Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status
aboutsummaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
* move faillock last in authpambase-20200618historicalMikle Kolyada2020-06-182-11/+12
| | | | Signed-off-by: Mikle Kolyada <zlogene@gentoo.org>
* fix a typoMikle Kolyada2020-06-171-1/+1
| | | | Signed-off-by: Mikle Kolyada <zlogene@gentoo.org>
* iprove faillock supportMikle Kolyada2020-06-162-2/+17
| | | | Signed-off-by: Mikle Kolyada <zlogene@gentoo.org>
* Revert "allow clang-cpp"Mikle Kolyada2020-06-101-1/+1
| | | | | | This reverts commit 4a97472903679c7d85ca391aeedaea3ce7797acf. Signed-off-by: Mikle Kolyada <zlogene@gentoo.org>
* New releaseMikle Kolyada2020-06-105-19/+7
| | | | | | | - disable cracklib in favor of passwdqc - disable tally{,2} in favor of faillock Signed-off-by: Mikle Kolyada <zlogene@gentoo.org>
* allow clang-cppMikle Kolyada2020-04-301-1/+1
| | | | Signed-off-by: Mikle Kolyada <zlogene@gentoo.org>
* Run pam_env.so after pam_systemd.so for better socket supportpambase-20200304David Seifert2020-03-041-1/+1
| | | | | | | | | * Running pam_systemd.so before setting user environment variables makes it possible for the user to use variables such as `XDG_RUNTIME_DIR` in their own definitions. Bug: https://bugs.gentoo.org/711450 Signed-off-by: David Seifert <soap@gentoo.org>
* handle envfile with pam_env.sopambase-20191128Mikle Kolyada2019-11-282-1/+1
| | | | Signed-off-by: Mikle Kolyada <zlogene@gentoo.org>
* fix libcap function callMikle Kolyada2019-11-271-1/+1
| | | | Signed-off-by: Mikle Kolyada <zlogene@gentoo.org>
* integrate libcap supportMikle Kolyada2019-11-243-0/+8
| | | | Signed-off-by: Mikle Kolyada <zlogene@gentoo.org>
* remove openpam supportMikle Kolyada2019-11-152-30/+1
| | | | Signed-off-by: Mikle Kolyada <zlogene@gentoo.org>
* add vital patches into the sourcespambase-20190402Mikle Kolyada2019-04-024-13/+13
| | | | Signed-off-by: Mikle Kolyada <zlogene@gentoo.org>
* system-login: fix nested selinux commentSven Vermeulen2015-05-171-1/+1
| | | | URL: https://bugs.gentoo.org/540096
* system-login: move pam_gnome_keyring after pam_selinuxpambase-20150213Mike Frysinger2015-02-131-3/+4
| | | | URL: https://bugs.gentoo.org/511600
* trim trailing whitespaceMike Frysinger2015-02-133-8/+6
|
* make nullok into a build time optionMike Frysinger2015-02-133-2/+12
|
* make securetty optionalMike Frysinger2015-02-132-0/+6
| | | | URL: https://bugs.gentoo.org/539508
* Use xz instead of bzip2 for dist.Samuli Suominen2014-03-131-3/+3
|
* Import -lastlog-silent.patch from gentoo-x86, see bug #468798pambase-20140313Samuli Suominen2014-03-132-1/+3
|
* Import -systemd.patch and -systemd-auth.patch from gentoo-x86, see both bugs ↵Samuli Suominen2014-03-132-0/+8
| | | | #372229 and #485470
* Add pam.d files for login, passwd and su.pambase-20120417Pawel Hajdan, Jr2012-03-205-1/+28
| | | | Those should be shared between shadow implementations.
* Implement support for pam_loginuid as needed for bug #342345pambase-20101024Diego Elio Pettenò2010-10-243-0/+7
|
* Add support for building minimal PAM chains.pambase-20100925pambase-20100903Diego Elio Pettenò2010-09-033-8/+20
| | | | | | When setting the MINIMAL flag on, the generated PAM chains will not use tally, motd, mail or lastlog modules, making th elogin quiet and skipping over the update of the login files.
* Also protect account and password from pam_krb5 bad jumps.pambase-20100819Diego Elio 'Flameeyes' Pettenò2010-08-191-0/+4
| | | | Thanks to Simon Alman for reporting, in bug #333393
* Make sure that there is a space between password and session.pambase-20100724Diego Elio 'Flameeyes' Pettenò2010-07-241-1/+1
|
* Fix kerberos authentication.Diego Elio 'Flameeyes' Pettenò2010-07-241-1/+3
|
* Don't define UNIX_AUTHTOK to use_authtok if no former module is called.pambase-20100723Diego Elio 'Flameeyes' Pettenò2010-07-231-1/+1
|
* Add support for pam_krb5 module for Kerberos authentication.Diego Elio 'Flameeyes' Pettenò2010-07-234-4/+55
| | | | | | | | This implements drop-in support for Kerberos (pam_krb5) in Gentoo systems; if the kerberos USE flag has been enabled, it'll use pam_krb5 for login, ignoring pam_unix, but no other module in the chain. It requires Linux-PAM.
* Improve handling of services and the session chain.pambase-20100310Diego Elio 'Flameeyes' Pettenò2010-03-103-27/+20
| | | | | | | | | | | | The system-services stack will now provide auth (always permitted) and account (use system-auth stack) chains, so that services like fcron can use it. Session handling is instead split out of system-auth and system-services into not a stack but an included file providing the session chain for both of them, this allows to edit a single file in pambase and provide the two session chains, that might very well be separated (indeed, services don't use pam_ssh).
* Don't change the default path of the tally module, since the two use ↵pambase-20090620.1Diego Elio 'Flameeyes' Pettenò2009-06-201-2/+2
| | | | different paths.
* Pass the Linux-PAM version down the stack.pambase-20090620Diego Elio 'Flameeyes' Pettenò2009-06-201-1/+1
|
* Improve handling of the tally module.Diego Elio 'Flameeyes' Pettenò2009-06-202-5/+10
| | | | | | | | | | | The pam_tally module, only provided by Linux-PAM for us, is replaced in newer instances with the pam_tally2 module which is wordsize-independent. For this reason, make the configuration choose the best tally module between the two depending on the version of the Linux-PAM package. Also drop the DEBUG indication: the module does not support the debug option.
* Fix pam_nologin on Gentoo/FreeBSD 7.1.pambase-20090515Diego Elio 'Flameeyes' Pettenò2009-05-151-7/+4
|
* Move the ConsoleKit module to the generic login stack.pambase-20090430Diego Elio 'Flameeyes' Pettenò2009-04-302-3/+3
| | | | | | | Instead of only enabling it for local login, enable it for _any_ kind of interactive login session, included ssh and other sessions. See bug #260842 for details about the change.
* Merge commit 'old/master'pambase-20081028Diego 'Flameeyes' Pettenò2008-10-283-5/+16
|\
| * Add support for using SHA512 hashihg for shadow passwords.pambase-20080801Diego 'Flameeyes' Pettenò2008-08-013-1/+13
| | | | | | | | | | | | | | Instead of only supporting MD5-hashed passwords, make it possible to use SHA512-hashed passwords, which should be stronger. This requires glibc 2.7 and Linux-PAM 1.0.1. If the SHA512 hasher is not supported by libcrypt, Linux-PAM will fallback to MD5 like before.
| * Prettify.pambase-20080730Diego 'Flameeyes' Pettenò2008-07-301-2/+2
| |
| * Disable support for session chain in pam_unix for the whole of FreeBSD.Diego 'Flameeyes' Pettenò2008-07-301-2/+1
| | | | | | | | | | | | The pam_unix module from FreeBSD 6.2 also does not support the session chain; thus disable it for the whole FreeBSD case rather than just for FreeBSD 7.
* | Add a system-services stack.Diego 'Flameeyes' Pettenò2008-10-283-1/+15
|/ | | | | | The system-services stack provides a session chain for services to have the same session settings as standard user logins. This includes limits (on Linux), temporary directories, namespaces and so on.
* Add an optional never-failing pam_permit at the end of system-auth's session.Diego 'Flameeyes' Pettenò2008-07-231-1/+1
| | | | | | | | | On Gentoo/FreeBSD 7 the session entries for system-auth are all disabled (unless you enable pam_mktemp), and thus everything including it will fail. To avoid this, make sure there is always at least one entry at the end of the session chain.
* Remove try_first_pass from pam_cracklib.Diego 'Flameeyes' Pettenò2008-07-231-1/+1
| | | | | | | The try_first_pass option is not supported (any longer) by the pam_cracklib module shipped with Linux-PAM. This change will close bug #231819 as reported by Brian Claywell.
* Fix #if vs #ifdef for pam_ssh and Gentoo/FreeBSD.pambase-20080723.1Diego 'Flameeyes' Pettenò2008-07-231-3/+3
|
* Make it optional for pam_nologin to support auth.pambase-20080723Diego 'Flameeyes' Pettenò2008-07-233-2/+9
| | | | | | | | | In FreeBSD 7, the pam_nologin module changed from being an authentication module to an account module. In Linux-PAM it's both. For this reasn make it optional for the two types of chains to be used with pam_nologin. This should close bug #232669 entirely.
* Rename chain support to SUPPORT_$MODULE_$CHAINDiego 'Flameeyes' Pettenò2008-07-234-6/+6
| | | | This way it's more likely to understand which module supports what.
* Rename NOLOGIN_SUPPORTS_ACCOUNT in HAVE_PAM_NOLOGIN_ACCOUNT.Diego 'Flameeyes' Pettenò2008-07-232-2/+2
| | | | Temporarily to try making it look nicer.
* Only enable session support for pam_unix when available.Diego 'Flameeyes' Pettenò2008-07-233-8/+17
| | | | | | This fixes bug #232669 for what concern pam_unix. The pam_unix module shipped with FreeBSD 7 has no support for session management so cannot be used for that.
* Add support for pam_ssh module.Diego 'Flameeyes' Pettenò2008-07-212-0/+10
| | | | | | The pam_ssh module allows you to type in your SSH key passphrase to login in the system, and also spawns an ssh-agent that has the passphrase cached in.
* Make sure gnome-keyring is always ran after system-auth has completed.pambase-20080318Diego 'Flameeyes' Pettenò2008-03-181-7/+7
|
* Don't fall to pam_deny to avoid further modules to be executed.Diego 'Flameeyes' Pettenò2008-03-181-4/+2
| | | | If we want to chainload other auth methods we can do it in pambase now.
* Remove stray #end.Diego 'Flameeyes' Pettenò2008-03-121-2/+0
|