-
Notifications
You must be signed in to change notification settings - Fork 78
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
restored pam data and templates for debian 10 support
- Loading branch information
Showing
17 changed files
with
230 additions
and
3 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,31 @@ | ||
| --- | ||
| pam::common_files_create_links: false | ||
| pam::common_files_suffix: ~ | ||
| pam::common_files: | ||
| - common_account | ||
| - common_auth | ||
| - common_password | ||
| - common_session | ||
| - common_session_noninteractive | ||
|
|
||
| pam::pam_d_login_template: pam/login.debian10.erb | ||
| pam::pam_d_sshd_template: pam/sshd.debian10.erb | ||
| pam::package_name: libpam0g | ||
| pam::pam_auth_lines: | ||
| - 'auth [success=1 default=ignore] pam_unix.so nullok_secure' | ||
| - 'auth requisite pam_deny.so' | ||
| - 'auth required pam_permit.so' | ||
| pam::pam_account_lines: | ||
| - 'account [success=1 new_authtok_reqd=done default=ignore] pam_unix.so' | ||
| - 'account requisite pam_deny.so' | ||
| - 'account required pam_permit.so' | ||
| pam::pam_password_lines: | ||
| - 'password [success=1 default=ignore] pam_unix.so obscure sha512' | ||
| - 'password requisite pam_deny.so' | ||
| - 'password required pam_permit.so' | ||
| pam::pam_session_lines: | ||
| - 'session [default=1] pam_permit.so' | ||
| - 'session requisite pam_deny.so' | ||
| - 'session required pam_permit.so' | ||
| - 'session required pam_unix.so' | ||
| - 'session optional pam_systemd.so' |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,31 @@ | ||
| --- | ||
| pam::common_files_create_links: false | ||
| pam::common_files_suffix: ~ | ||
| pam::common_files: | ||
| - common_account | ||
| - common_auth | ||
| - common_password | ||
| - common_session | ||
| - common_session_noninteractive | ||
|
|
||
| pam::pam_d_login_template: pam/login.debian12.erb | ||
| pam::pam_d_sshd_template: pam/sshd.debian12.erb | ||
| pam::package_name: libpam0g | ||
| pam::pam_auth_lines: | ||
| - 'auth [success=1 default=ignore] pam_unix.so nullok' | ||
| - 'auth requisite pam_deny.so' | ||
| - 'auth required pam_permit.so' | ||
| pam::pam_account_lines: | ||
| - 'account [success=1 new_authtok_reqd=done default=ignore] pam_unix.so' | ||
| - 'account requisite pam_deny.so' | ||
| - 'account required pam_permit.so' | ||
| pam::pam_password_lines: | ||
| - 'password [success=1 default=ignore] pam_unix.so obscure yescrypt' | ||
| - 'password requisite pam_deny.so' | ||
| - 'password required pam_permit.so' | ||
| pam::pam_session_lines: | ||
| - 'session [default=1] pam_permit.so' | ||
| - 'session requisite pam_deny.so' | ||
| - 'session required pam_permit.so' | ||
| - 'session required pam_unix.so' | ||
| - 'session optional pam_systemd.so' |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -27,7 +27,8 @@ | |
| { | ||
| "operatingsystem": "Debian", | ||
| "operatingsystemrelease": [ | ||
| "11" | ||
| "11", | ||
| "12" | ||
| ] | ||
| }, | ||
| { | ||
|
|
||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,27 @@ | ||
| HOSTS: | ||
| debian11: | ||
| roles: | ||
| - agent | ||
| platform: debian-12-amd64 | ||
| hypervisor: docker | ||
| image: debian:12 | ||
| docker_preserve_image: true | ||
| docker_cmd: | ||
| - '/sbin/init' | ||
| docker_image_commands: | ||
| - 'apt-get install -y wget net-tools systemd-sysv locales apt-transport-https ca-certificates' | ||
| - 'echo "LC_ALL=en_US.UTF-8" >> /etc/environment' | ||
| - 'echo "en_US.UTF-8 UTF-8" >> /etc/locale.gen' | ||
| - 'echo "LANG=en_US.UTF-8" > /etc/locale.conf' | ||
| - 'locale-gen en_US.UTF-8' | ||
| docker_env: | ||
| - LANG=en_US.UTF-8 | ||
| - LANGUAGE=en_US.UTF-8 | ||
| - LC_ALL=en_US.UTF-8 | ||
| docker_container_name: 'pam-debian12' | ||
| CONFIG: | ||
| log_level: debug | ||
| type: foss | ||
| ssh: | ||
| password: root | ||
| auth_methods: ["password"] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,5 @@ | ||
| # This file is being maintained by Puppet. | ||
| # DO NOT EDIT | ||
| account [success=1 new_authtok_reqd=done default=ignore] pam_unix.so | ||
| account requisite pam_deny.so | ||
| account required pam_permit.so |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,5 @@ | ||
| # This file is being maintained by Puppet. | ||
| # DO NOT EDIT | ||
| auth [success=1 default=ignore] pam_unix.so nullok | ||
| auth requisite pam_deny.so | ||
| auth required pam_permit.so |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,5 @@ | ||
| # This file is being maintained by Puppet. | ||
| # DO NOT EDIT | ||
| password [success=1 default=ignore] pam_unix.so obscure yescrypt | ||
| password requisite pam_deny.so | ||
| password required pam_permit.so |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,7 @@ | ||
| # This file is being maintained by Puppet. | ||
| # DO NOT EDIT | ||
| session [default=1] pam_permit.so | ||
| session requisite pam_deny.so | ||
| session required pam_permit.so | ||
| session required pam_unix.so | ||
| session optional pam_systemd.so |
7 changes: 7 additions & 0 deletions
7
spec/fixtures/debian-12-x86_64-pam_common_session_noninteractive
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,7 @@ | ||
| # This file is being maintained by Puppet. | ||
| # DO NOT EDIT | ||
| session [default=1] pam_permit.so | ||
| session requisite pam_deny.so | ||
| session required pam_permit.so | ||
| session required pam_unix.so | ||
| session optional pam_systemd.so |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,18 @@ | ||
| auth optional pam_faildelay.so delay=3000000 | ||
| auth requisite pam_nologin.so | ||
| session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so close | ||
| session required pam_loginuid.so | ||
| session optional pam_motd.so motd=/run/motd.dynamic | ||
| session optional pam_motd.so noupdate | ||
| session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so open | ||
| session required pam_env.so readenv=1 | ||
| session required pam_env.so readenv=1 envfile=/etc/default/locale | ||
| @include common-auth | ||
| auth optional pam_group.so | ||
| session required pam_limits.so | ||
| session optional pam_lastlog.so | ||
| session optional pam_mail.so standard | ||
| session optional pam_keyinit.so force revoke | ||
| @include common-account | ||
| @include common-session | ||
| @include common-password |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,16 @@ | ||
| @include common-auth | ||
| account required pam_nologin.so | ||
| account required pam_access.so | ||
| @include common-account | ||
| session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so close | ||
| session required pam_loginuid.so | ||
| session optional pam_keyinit.so force revoke | ||
| @include common-session | ||
| session optional pam_motd.so motd=/run/motd.dynamic | ||
| session optional pam_motd.so noupdate | ||
| session optional pam_mail.so standard noenv # [1] | ||
| session required pam_limits.so | ||
| session required pam_env.so # [1] | ||
| session required pam_env.so user_readenv=1 envfile=/etc/default/locale | ||
| session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so open | ||
| @include common-password |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,19 @@ | ||
| auth optional pam_faildelay.so delay=3000000 | ||
| auth [success=ok new_authtok_reqd=ok ignore=ignore user_unknown=bad default=die] pam_securetty.so | ||
| auth requisite pam_nologin.so | ||
| session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so close | ||
| session required pam_loginuid.so | ||
| session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so open | ||
| session required pam_env.so readenv=1 | ||
| session required pam_env.so readenv=1 envfile=/etc/default/locale | ||
| @include common-auth | ||
| auth optional pam_group.so | ||
| session required pam_limits.so | ||
| session optional pam_lastlog.so | ||
| session optional pam_motd.so motd=/run/motd.dynamic | ||
| session optional pam_motd.so noupdate | ||
| session optional pam_mail.so standard | ||
| session optional pam_keyinit.so force revoke | ||
| @include common-account | ||
| @include common-session | ||
| @include common-password |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,18 @@ | ||
| auth optional pam_faildelay.so delay=3000000 | ||
| auth requisite pam_nologin.so | ||
| session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so close | ||
| session required pam_loginuid.so | ||
| session optional pam_motd.so motd=/run/motd.dynamic | ||
| session optional pam_motd.so noupdate | ||
| session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so open | ||
| session required pam_env.so readenv=1 | ||
| session required pam_env.so readenv=1 envfile=/etc/default/locale | ||
| @include common-auth | ||
| auth optional pam_group.so | ||
| session required pam_limits.so | ||
| session optional pam_lastlog.so | ||
| session optional pam_mail.so standard | ||
| session optional pam_keyinit.so force revoke | ||
| @include common-account | ||
| @include common-session | ||
| @include common-password |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,18 @@ | ||
| @include common-auth | ||
| account required pam_nologin.so | ||
| <% if @sshd_pam_access != 'absent' -%> | ||
| account <%= @sshd_pam_access %> pam_access.so | ||
| <% end -%> | ||
| @include common-account | ||
| session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so close | ||
| session required pam_loginuid.so | ||
| session optional pam_keyinit.so force revoke | ||
| @include common-session | ||
| session optional pam_motd.so motd=/run/motd.dynamic | ||
| session optional pam_motd.so noupdate | ||
| session optional pam_mail.so standard noenv # [1] | ||
| session required pam_limits.so | ||
| session required pam_env.so # [1] | ||
| session required pam_env.so user_readenv=1 envfile=/etc/default/locale | ||
| session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so open | ||
| @include common-password |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,18 @@ | ||
| @include common-auth | ||
| account required pam_nologin.so | ||
| <% if @sshd_pam_access != 'absent' -%> | ||
| account <%= @sshd_pam_access %> pam_access.so | ||
| <% end -%> | ||
| @include common-account | ||
| session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so close | ||
| session required pam_loginuid.so | ||
| session optional pam_keyinit.so force revoke | ||
| @include common-session | ||
| session optional pam_motd.so motd=/run/motd.dynamic | ||
| session optional pam_motd.so noupdate | ||
| session optional pam_mail.so standard noenv # [1] | ||
| session required pam_limits.so | ||
| session required pam_env.so # [1] | ||
| session required pam_env.so user_readenv=1 envfile=/etc/default/locale | ||
| session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so open | ||
| @include common-password |