From 1d632ddb33370b23d102d65495ecbbe19497faaa Mon Sep 17 00:00:00 2001 From: "Martin T. H. Sandsmark" Date: Sun, 27 Jun 2021 12:16:03 +0200 Subject: [PATCH] Don't force systemd_home and faillock by default --- PKGBUILD | 2 +- system-auth | 12 +----------- 2 files changed, 2 insertions(+), 12 deletions(-) diff --git PKGBUILD PKGBUILD index 9775653..0a8c51d 100644 --- PKGBUILD +++ PKGBUILD @@ -19,7 +19,7 @@ backup=('etc/pam.d/system-auth' 'etc/pam.d/system-remote-login' 'etc/pam.d/system-services' 'etc/pam.d/other') -sha256sums=('e9aedc66bfe06aa0e62e4539525b23dcdf98e373e6930a2a8b2be06045355fee' +sha256sums=('a0783564c069a6db515c242c33188ef1e52243897da9395c27bf37542c2e420c' '005736b9bd650ff5e5d82a7e288853776d5bb8c90185d5774c07231c1e1c64a9' '2ed270c2789526336cc6479e63f6263b5c6f41cfc829a17a449a38621b6bf020' '005736b9bd650ff5e5d82a7e288853776d5bb8c90185d5774c07231c1e1c64a9' diff --git system-auth system-auth index 240a244..186cf03 100644 --- system-auth +++ system-auth @@ -1,23 +1,13 @@ #%PAM-1.0 -auth required pam_faillock.so preauth -# Optionally use requisite above if you do not want to prompt for the password -# on locked accounts. -auth [success=2 default=ignore] pam_unix.so try_first_pass nullok --auth [success=1 default=ignore] pam_systemd_home.so -auth [default=die] pam_faillock.so authfail +auth required pam_unix.so try_first_pass nullok auth optional pam_permit.so auth required pam_env.so -auth required pam_faillock.so authsucc -# If you drop the above call to pam_faillock.so the lock will be done also -# on non-consecutive authentication failures. --account [success=1 default=ignore] pam_systemd_home.so account required pam_unix.so account optional pam_permit.so account required pam_time.so --password [success=1 default=ignore] pam_systemd_home.so password required pam_unix.so try_first_pass nullok shadow sha512 password optional pam_permit.so -- 2.32.0