diff options
| author |   Diego Elio 'Flameeyes' Pettenò <flameeyes@gmail.com> | 2010-03-10 01:29:35 +0100 |
|---|---|---|
| committer | Diego Elio 'Flameeyes' Pettenò <flameeyes@gmail.com> | 2010-03-10 01:29:35 +0100 |
| commit | 2cc5de847cec6868408550b2973faaf1381f7834 (patch) | |
| tree | 1e7844571c6407ea2f3182dfd07dc65abad33936 | |
| parent | Don't change the default path of the tally module, since the two use differen... (diff) | |
| download | pambase-2cc5de847cec6868408550b2973faaf1381f7834.tar.gz pambase-2cc5de847cec6868408550b2973faaf1381f7834.tar.bz2 pambase-2cc5de847cec6868408550b2973faaf1381f7834.zip | |
Improve handling of services and the session chain.pambase-20100310
The system-services stack will now provide auth (always permitted) and
account (use system-auth stack) chains, so that services like fcron can use
it.
Session handling is instead split out of system-auth and system-services
into not a stack but an included file providing the session chain for both
of them, this allows to edit a single file in pambase and provide the two
session chains, that might very well be separated (indeed, services don't
use pam_ssh).
| -rw-r--r-- | system-auth.in | 16 | ||||
| -rw-r--r-- | system-services.in | 18 | ||||
| -rw-r--r-- | system-session.inc | 13 |
3 files changed, 20 insertions, 27 deletions
diff --git a/system-auth.in b/system-auth.in index d8f525f..941d925 100644 --- a/system-auth.in +++ b/system-auth.in @@ -15,20 +15,8 @@ password required pam_cracklib.so difok=2 minlen=8 dcredit=2 ocredit=2 retry=3 D password required pam_passwdqc.so min=8,8,8,8,8 retry=3 #endif password required pam_unix.so try_first_pass AUTHTOK nullok UNIX_EXTENDED_ENCRYPTION DEBUG - -#if HAVE_LIMITS -session required pam_limits.so DEBUG -#endif -#if HAVE_ENV -session required pam_env.so DEBUG -#endif -#if HAVE_MKTEMP -session optional pam_mktemp.so -#endif + #if HAVE_PAM_SSH session optional pam_ssh.so #endif -#if SUPPORT_UNIX_SESSION -session required pam_unix.so DEBUG -#endif -session optional pam_permit.so +#include "system-session.inc" diff --git a/system-services.in b/system-services.in index 9d4aea1..00b6e43 100644 --- a/system-services.in +++ b/system-services.in @@ -1,13 +1,5 @@ -#if HAVE_LIMITS -session required pam_limits.so DEBUG -#endif -#if HAVE_ENV -session required pam_env.so DEBUG -#endif -#if HAVE_MKTEMP -session optional pam_mktemp.so -#endif -#if SUPPORT_UNIX_SESSION -session required pam_unix.so DEBUG -#endif -session optional pam_permit.so +auth sufficient pam_permit.so + +account include system-auth + +#include "system-session.inc" diff --git a/system-session.inc b/system-session.inc new file mode 100644 index 0000000..9d4aea1 --- /dev/null +++ b/system-session.inc @@ -0,0 +1,13 @@ +#if HAVE_LIMITS +session required pam_limits.so DEBUG +#endif +#if HAVE_ENV +session required pam_env.so DEBUG +#endif +#if HAVE_MKTEMP +session optional pam_mktemp.so +#endif +#if SUPPORT_UNIX_SESSION +session required pam_unix.so DEBUG +#endif +session optional pam_permit.so |