linux-pam-base 20240314-1

PKGBUILD

@@ -0,0 +1,89 @@
+# This is an example PKGBUILD file. Use this as a start to creating your own,
+# and remove these comments. For more information, see 'man PKGBUILD'.
+# NOTE: Please fill out the license field for your package! If it is unknown,
+# then please put 'unknown'.
+
+# Maintainer: Future Linux Team <future_linux@163.com>
+pkgname=linux-pam-base
+pkgver=20240314
+pkgrel=1
+pkgdesc="Base PAM configuration for services"
+arch=('x86_64')
+url="https://futurelinux.github.io"
+license=('GPL-3.0-or-later')
+backup=(etc/pam.d/system-account
+	etc/pam.d/system-auth
+	etc/pam.d/system-session
+	etc/pam.d/system-password
+	etc/pam.d/other)
+
+package() {
+
+	install -vdm755 ${pkgdir}/etc/pam.d
+
+	cat > ${pkgdir}/etc/pam.d/system-account << "EOF"
+# Begin /etc/pam.d/system-account
+
+account   required    pam_unix.so
+
+# End /etc/pam.d/system-account
+EOF
+
+	cat > ${pkgdir}/etc/pam.d/system-auth << "EOF"
+# Begin /etc/pam.d/system-auth
+
+auth      required    pam_unix.so
+auth      optional    pam_cap.so
+
+# End /etc/pam.d/system-auth
+EOF
+
+	cat > ${pkgdir}/etc/pam.d/system-session << "EOF"
+# Begin /etc/pam.d/system-session
+
+session   required    pam_unix.so
+session   required    pam_loginuid.so
+session   optional    pam_systemd.so
+
+session   required    pam_loginuid.so
+session   optional    pam_systemd.so
+
+# End /etc/pam.d/system-session
+EOF
+
+	cat > ${pkgdir}/etc/pam.d/system-password << "EOF"
+# Begin /etc/pam.d/system-password
+
+# check new passwords for strength (man pam_pwquality)
+password  required    pam_pwquality.so   authtok_type=UNIX retry=1 difok=1 \
+                                         minlen=8 dcredit=0 ucredit=0      \
+                                         lcredit=0 ocredit=0 minclass=1    \
+                                         maxrepeat=0 maxsequence=0         \
+                                         maxclassrepeat=0 gecoscheck=0     \
+                                         dictcheck=1 usercheck=1           \
+                                         enforcing=1 badwords=""           \
+                                         dictpath=/usr/share/cracklib/pw_dict
+
+# use yescrypt hash for encryption, use shadow, and try to use any
+# previously defined authentication token (chosen password) set by any
+# prior module.
+password  required    pam_unix.so       yescrypt shadow try_first_pass
+
+# End /etc/pam.d/system-password
+EOF
+
+	cat > ${pkgdir}/etc/pam.d/other << "EOF"
+# Begin /etc/pam.d/other
+
+auth        required        pam_warn.so
+auth        required        pam_deny.so
+account     required        pam_warn.so
+account     required        pam_deny.so
+password    required        pam_warn.so
+password    required        pam_deny.so
+session     required        pam_warn.so
+session     required        pam_deny.so
+
+# End /etc/pam.d/other
+EOF
+}