|
|
|
@ -1,4 +1,4 @@
|
|
|
|
|
From dc95ab82c6a961755c8d06949ca02c1685dca275 Mon Sep 17 00:00:00 2001
|
|
|
|
|
From dc91f590afb518ad562b8df7054f3b725f8a1d1f Mon Sep 17 00:00:00 2001
|
|
|
|
|
From: Alexey Berezhok <aberezhok@msvsphere-os.ru>
|
|
|
|
|
Date: Tue, 23 Jan 2024 23:01:57 +0300
|
|
|
|
|
Subject: [PATCH] Added GOST policy also added experimental PAM generator
|
|
|
|
@ -512,7 +512,7 @@ index 0000000..f9e4e54
|
|
|
|
|
+subid: sss {include if "with-subid"}
|
|
|
|
|
diff --git a/authselect_policies/sssd_gost/password-auth b/authselect_policies/sssd_gost/password-auth
|
|
|
|
|
new file mode 100644
|
|
|
|
|
index 0000000..c15e948
|
|
|
|
|
index 0000000..7832fb7
|
|
|
|
|
--- /dev/null
|
|
|
|
|
+++ b/authselect_policies/sssd_gost/password-auth
|
|
|
|
|
@@ -0,0 +1,39 @@
|
|
|
|
@ -542,7 +542,7 @@ index 0000000..c15e948
|
|
|
|
|
+password requisite pam_pwquality.so local_users_only
|
|
|
|
|
+password [default=1 ignore=ignore success=ok] pam_localuser.so {include if "with-pwhistory"}
|
|
|
|
|
+password requisite pam_pwhistory.so use_authtok {include if "with-pwhistory"}
|
|
|
|
|
+password sufficient pam_unix.so {if "with-gost":gost_yescript|sha512} shadow {if not "without-nullok":nullok} use_authtok
|
|
|
|
|
+password sufficient pam_unix.so {if "with-gost":gost_yescrypt|sha512} shadow {if not "without-nullok":nullok} use_authtok
|
|
|
|
|
+password [success=1 default=ignore] pam_localuser.so
|
|
|
|
|
+password sufficient pam_sss.so use_authtok
|
|
|
|
|
+password required pam_deny.so
|
|
|
|
@ -599,7 +599,7 @@ index 0000000..754847f
|
|
|
|
|
+session optional pam_gnome_keyring.so only_if=login auto_start {include if "with-pam-gnome-keyring"}
|
|
|
|
|
diff --git a/authselect_policies/sssd_gost/system-auth b/authselect_policies/sssd_gost/system-auth
|
|
|
|
|
new file mode 100644
|
|
|
|
|
index 0000000..3b352d4
|
|
|
|
|
index 0000000..31d4ee1
|
|
|
|
|
--- /dev/null
|
|
|
|
|
+++ b/authselect_policies/sssd_gost/system-auth
|
|
|
|
|
@@ -0,0 +1,46 @@
|
|
|
|
@ -636,7 +636,7 @@ index 0000000..3b352d4
|
|
|
|
|
+password requisite pam_pwquality.so local_users_only
|
|
|
|
|
+password [default=1 ignore=ignore success=ok] pam_localuser.so {include if "with-pwhistory"}
|
|
|
|
|
+password requisite pam_pwhistory.so use_authtok {include if "with-pwhistory"}
|
|
|
|
|
+password sufficient pam_unix.so {if "with-gost":gost_yescript|sha512} shadow {if not "without-nullok":nullok} use_authtok
|
|
|
|
|
+password sufficient pam_unix.so {if "with-gost":gost_yescrypt|sha512} shadow {if not "without-nullok":nullok} use_authtok
|
|
|
|
|
+password [success=1 default=ignore] pam_localuser.so
|
|
|
|
|
+password sufficient pam_sss.so use_authtok
|
|
|
|
|
+password required pam_deny.so
|
|
|
|
|