diff options
| author |   Alexandra Parker <alex.iris.parker@gmail.com> | 2022-02-12 13:30:29 -0800 |
|---|---|---|
| committer |   Sam James <sam@gentoo.org> | 2022-02-14 16:51:51 +0000 |
| commit | dacde6da43a9c87f896b842946b514cd49db5dd3 (patch) | |
| tree | 7f85e6b467c17969b978bd01edc502e518d58aac | |
| parent | Add yescrypt support (diff) | |
| download | pambase-dacde6da43a9c87f896b842946b514cd49db5dd3.tar.gz pambase-dacde6da43a9c87f896b842946b514cd49db5dd3.tar.bz2 pambase-dacde6da43a9c87f896b842946b514cd49db5dd3.zip | |
homed: add before pam_unixpambase-20220214
- --homed inserts pam_systemd_home before pam_unix
- --homed --krb5 does that and adjusts krb5's jump to 4 modules
Signed-off-by: Alexandra Parker <alex.iris.parker@gmail.com>
Closes: https://bugs.gentoo.org/808993
Closes: https://github.com/gentoo/pambase/pull/9
Signed-off-by: Sam James <sam@gentoo.org>
| -rw-r--r-- | templates/system-auth.tpl | 8 |
1 files changed, 3 insertions, 5 deletions
diff --git a/templates/system-auth.tpl b/templates/system-auth.tpl index 62344ff..9739b6f 100644 --- a/templates/system-auth.tpl +++ b/templates/system-auth.tpl @@ -4,16 +4,14 @@ auth sufficient pam_ssh.so {% endif %} {% if krb5 %} -auth [success=3 default=ignore] pam_krb5.so {{ krb5_params }} +auth [success={{ 4 if homed else 3 }} default=ignore] pam_krb5.so {{ krb5_params }} {% endif %} auth requisite pam_faillock.so preauth {% if homed %} -auth [success=2 default=ignore] pam_unix.so {{ nullok|default('', true) }} {{ debug|default('', true) }} try_first_pass -auth [success=1 default=ignore] pam_systemd_home.so -{% else %} -auth [success=1 default=ignore] pam_unix.so {{ nullok|default('', true) }} {{ debug|default('', true) }} try_first_pass +auth [success=2 default=ignore] pam_systemd_home.so {% endif %} +auth [success=1 default=ignore] pam_unix.so {{ nullok|default('', true) }} {{ debug|default('', true) }} try_first_pass auth [default=die] pam_faillock.so authfail {% if caps %} |