1 |
commit: fbbc2d49c860857b2fe4b2a6cdb967b0867261c9 |
2 |
Author: Mikle KOlyada <zlogene <AT> gentoo <DOT> org> |
3 |
AuthorDate: Sat Jan 30 19:50:12 2021 +0000 |
4 |
Commit: Sam James <sam <AT> gentoo <DOT> org> |
5 |
CommitDate: Sun Jan 31 21:37:17 2021 +0000 |
6 |
URL: https://gitweb.gentoo.org/proj/pambase.git/commit/?id=fbbc2d49 |
7 |
|
8 |
systemd-auth: add systemd-homed support |
9 |
|
10 |
Signed-off-by: Mikle KOlyada <zlogene <AT> gentoo.org> |
11 |
Closes: https://github.com/gentoo/pambase/pull/5 |
12 |
Signed-off-by: Sam James <sam <AT> gentoo.org> |
13 |
|
14 |
pambase.py | 1 + |
15 |
templates/system-auth.tpl | 18 ++++++++++++++++-- |
16 |
templates/system-session.tpl | 4 ++++ |
17 |
3 files changed, 21 insertions(+), 2 deletions(-) |
18 |
|
19 |
diff --git a/pambase.py b/pambase.py |
20 |
index 278d578..c078156 100755 |
21 |
--- a/pambase.py |
22 |
+++ b/pambase.py |
23 |
@@ -14,6 +14,7 @@ def main(): |
24 |
parser.add_argument('--pwquality', action="store_true", help='enable pam_pwquality.so module') |
25 |
parser.add_argument('--elogind', action="store_true", help='enable pam_elogind.so module') |
26 |
parser.add_argument('--systemd', action="store_true", help='enable pam_systemd.so module') |
27 |
+ parser.add_argument('--homed', action="store_true", help='enable pam_systemd_home.so module') |
28 |
parser.add_argument('--selinux', action="store_true", help='enable pam_selinux.so module') |
29 |
parser.add_argument('--mktemp', action="store_true", help='enable pam_mktemp.so module') |
30 |
parser.add_argument('--pam-ssh', action="store_true", help='enable pam_ssh.so module') |
31 |
|
32 |
diff --git a/templates/system-auth.tpl b/templates/system-auth.tpl |
33 |
index 01a29db..1adee05 100644 |
34 |
--- a/templates/system-auth.tpl |
35 |
+++ b/templates/system-auth.tpl |
36 |
@@ -8,16 +8,26 @@ auth [success=3 default=ignore] pam_krb5.so {{ krb5_params }} |
37 |
{% endif %} |
38 |
|
39 |
auth requisite pam_faillock.so preauth |
40 |
-auth [success=1 default=ignore] pam_unix.so {{ nullok|default('', true) }} {{ debug|default('', true) }} try_first_pass |
41 |
+{% if homed %} |
42 |
+auth [success=2 default=ignore] pam_unix.so {{ nullok|default('', true) }} {{ debug|default('', true) }} try_first_pass |
43 |
+auth [success=1 default=ignore] pam_systemd_home.so |
44 |
+{% else %} |
45 |
+auth [success=1 default=ignore] pam_unix.so {{ nullok|default('', true) }} {{ debug|default('', true) }} try_first_pas |
46 |
+{% endif %} |
47 |
auth [default=die] pam_faillock.so authfail |
48 |
|
49 |
{% if caps %} |
50 |
--auth optional pam_cap.so |
51 |
+auth optional pam_cap.so |
52 |
{% endif %} |
53 |
|
54 |
{% if krb5 %} |
55 |
account [success=2 default=ignore] pam_krb5.so {{ krb5_params }} |
56 |
{% endif %} |
57 |
+ |
58 |
+{% if homed %} |
59 |
+account [success=1 default=ignore] pam_systemd_home.so |
60 |
+{% endif %} |
61 |
+ |
62 |
account required pam_unix.so {{ debug|default('', true) }} |
63 |
account required pam_faillock.so |
64 |
|
65 |
@@ -37,6 +47,10 @@ password required pam_pwhistory.so use_authtok remember=5 retry=3 |
66 |
password [success=1 default=ignore] pam_krb5.so {{ krb5_params }} |
67 |
{% endif %} |
68 |
|
69 |
+{% if homed %} |
70 |
+password [success=1 default=ignore] pam_systemd_home.so |
71 |
+{% endif %} |
72 |
+ |
73 |
{% if passwdqc or pwquality %} |
74 |
password required pam_unix.so try_first_pass {{ unix_authtok|default('', true) }} {{ nullok|default('', true) }} {{ unix_extended_encryption|default('', true) }} {{ debug|default('', true) }} |
75 |
{% else %} |
76 |
|
77 |
diff --git a/templates/system-session.tpl b/templates/system-session.tpl |
78 |
index 2a7024b..536db49 100644 |
79 |
--- a/templates/system-session.tpl |
80 |
+++ b/templates/system-session.tpl |
81 |
@@ -8,4 +8,8 @@ session optional pam_mktemp.so |
82 |
session [success=1 default=ignore] pam_krb5.so {{ krb5_params }} |
83 |
{% endif %} |
84 |
|
85 |
+{% if homed %} |
86 |
+session [success=1 default=ignore] pam_systemd_home.so |
87 |
+{% endif %} |
88 |
+ |
89 |
session required pam_unix.so {{ debug|default('', true) }} |