diff --git a/system/etc.nix b/system/etc.nix index 953cdc96498..a5482827d02 100644 --- a/system/etc.nix +++ b/system/etc.nix @@ -148,10 +148,7 @@ import ../helpers/make-etc.nix { "shadow" "sshd" "useradd" - "common-auth" - "common-account" - "common-password" - "common-session" + "common" ] ); } \ No newline at end of file diff --git a/system/etc/pam.d/common b/system/etc/pam.d/common new file mode 100644 index 00000000000..ad460a0feb9 --- /dev/null +++ b/system/etc/pam.d/common @@ -0,0 +1,13 @@ +auth sufficient @pam_ldap@/lib/security/pam_ldap.so +auth sufficient @pam_unix2@/lib/security/pam_unix2.so +auth required pam_deny.so + +account optional @pam_ldap@/lib/security/pam_ldap.so +account required @pam_unix2@/lib/security/pam_unix2.so + +password sufficient @pam_ldap@/lib/security/pam_ldap.so +password sufficient @pam_unix2@/lib/security/pam_unix2.so nullok + +session optional @pam_ldap@/lib/security/pam_ldap.so +session required @pam_unix2@/lib/security/pam_unix2.so +session optional pam_env.so envfile=@envConf@ diff --git a/system/etc/pam.d/common-account b/system/etc/pam.d/common-account deleted file mode 100644 index 50d0a58134f..00000000000 --- a/system/etc/pam.d/common-account +++ /dev/null @@ -1,2 +0,0 @@ -account optional @pam_ldap@/lib/security/pam_ldap.so -account required @pam_unix2@/lib/security/pam_unix2.so diff --git a/system/etc/pam.d/common-auth b/system/etc/pam.d/common-auth deleted file mode 100644 index ec5d5d889a5..00000000000 --- a/system/etc/pam.d/common-auth +++ /dev/null @@ -1,3 +0,0 @@ -auth sufficient @pam_ldap@/lib/security/pam_ldap.so -auth sufficient @pam_unix2@/lib/security/pam_unix2.so -auth required pam_deny.so diff --git a/system/etc/pam.d/common-password b/system/etc/pam.d/common-password deleted file mode 100644 index f0ec89f1291..00000000000 --- a/system/etc/pam.d/common-password +++ /dev/null @@ -1,2 +0,0 @@ -password sufficient @pam_ldap@/lib/security/pam_ldap.so -password sufficient @pam_unix2@/lib/security/pam_unix2.so nullok diff --git a/system/etc/pam.d/common-session b/system/etc/pam.d/common-session deleted file mode 100644 index 971774033f0..00000000000 --- a/system/etc/pam.d/common-session +++ /dev/null @@ -1,3 +0,0 @@ -auth optional @pam_ldap@/lib/security/pam_ldap.so -session required @pam_unix2@/lib/security/pam_unix2.so -session optional pam_env.so envfile=@envConf@ diff --git a/system/etc/pam.d/login b/system/etc/pam.d/login index c3fad16bbef..50f3cc5ce60 100644 --- a/system/etc/pam.d/login +++ b/system/etc/pam.d/login @@ -1,4 +1,4 @@ -auth include common-auth -account include common-account -password include common-password -session include common-session +auth include common +account include common +password include common +session include common diff --git a/system/etc/pam.d/passwd b/system/etc/pam.d/passwd index c3fad16bbef..50f3cc5ce60 100644 --- a/system/etc/pam.d/passwd +++ b/system/etc/pam.d/passwd @@ -1,4 +1,4 @@ -auth include common-auth -account include common-account -password include common-password -session include common-session +auth include common +account include common +password include common +session include common diff --git a/system/etc/pam.d/sshd b/system/etc/pam.d/sshd index c3fad16bbef..50f3cc5ce60 100644 --- a/system/etc/pam.d/sshd +++ b/system/etc/pam.d/sshd @@ -1,4 +1,4 @@ -auth include common-auth -account include common-account -password include common-password -session include common-session +auth include common +account include common +password include common +session include common diff --git a/system/etc/pam.d/su b/system/etc/pam.d/su index ca777155cc6..ad62e2241b7 100644 --- a/system/etc/pam.d/su +++ b/system/etc/pam.d/su @@ -1,6 +1,6 @@ auth sufficient pam_rootok.so -auth include common-auth -account include common-account -password include common-password -session include common-session +auth include common +account include common +password include common +session include common session optional pam_xauth.so xauthpath=@xauth@/bin/xauth systemuser=99