huge amount of fixes

author: Cullum Smith <cullum@sacredheartsc.com> 2024-10-15 23:35:53 -0400
committer: Cullum Smith <cullum@sacredheartsc.com> 2024-10-15 23:35:53 -0400
commit: 145668c3dd67c5271eddcb62d1e7843487d768a7 (patch)
tree: 4c7d563e9d320e6b122ee3dbf048d93eee6776c3 /files/etc/pam.d
parent: b2af400a1098ebf445575d169e11a6717867045f (diff)
download: infrastructure-145668c3dd67c5271eddcb62d1e7843487d768a7.tar.gz
5 files changed, 41 insertions, 2 deletions
diff --git a/files/etc/pam.d/cups.cups_server b/files/etc/pam.d/cups.cups_server
new file mode 100644
index 0000000..b61c074
--- /dev/null
+++ b/files/etc/pam.d/cups.cups_server
@@ -0,0 +1,8 @@
+# auth
+auth    sufficient  /usr/local/lib/security/pam_krb5.so try_first_pass
+auth    required    pam_unix.so no_warn try_first_pass
+
+# account
+account   required  /usr/local/lib/security/pam_krb5.so
+account   required  pam_login_access.so
+account   required  pam_unix.so
diff --git a/files/etc/pam.d/kde.freebsd b/files/etc/pam.d/kde.freebsd
new file mode 100644
index 0000000..2604c78
--- /dev/null
+++ b/files/etc/pam.d/kde.freebsd
@@ -0,0 +1,2 @@
+auth     required    /usr/local/lib/security/pam_krb5.so try_first_pass
+account  required    /usr/local/lib/security/pam_krb5.so
diff --git a/files/etc/pam.d/postgresql.postgresql_server b/files/etc/pam.d/postgresql.postgresql_server
deleted file mode 100644
index 8475a53..0000000
--- a/files/etc/pam.d/postgresql.postgresql_server
+++ /dev/null
@@ -1,2 +0,0 @@
-auth  required  /usr/local/lib/security/pam_krb5.so try_first_pass keytab=${postgres_keytab} no_ccache ignore_k5login no_update_user minimum_uid=0
-account required pam_permit.so
diff --git a/files/etc/pam.d/sddm.freebsd b/files/etc/pam.d/sddm.freebsd
new file mode 100644
index 0000000..ef359ff
--- /dev/null
+++ b/files/etc/pam.d/sddm.freebsd
@@ -0,0 +1,16 @@
+# NB: FreeBSD has no pam_stack.so or substack functionality, so we can't
+# try multiple authentication sources (like krb5 but fall back to pam_unix)
+# if we want pam_kwallet5 to execute.
+# Hence, for sddm, we try krb5 only (no local accounts).
+auth      required  /usr/local/lib/security/pam_krb5.so try_first_pass
+auth      optional  pam_exec.so /usr/local/libexec/pam-create-local-homedir
+auth      optional  pam_kwallet5.so
+
+account   required  /usr/local/lib/security/pam_krb5.so
+account   required  pam_login_access.so
+account   required  pam_unix.so
+
+session   required  pam_lastlog.so no_fail
+session   optional  pam_kwallet5.so auto_start
+
+password  required  /usr/local/lib/security/pam_krb5.so try_first_pass
diff --git a/files/etc/pam.d/sudo.freebsd b/files/etc/pam.d/sudo.freebsd
new file mode 100644
index 0000000..425bf4e
--- /dev/null
+++ b/files/etc/pam.d/sudo.freebsd
@@ -0,0 +1,15 @@
+# auth
+auth    sufficient    /usr/local/lib/security/pam_krb5.so try_first_pass
+auth    required      pam_unix.so no_warn try_first_pass
+
+# account
+account   required    /usr/local/lib/security/pam_krb5.so
+account   required    pam_login_access.so
+account   required    pam_unix.so
+
+# session
+account   required    pam_permit.so
+
+# password
+password  sufficient  /usr/local/lib/security/pam_krb5.so try_first_pass
+password  required    pam_unix.so no_warn try_first_pass
author	Cullum Smith <cullum@sacredheartsc.com>	2024-10-15 23:35:53 -0400
committer	Cullum Smith <cullum@sacredheartsc.com>	2024-10-15 23:35:53 -0400
commit	145668c3dd67c5271eddcb62d1e7843487d768a7 (patch)
tree	4c7d563e9d320e6b122ee3dbf048d93eee6776c3 /files/etc/pam.d
parent	b2af400a1098ebf445575d169e11a6717867045f (diff)
download	infrastructure-145668c3dd67c5271eddcb62d1e7843487d768a7.tar.gz