Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status
aboutsummaryrefslogtreecommitdiff
path: root/templates/system-login.tpl
diff options
context:
space:
mode:
authorMikle Kolyada <zlogene@gentoo.org>2020-08-04 14:20:43 +0300
committerMikle Kolyada <zlogene@gentoo.org>2020-08-04 14:20:43 +0300
commit405452a4aa5a9ae06169b0aa1c394a4cae9c1c5c (patch)
tree8791729ab9f640415ed529dd654fe439bd318a66 /templates/system-login.tpl
parentmove faillock last in auth (diff)
downloadpambase-405452a4aa5a9ae06169b0aa1c394a4cae9c1c5c.tar.gz
pambase-405452a4aa5a9ae06169b0aa1c394a4cae9c1c5c.tar.bz2
pambase-405452a4aa5a9ae06169b0aa1c394a4cae9c1c5c.zip
New pambase era
pambase was simplified and rewritten in python Signed-off-by: Mikle Kolyada <zlogene@gentoo.org>
Diffstat (limited to 'templates/system-login.tpl')
-rw-r--r--templates/system-login.tpl39
1 files changed, 39 insertions, 0 deletions
diff --git a/templates/system-login.tpl b/templates/system-login.tpl
new file mode 100644
index 0000000..2f404bc
--- /dev/null
+++ b/templates/system-login.tpl
@@ -0,0 +1,39 @@
+auth required pam_shells.so {{ debug|default('', true) }}
+auth required pam_nologin.so
+auth include system-auth
+{% if not minimal -%}
+auth required pam_faillock.so preauth silent audit deny=3 unlock_time=600
+auth sufficient pam_unix.so nullok try_first_pass
+auth [default=die] pam_faillock.so authfail audit deny=3 unlock_time=600
+{% endif -%}
+
+account required pam_access.so {{ debug|default('', true) }}
+account required pam_nologin.so
+account include system-auth
+{% if not minimal -%}
+account required pam_faillock.so
+{% endif -%}
+
+password include system-auth
+session optional pam_loginuid.so
+{% if selinux -%}
+session required pam_selinux.so close
+{% endif -%}
+
+session required pam_env.so envfile=/etc/profile.env {{ debug|default('', true) }}
+{% if not miniaml -%}
+session optional pam_lastlog.so silent {{ debug|default('', true) }}
+{% endif -%}
+session include system-auth
+{% if selinux -%}
+ # Note: modules that run in the user's context must come after this line.
+session required pam_selinux.so multiple open
+{% endif -%}
+
+{% if not minimal -%}
+session optional pam_motd.so motd=/etc/motd
+{% endif -%}
+
+{% if not minimal -%}
+session optional pam_mail.so
+{% endif -%}