From 5ef2aed3f3961b72699d9881ed09560f4d01371a Mon Sep 17 00:00:00 2001 From: Cullum Smith Date: Fri, 18 Oct 2024 16:44:57 -0400 Subject: Tons of desktop fixes --- files/etc/pam.d/cups.cups_server | 12 +++++------- files/etc/pam.d/kde.freebsd | 7 +++++-- files/etc/pam.d/login.freebsd | 16 ++++++++++++++++ files/etc/pam.d/sddm.freebsd | 23 ++++++++++++++--------- files/etc/pam.d/sshd.freebsd | 20 ++++++++------------ files/etc/pam.d/sudo.freebsd | 8 ++------ 6 files changed, 50 insertions(+), 36 deletions(-) create mode 100644 files/etc/pam.d/login.freebsd (limited to 'files/etc/pam.d') diff --git a/files/etc/pam.d/cups.cups_server b/files/etc/pam.d/cups.cups_server index b61c074..03c2763 100644 --- a/files/etc/pam.d/cups.cups_server +++ b/files/etc/pam.d/cups.cups_server @@ -1,8 +1,6 @@ -# auth -auth sufficient /usr/local/lib/security/pam_krb5.so try_first_pass -auth required pam_unix.so no_warn try_first_pass +auth sufficient /usr/local/lib/security/pam_krb5.so try_first_pass +auth required pam_unix.so no_warn try_first_pass -# account -account required /usr/local/lib/security/pam_krb5.so -account required pam_login_access.so -account required pam_unix.so +account required /usr/local/lib/security/pam_krb5.so +account required pam_login_access.so +account required pam_unix.so diff --git a/files/etc/pam.d/kde.freebsd b/files/etc/pam.d/kde.freebsd index 2604c78..8f87b98 100644 --- a/files/etc/pam.d/kde.freebsd +++ b/files/etc/pam.d/kde.freebsd @@ -1,2 +1,5 @@ -auth required /usr/local/lib/security/pam_krb5.so try_first_pass -account required /usr/local/lib/security/pam_krb5.so +auth required /usr/local/lib/security/pam_krb5.so try_first_pass + +account required /usr/local/lib/security/pam_krb5.so +account required pam_login_access.so +account required pam_unix.so diff --git a/files/etc/pam.d/login.freebsd b/files/etc/pam.d/login.freebsd new file mode 100644 index 0000000..164fcb0 --- /dev/null +++ b/files/etc/pam.d/login.freebsd @@ -0,0 +1,16 @@ +auth sufficient pam_self.so no_warn +auth sufficient /usr/local/lib/security/pam_krb5.so try_first_pass +auth required pam_unix.so no_warn try_first_pass nullok + +account requisite pam_securetty.so +account required pam_nologin.so +account required /usr/local/lib/security/pam_krb5.so +account required pam_login_access.so +account required pam_unix.so + +session required pam_lastlog.so no_fail +session required pam_xdg.so +session required /usr/local/lib/security/pam_krb5.so + +password sufficient /usr/local/lib/security/pam_krb5.so try_first_pass +password required pam_unix.so no_warn try_first_pass diff --git a/files/etc/pam.d/sddm.freebsd b/files/etc/pam.d/sddm.freebsd index ef359ff..6a75823 100644 --- a/files/etc/pam.d/sddm.freebsd +++ b/files/etc/pam.d/sddm.freebsd @@ -2,15 +2,20 @@ # try multiple authentication sources (like krb5 but fall back to pam_unix) # if we want pam_kwallet5 to execute. # Hence, for sddm, we try krb5 only (no local accounts). -auth required /usr/local/lib/security/pam_krb5.so try_first_pass -auth optional pam_exec.so /usr/local/libexec/pam-create-local-homedir -auth optional pam_kwallet5.so +auth sufficient pam_self.so no_warn +auth required /usr/local/lib/security/pam_krb5.so try_first_pass +auth optional pam_exec.so /usr/local/libexec/pam-create-local-homedir +auth optional pam_kwallet5.so -account required /usr/local/lib/security/pam_krb5.so -account required pam_login_access.so -account required pam_unix.so +account requisite pam_securetty.so +account required pam_nologin.so +account required /usr/local/lib/security/pam_krb5.so +account required pam_login_access.so +account required pam_unix.so -session required pam_lastlog.so no_fail -session optional pam_kwallet5.so auto_start +session required pam_lastlog.so no_fail +session required pam_xdg.so no_fail +session required /usr/local/lib/security/pam_krb5.so +session optional pam_kwallet5.so auto_start -password required /usr/local/lib/security/pam_krb5.so try_first_pass +password required /usr/local/lib/security/pam_krb5.so try_first_pass diff --git a/files/etc/pam.d/sshd.freebsd b/files/etc/pam.d/sshd.freebsd index 57b281b..559a980 100644 --- a/files/etc/pam.d/sshd.freebsd +++ b/files/etc/pam.d/sshd.freebsd @@ -1,17 +1,13 @@ -# auth -auth sufficient /usr/local/lib/security/pam_krb5.so try_first_pass -auth required pam_unix.so no_warn try_first_pass +auth sufficient /usr/local/lib/security/pam_krb5.so try_first_pass +auth required pam_unix.so no_warn try_first_pass -# account -account required pam_nologin.so -account required /usr/local/lib/security/pam_krb5.so -account required pam_login_access.so -account required pam_unix.so +account required pam_nologin.so +account required /usr/local/lib/security/pam_krb5.so +account required pam_login_access.so +account required pam_unix.so -# session -session required /usr/local/lib/security/pam_krb5.so -session required pam_permit.so +session required /usr/local/lib/security/pam_krb5.so +session required pam_permit.so -# password password sufficient /usr/local/lib/security/pam_krb5.so try_first_pass password required pam_unix.so no_warn try_first_pass diff --git a/files/etc/pam.d/sudo.freebsd b/files/etc/pam.d/sudo.freebsd index 425bf4e..6a6b0a4 100644 --- a/files/etc/pam.d/sudo.freebsd +++ b/files/etc/pam.d/sudo.freebsd @@ -1,15 +1,11 @@ -# auth -auth sufficient /usr/local/lib/security/pam_krb5.so try_first_pass -auth required pam_unix.so no_warn try_first_pass +auth sufficient /usr/local/lib/security/pam_krb5.so try_first_pass +auth required pam_unix.so no_warn try_first_pass -# account account required /usr/local/lib/security/pam_krb5.so account required pam_login_access.so account required pam_unix.so -# session account required pam_permit.so -# password password sufficient /usr/local/lib/security/pam_krb5.so try_first_pass password required pam_unix.so no_warn try_first_pass -- cgit v1.2.3