate: Fri Jan 29 03:46:42 2021 +0000 |
4 |
Commit: Sam James <sam <AT> gentoo <DOT> org> |
5 |
CommitDate: Fri Jan 29 03:46:42 2021 +0000 |
6 |
URL: https://gitweb.gentoo.org/proj/pambase.git/commit/?id=639b45cc |
7 |
|
8 |
Add systemd-homed support |
9 |
|
10 |
Bug: https://bugs.gentoo.org/767784 |
11 |
Signed-off-by: Sam James <sam <AT> gentoo.org> |
12 |
|
13 |
pambase.py | 1 + |
14 |
templates/system-auth.tpl | 6 ++++++ |
15 |
templates/system-session.tpl | 4 ++++ |
16 |
3 files changed, 11 insertions(+) |
17 |
|
18 |
diff --git a/pambase.py b/pambase.py |
19 |
index 278d578..eb3d4fe 100755 |
20 |
--- a/pambase.py |
21 |
+++ b/pambase.py |
22 |
@@ -9,6 +9,7 @@ def main(): |
23 |
parser = argparse.ArgumentParser(description='basic Gentoo PAM configuration files') |
24 |
parser.add_argument('--gnome-keyring', action="store_true", help='enable pam_gnome_keyring.so module') |
25 |
parser.add_argument('--caps', action="store_true", help='enable pam_cap.so module') |
26 |
+ parser.add_argument('--homed', action="store_true", help='enable pam_systemd_homed.so module') |
27 |
parser.add_argument('--passwdqc', action="store_true", help='enable pam_passwdqc.so module') |
28 |
parser.add_argument('--pwhistory', action="store_true", help='enable pam_pwhistory.so module') |
29 |
parser.add_argument('--pwquality', action="store_true", help='enable pam_pwquality.so module') |
30 |
|
31 |
diff --git a/templates/system-auth.tpl b/templates/system-auth.tpl |
32 |
index 01a29db..53557dc 100644 |
33 |
--- a/templates/system-auth.tpl |
34 |
+++ b/templates/system-auth.tpl |
35 |
@@ -2,6 +2,9 @@ auth required pam_env.so {{ debug|default('', true) }} |
36 |
{% if pam_ssh %} |
37 |
auth sufficient pam_ssh.so |
38 |
{% endif %} |
39 |
+{% if homed %} |
40 |
+-auth sufficient pam_systemd_home.so |
41 |
+{% endif %} |
42 |
|
43 |
{% if krb5 %} |
44 |
auth [success=3 default=ignore] pam_krb5.so {{ krb5_params }} |
45 |
@@ -15,6 +18,9 @@ auth [default=die] pam_faillock.so authfail |
46 |
-auth optional pam_cap.so |
47 |
{% endif %} |
48 |
|
49 |
+{% if homed %} |
50 |
+-account sufficient pam_systemd_home.so |
51 |
+{% endif %} |
52 |
{% if krb5 %} |
53 |
account [success=2 default=ignore] pam_krb5.so {{ krb5_params }} |
54 |
{% endif %} |
55 |
|
56 |
diff --git a/templates/system-session.tpl b/templates/system-session.tpl |
57 |
index 2a7024b..3dd1d70 100644 |
58 |
--- a/templates/system-session.tpl |
59 |
+++ b/templates/system-session.tpl |
60 |
@@ -4,6 +4,10 @@ session required pam_env.so {{ debug|default('', true) }} |
61 |
session optional pam_mktemp.so |
62 |
{% endif %} |
63 |
|
64 |
+{% if homed %} |
65 |
+-session optional pam_systemd_home.so |
66 |
+{% endif %} |
67 |
+ |
68 |
{%if krb5 %} |
69 |
session [success=1 default=ignore] pam_krb5.so {{ krb5_params }} |
70 |
{% endif %} |