commit: 5a545eb14a1220af1ba8031f3669471e77edbc2f Author: Mikle KOlyada <zlogene <AT> gentoo <DOT> org> AuthorDate: Sat Jan 30 19:50:12 2021 +0000 Commit: Sam James <sam <AT> gentoo <DOT> org> CommitDate: Sun Jan 31 21:36:01 2021 +0000 URL: https://gitweb.gentoo.org/proj/pambase.git/commit/?id=5a545eb1
systemd-auth: add systemd-homed support Signed-off-by: Mikle KOlyada <zlogene <AT> gentoo.org> Closes: https://github.com/gentoo/pambase/pull/5 Signed-off-by: Sam James <sam <AT> gentoo.org> pambase.py | 1 + templates/system-auth.tpl | 18 ++++++++++++++++-- templates/system-session.tpl | 4 ++++ 3 files changed, 21 insertions(+), 2 deletions(-) diff --git a/pambase.py b/pambase.py index eb3d4fe..b306ca4 100755 --- a/pambase.py +++ b/pambase.py @@ -15,6 +15,7 @@ def main(): parser.add_argument('--pwquality', action="store_true", help='enable pam_pwquality.so module') parser.add_argument('--elogind', action="store_true", help='enable pam_elogind.so module') parser.add_argument('--systemd', action="store_true", help='enable pam_systemd.so module') + parser.add_argument('--homed', action="store_true", help='enable pam_systemd_home.so module') parser.add_argument('--selinux', action="store_true", help='enable pam_selinux.so module') parser.add_argument('--mktemp', action="store_true", help='enable pam_mktemp.so module') parser.add_argument('--pam-ssh', action="store_true", help='enable pam_ssh.so module') diff --git a/templates/system-auth.tpl b/templates/system-auth.tpl index 53557dc..174aacf 100644 --- a/templates/system-auth.tpl +++ b/templates/system-auth.tpl @@ -11,11 +11,16 @@ auth [success=3 default=ignore] pam_krb5.so {{ krb5_params }} {% endif %} auth requisite pam_faillock.so preauth -auth [success=1 default=ignore] pam_unix.so {{ nullok|default('', true) }} {{ debug|default('', true) }} try_first_pass +{% if homed %} +auth [success=2 default=ignore] pam_unix.so {{ nullok|default('', true) }} {{ debug|default('', true) }} try_first_pass +auth [success=1 default=ignore] pam_systemd_home.so +{% else %} +auth [success=1 default=ignore] pam_unix.so {{ nullok|default('', true) }} {{ debug|default('', true) }} try_first_pas +{% endif %} auth [default=die] pam_faillock.so authfail {% if caps %} --auth optional pam_cap.so +auth optional pam_cap.so {% endif %} {% if homed %} @@ -24,6 +29,11 @@ auth [default=die] pam_faillock.so authfail {% if krb5 %} account [success=2 default=ignore] pam_krb5.so {{ krb5_params }} {% endif %} + +{% if homed %} +account [success=1 default=ignore] pam_systemd_home.so +{% endif %} + account required pam_unix.so {{ debug|default('', true) }} account required pam_faillock.so @@ -43,6 +53,10 @@ password required pam_pwhistory.so use_authtok remember=5 retry=3 password [success=1 default=ignore] pam_krb5.so {{ krb5_params }} {% endif %} +{% if homed %} +password [success=1 default=ignore] pam_systemd_home.so +{% endif %} + {% if passwdqc or pwquality %} password required pam_unix.so try_first_pass {{ unix_authtok|default('', true) }} {{ nullok|default('', true) }} {{ unix_extended_encryption|default('', true) }} {{ debug|default('', true) }} {% else %} diff --git a/templates/system-session.tpl b/templates/system-session.tpl index 3dd1d70..48653d4 100644 --- a/templates/system-session.tpl +++ b/templates/system-session.tpl @@ -12,4 +12,8 @@ session optional pam_mktemp.so session [success=1 default=ignore] pam_krb5.so {{ krb5_params }} {% endif %} +{% if homed %} +session [success=1 default=ignore] pam_systemd_home.so +{% endif %} + session required pam_unix.so {{ debug|default('', true) }}
