90 lines
2.7 KiB
Bash
90 lines
2.7 KiB
Bash
# This is an example PKGBUILD file. Use this as a start to creating your own,
|
|
# and remove these comments. For more information, see 'man PKGBUILD'.
|
|
# NOTE: Please fill out the license field for your package! If it is unknown,
|
|
# then please put 'unknown'.
|
|
|
|
# Maintainer: Future Linux Team <future_linux@163.com>
|
|
pkgname=linux-pam-base
|
|
pkgver=20240314
|
|
pkgrel=1
|
|
pkgdesc="Base PAM configuration for services"
|
|
arch=('x86_64')
|
|
url="https://futurelinux.github.io"
|
|
license=('GPL-3.0-or-later')
|
|
backup=(etc/pam.d/system-account
|
|
etc/pam.d/system-auth
|
|
etc/pam.d/system-session
|
|
etc/pam.d/system-password
|
|
etc/pam.d/other)
|
|
|
|
package() {
|
|
|
|
install -vdm755 ${pkgdir}/etc/pam.d
|
|
|
|
cat > ${pkgdir}/etc/pam.d/system-account << "EOF"
|
|
# Begin /etc/pam.d/system-account
|
|
|
|
account required pam_unix.so
|
|
|
|
# End /etc/pam.d/system-account
|
|
EOF
|
|
|
|
cat > ${pkgdir}/etc/pam.d/system-auth << "EOF"
|
|
# Begin /etc/pam.d/system-auth
|
|
|
|
auth required pam_unix.so
|
|
auth optional pam_cap.so
|
|
|
|
# End /etc/pam.d/system-auth
|
|
EOF
|
|
|
|
cat > ${pkgdir}/etc/pam.d/system-session << "EOF"
|
|
# Begin /etc/pam.d/system-session
|
|
|
|
session required pam_unix.so
|
|
session required pam_loginuid.so
|
|
session optional pam_systemd.so
|
|
|
|
session required pam_loginuid.so
|
|
session optional pam_systemd.so
|
|
|
|
# End /etc/pam.d/system-session
|
|
EOF
|
|
|
|
cat > ${pkgdir}/etc/pam.d/system-password << "EOF"
|
|
# Begin /etc/pam.d/system-password
|
|
|
|
# check new passwords for strength (man pam_pwquality)
|
|
password required pam_pwquality.so authtok_type=UNIX retry=1 difok=1 \
|
|
minlen=8 dcredit=0 ucredit=0 \
|
|
lcredit=0 ocredit=0 minclass=1 \
|
|
maxrepeat=0 maxsequence=0 \
|
|
maxclassrepeat=0 gecoscheck=0 \
|
|
dictcheck=1 usercheck=1 \
|
|
enforcing=1 badwords="" \
|
|
dictpath=/usr/share/cracklib/pw_dict
|
|
|
|
# use yescrypt hash for encryption, use shadow, and try to use any
|
|
# previously defined authentication token (chosen password) set by any
|
|
# prior module.
|
|
password required pam_unix.so yescrypt shadow try_first_pass
|
|
|
|
# End /etc/pam.d/system-password
|
|
EOF
|
|
|
|
cat > ${pkgdir}/etc/pam.d/other << "EOF"
|
|
# Begin /etc/pam.d/other
|
|
|
|
auth required pam_warn.so
|
|
auth required pam_deny.so
|
|
account required pam_warn.so
|
|
account required pam_deny.so
|
|
password required pam_warn.so
|
|
password required pam_deny.so
|
|
session required pam_warn.so
|
|
session required pam_deny.so
|
|
|
|
# End /etc/pam.d/other
|
|
EOF
|
|
}
|