diff options
| -rw-r--r-- | templates/system-auth.tpl | 13 | ||||
| -rw-r--r-- | templates/system-login.tpl | 9 | ||||
| -rw-r--r-- | templates/system-session.tpl | 5 |
3 files changed, 10 insertions, 17 deletions
diff --git a/templates/system-auth.tpl b/templates/system-auth.tpl index 1bb53ae..11319d6 100644 --- a/templates/system-auth.tpl +++ b/templates/system-auth.tpl @@ -9,11 +9,6 @@ auth [success=1 default=ignore] pam_krb5.so {{ krb5_params }} auth required pam_unix.so try_first_pass {{ likeauth }} {{ nullok|default('', true) }} {{ debug|default('', true) }} auth optional pam_permit.so -{% if not minimal %} -auth required pam_faillock.so preauth conf=/etc/security/faillock.conf -auth sufficient pam_unix.so {{ nullok|default('', true) }} try_first_pass -auth [default=die] pam_faillock.so authfail -{% endif %} {% if krb5 %} account [success=1 default=ignore] pam_krb5.so {{ krb5_params }} @@ -47,14 +42,6 @@ password optional pam_permit.so session optional pam_ssh.so {% endif %} -{% if systemd %} --session optional pam_systemd.so -{% endif %} - -{% if elogind %} --session optional pam_elogind.so -{% endif %} - {% if libcap %} -session optional pam_libcap.so {% endif %} diff --git a/templates/system-login.tpl b/templates/system-login.tpl index bb4f093..25843f5 100644 --- a/templates/system-login.tpl +++ b/templates/system-login.tpl @@ -1,6 +1,7 @@ auth required pam_shells.so {{ debug|default('', true) }} auth required pam_nologin.so auth include system-auth + {% if not minimal %} auth required pam_faillock.so preauth conf=/etc/security/faillock.conf auth sufficient pam_unix.so nullok try_first_pass @@ -37,3 +38,11 @@ session optional pam_motd.so motd=/etc/motd {% if not minimal %} session optional pam_mail.so {% endif %} + +{% if systemd %} +-session optional pam_systemd.so +{% endif %} + +{% if elogind %} +-session optional pam_elogind.so +{% endif %} diff --git a/templates/system-session.tpl b/templates/system-session.tpl index 1538429..ce3afa5 100644 --- a/templates/system-session.tpl +++ b/templates/system-session.tpl @@ -5,12 +5,9 @@ session optional pam_mktemp.so {% endif %} {%if krb5 %} -session [success=1 default=ignore] {{ krb5_params }} +session [success=1 default=ignore] pam_krb5.so {{ krb5_params }} {% endif %} session required pam_unix.so {{ debug|default('', true) }} -{%if krb5 %} -session [success=1 default=ignore] {{ krb5_params }} -{% endif %} session optional pam_permit.so |