spec: require authselect
Related to: https://fedoraproject.org/wiki/Changes/Make_Authselect_Mandatory system-auth, smartcard-auth, fingerprint-auth, password-auth and postlogin are now owned by authselect. Authselect is now a hard dependency for pam. Users are now expected to use authselect to configure the system and packages should no longer support non-authselect configurations. Resolves: rhbz#2023738
This commit is contained in:
Pavel Březina
parent
52766bc401
commit
ff21ecd192
@ -1,17 +0,0 @@
|
||||
#%PAM-1.0
|
||||
auth required pam_env.so
|
||||
auth [success=done default=bad] pam_fprintd.so
|
||||
auth required pam_deny.so
|
||||
|
||||
account required pam_unix.so
|
||||
account sufficient pam_localuser.so
|
||||
account sufficient pam_succeed_if.so uid < 500 quiet
|
||||
account required pam_permit.so
|
||||
|
||||
password required pam_deny.so
|
||||
|
||||
session optional pam_keyinit.so revoke
|
||||
session required pam_limits.so
|
||||
-session optional pam_systemd.so
|
||||
session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid
|
||||
session required pam_unix.so
|
||||
21
pam.spec
21
pam.spec
@ -4,7 +4,7 @@
|
||||
Summary: An extensible library which provides authentication for applications
|
||||
Name: pam
|
||||
Version: 1.5.2
|
||||
Release: 7%{?dist}
|
||||
Release: 8%{?dist}
|
||||
# The library is BSD licensed with option to relicense as GPLv2+
|
||||
# - this option is redundant as the BSD license allows that anyway.
|
||||
# pam_timestamp, pam_loginuid, and pam_console modules are GPLv2+.
|
||||
@ -15,16 +15,11 @@ Source1: https://github.com/linux-pam/linux-pam/releases/download/v%{version}/Li
|
||||
Source2: https://releases.pagure.org/pam-redhat/pam-redhat-%{pam_redhat_version}.tar.xz
|
||||
Source3: macros.%{name}
|
||||
Source5: other.pamd
|
||||
Source6: system-auth.pamd
|
||||
Source7: password-auth.pamd
|
||||
Source8: fingerprint-auth.pamd
|
||||
Source9: smartcard-auth.pamd
|
||||
Source10: config-util.pamd
|
||||
Source11: dlopen.sh
|
||||
Source12: system-auth.5
|
||||
Source13: config-util.5
|
||||
Source15: pamtmp.conf
|
||||
Source16: postlogin.pamd
|
||||
Source17: postlogin.5
|
||||
Source18: https://www.gnu.org/licenses/old-licenses/gpl-2.0.txt
|
||||
Patch1: pam-1.5.0-redhat-modules.patch
|
||||
@ -36,6 +31,7 @@ Patch3: pam-1.3.0-unix-nomsg.patch
|
||||
### Dependencies ###
|
||||
Requires: libpwquality%{?_isa}
|
||||
Requires: setup
|
||||
Requires: authselect >= 1.3
|
||||
|
||||
### Build Dependencies ###
|
||||
BuildRequires: audit-libs-devel
|
||||
@ -150,12 +146,7 @@ rm -f %{buildroot}%{_sysconfdir}/environment
|
||||
install -d -m 755 %{buildroot}%{_pam_confdir}
|
||||
install -d -m 755 %{buildroot}%{_pam_vendordir}
|
||||
install -m 644 %{SOURCE5} %{buildroot}%{_pam_confdir}/other
|
||||
install -m 644 %{SOURCE6} %{buildroot}%{_pam_confdir}/system-auth
|
||||
install -m 644 %{SOURCE7} %{buildroot}%{_pam_confdir}/password-auth
|
||||
install -m 644 %{SOURCE8} %{buildroot}%{_pam_confdir}/fingerprint-auth
|
||||
install -m 644 %{SOURCE9} %{buildroot}%{_pam_confdir}/smartcard-auth
|
||||
install -m 644 %{SOURCE10} %{buildroot}%{_pam_confdir}/config-util
|
||||
install -m 644 %{SOURCE16} %{buildroot}%{_pam_confdir}/postlogin
|
||||
install -m 600 /dev/null %{buildroot}%{_pam_secconfdir}/opasswd
|
||||
install -d -m 755 %{buildroot}/var/log
|
||||
install -d -m 755 %{buildroot}/var/run/faillock
|
||||
@ -244,12 +235,7 @@ done
|
||||
%dir %{_pam_confdir}
|
||||
%dir %{_pam_vendordir}
|
||||
%config(noreplace) %{_pam_confdir}/other
|
||||
%config(noreplace) %{_pam_confdir}/system-auth
|
||||
%config(noreplace) %{_pam_confdir}/password-auth
|
||||
%config(noreplace) %{_pam_confdir}/fingerprint-auth
|
||||
%config(noreplace) %{_pam_confdir}/smartcard-auth
|
||||
%config(noreplace) %{_pam_confdir}/config-util
|
||||
%config(noreplace) %{_pam_confdir}/postlogin
|
||||
%{_rpmconfigdir}/macros.d/macros.%{name}
|
||||
%{_pam_libdir}/libpam.so.%{so_ver}*
|
||||
%{_pam_libdir}/libpamc.so.%{so_ver}*
|
||||
@ -375,6 +361,9 @@ test "$FILE" != %{_sysconfdir}/authselect/fingerprint-auth && \
|
||||
exit 0
|
||||
|
||||
%changelog
|
||||
* Tue Nov 16 2021 Pavel Březina <pbrezina@redhat.com> - 1.5.2-8
|
||||
- systemd-auth, smartcard-auth, fingerprint-auth, password-auth and postlogin are now owned by authselect (#2023738)
|
||||
|
||||
* Fri Nov 12 2021 Björn Esser <besser82@fedoraproject.org> - 1.5.2-7
|
||||
- Rebuild(libnsl2)
|
||||
|
||||
|
||||
@ -1,16 +0,0 @@
|
||||
#%PAM-1.0
|
||||
auth required pam_env.so
|
||||
auth sufficient pam_unix.so try_first_pass nullok
|
||||
auth required pam_deny.so
|
||||
|
||||
account required pam_unix.so
|
||||
|
||||
password requisite pam_pwquality.so try_first_pass local_users_only retry=3 authtok_type=
|
||||
password sufficient pam_unix.so try_first_pass use_authtok nullok yescrypt shadow
|
||||
password required pam_deny.so
|
||||
|
||||
session optional pam_keyinit.so revoke
|
||||
session required pam_limits.so
|
||||
-session optional pam_systemd.so
|
||||
session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid
|
||||
session required pam_unix.so
|
||||
@ -1,5 +0,0 @@
|
||||
#%PAM-1.0
|
||||
session optional pam_umask.so silent
|
||||
session [success=1 default=ignore] pam_succeed_if.so service !~ gdm* service !~ su* quiet
|
||||
session [default=1] pam_lastlog.so nowtmp showfailed
|
||||
session optional pam_lastlog.so silent noupdate showfailed
|
||||
@ -1,17 +0,0 @@
|
||||
#%PAM-1.0
|
||||
auth required pam_env.so
|
||||
auth [success=done ignore=ignore default=die] pam_pkcs11.so wait_for_card
|
||||
auth required pam_deny.so
|
||||
|
||||
account required pam_unix.so
|
||||
account sufficient pam_localuser.so
|
||||
account sufficient pam_succeed_if.so uid < 500 quiet
|
||||
account required pam_permit.so
|
||||
|
||||
password optional pam_pkcs11.so
|
||||
|
||||
session optional pam_keyinit.so revoke
|
||||
session required pam_limits.so
|
||||
-session optional pam_systemd.so
|
||||
session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid
|
||||
session required pam_unix.so
|
||||
@ -1,16 +0,0 @@
|
||||
#%PAM-1.0
|
||||
auth required pam_env.so
|
||||
auth sufficient pam_unix.so try_first_pass nullok
|
||||
auth required pam_deny.so
|
||||
|
||||
account required pam_unix.so
|
||||
|
||||
password requisite pam_pwquality.so try_first_pass local_users_only retry=3 authtok_type=
|
||||
password sufficient pam_unix.so try_first_pass use_authtok nullok yescrypt shadow
|
||||
password required pam_deny.so
|
||||
|
||||
session optional pam_keyinit.so revoke
|
||||
session required pam_limits.so
|
||||
-session optional pam_systemd.so
|
||||
session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid
|
||||
session required pam_unix.so
|
||||
Loading…
Reference in New Issue
Block a user