commit: dacde6da43a9c87f896b842946b514cd49db5dd3 Author: Alexandra Parker <alex.iris.parker <AT> gmail <DOT> com> AuthorDate: Sat Feb 12 21:30:29 2022 +0000 Commit: Sam James <sam <AT> gentoo <DOT> org> CommitDate: Mon Feb 14 16:51:51 2022 +0000 URL: https://gitweb.gentoo.org/proj/pambase.git/commit/?id=dacde6da
homed: add before pam_unix - --homed inserts pam_systemd_home before pam_unix - --homed --krb5 does that and adjusts krb5's jump to 4 modules Signed-off-by: Alexandra Parker <alex.iris.parker <AT> gmail.com> Closes: https://bugs.gentoo.org/808993 Closes: https://github.com/gentoo/pambase/pull/9 Signed-off-by: Sam James <sam <AT> gentoo.org> templates/system-auth.tpl | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/templates/system-auth.tpl b/templates/system-auth.tpl index 62344ff..9739b6f 100644 --- a/templates/system-auth.tpl +++ b/templates/system-auth.tpl @@ -4,16 +4,14 @@ auth sufficient pam_ssh.so {% endif %} {% if krb5 %} -auth [success=3 default=ignore] pam_krb5.so {{ krb5_params }} +auth [success={{ 4 if homed else 3 }} default=ignore] pam_krb5.so {{ krb5_params }} {% endif %} auth requisite pam_faillock.so preauth {% if homed %} -auth [success=2 default=ignore] pam_unix.so {{ nullok|default('', true) }} {{ debug|default('', true) }} try_first_pass -auth [success=1 default=ignore] pam_systemd_home.so -{% else %} -auth [success=1 default=ignore] pam_unix.so {{ nullok|default('', true) }} {{ debug|default('', true) }} try_first_pass +auth [success=2 default=ignore] pam_systemd_home.so {% endif %} +auth [success=1 default=ignore] pam_unix.so {{ nullok|default('', true) }} {{ debug|default('', true) }} try_first_pass auth [default=die] pam_faillock.so authfail {% if caps %}
