uawdijnntqw1x1x1
IP : 216.73.216.110
Hostname : 6.87.74.97.host.secureserver.net
Kernel : Linux 6.87.74.97.host.secureserver.net 4.18.0-553.83.1.el8_10.x86_64 #1 SMP Mon Nov 10 04:22:44 EST 2025 x86_64
Disable Function : None :)
OS : Linux
PATH:
/
home
/
emeraadmin
/
.htpasswds
/
..
/
www
/
uploads
/
..
/
node_modules
/
..
/
4d695
/
authselect.tar
/
/
user-nsswitch.conf000064400000004110151700142340010222 0ustar00# # /etc/nsswitch.conf # # Name Service Switch config file. This file should be # sorted with the most-used services at the beginning. # # Valid databases are: aliases, ethers, group, gshadow, hosts, # initgroups, netgroup, networks, passwd, protocols, publickey, # rpc, services, and shadow. # # Valid service provider entries include (in alphabetical order): # # compat Use /etc files plus *_compat pseudo-db # db Use the pre-processed /var/db files # dns Use DNS (Domain Name Service) # files Use the local files in /etc # hesiod Use Hesiod (DNS) for user lookups # nis Use NIS (NIS version 2), also called YP # nisplus Use NIS+ (NIS version 3) # # See `info libc 'NSS Basics'` for more information. # # Commonly used alternative service providers (may need installation): # # ldap Use LDAP directory server # myhostname Use systemd host names # mymachines Use systemd machine names # mdns*, mdns*_minimal Use Avahi mDNS/DNS-SD # resolve Use systemd resolved resolver # sss Use System Security Services Daemon (sssd) # systemd Use systemd for dynamic user option # winbind Use Samba winbind support # wins Use Samba wins support # wrapper Use wrapper module for testing # # Notes: # # # WARNING: Running nscd with a secondary caching service like sssd may # lead to unexpected behaviour, especially with how long # entries are cached. # # Installation instructions: # # To use 'db', install the appropriate package(s) (provide 'makedb' and # libnss_db.so.*), and place the 'db' in front of 'files' for entries # you want to be looked up first in the databases, like this: # # passwd: db files # shadow: db files # group: db files # In order of likelihood of use to accelerate lookup. passwd: files sss systemd shadow: files sss group: files sss systemd hosts: files dns myhostname services: files sss netgroup: sss automount: files sss aliases: files ethers: files gshadow: files # Allow initgroups to default to the setting for group. # initgroups: files networks: files dns protocols: files publickey: files rpc: files system-auth000064400000003703151700142340006752 0ustar00# Generated by authselect on Wed Aug 7 14:17:51 2024 # Do not modify this file manually. auth required pam_env.so auth required pam_faildelay.so delay=2000000 auth [default=1 ignore=ignore success=ok] pam_usertype.so isregular auth [default=1 ignore=ignore success=ok] pam_localuser.so auth required pam_hulk.so auth sufficient pam_unix.so nullok auth [default=1 ignore=ignore success=ok] pam_usertype.so isregular auth sufficient pam_sss.so forward_pass auth required pam_deny.so account required pam_unix.so account sufficient pam_localuser.so account sufficient pam_usertype.so issystem account [default=bad success=ok user_unknown=ignore] pam_sss.so account required pam_permit.so password requisite pam_pwquality.so local_users_only password sufficient pam_unix.so sha512 shadow nullok use_authtok password [success=1 default=ignore] pam_localuser.so password sufficient pam_sss.so use_authtok password required pam_deny.so session optional pam_keyinit.so revoke session required pam_limits.so -session optional pam_systemd.so session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid session required pam_unix.so session optional pam_sss.so password-auth000064400000003703151700142340007270 0ustar00# Generated by authselect on Wed Aug 7 14:17:51 2024 # Do not modify this file manually. auth required pam_env.so auth required pam_faildelay.so delay=2000000 auth [default=1 ignore=ignore success=ok] pam_usertype.so isregular auth [default=1 ignore=ignore success=ok] pam_localuser.so auth required pam_hulk.so auth sufficient pam_unix.so nullok auth [default=1 ignore=ignore success=ok] pam_usertype.so isregular auth sufficient pam_sss.so forward_pass auth required pam_deny.so account required pam_unix.so account sufficient pam_localuser.so account sufficient pam_usertype.so issystem account [default=bad success=ok user_unknown=ignore] pam_sss.so account required pam_permit.so password requisite pam_pwquality.so local_users_only password sufficient pam_unix.so sha512 shadow nullok use_authtok password [success=1 default=ignore] pam_localuser.so password sufficient pam_sss.so use_authtok password required pam_deny.so session optional pam_keyinit.so revoke session required pam_limits.so -session optional pam_systemd.so session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid session required pam_unix.so session optional pam_sss.so fingerprint-auth000064400000000214151700142340007747 0ustar00# Generated by authselect on Wed Aug 7 14:17:51 2024 # Do not modify this file manually. auth required pam_debug.so auth=authinfo_unavail smartcard-auth000064400000000214151700142340007400 0ustar00# Generated by authselect on Wed Aug 7 14:17:51 2024 # Do not modify this file manually. auth required pam_debug.so auth=authinfo_unavail postlogin000064400000000615151700142340006504 0ustar00# Generated by authselect on Wed Aug 7 14:17:51 2024 # Do not modify this file manually. session optional pam_umask.so silent session [success=1 default=ignore] pam_succeed_if.so service !~ gdm* service !~ su* quiet session [default=1] pam_lastlog.so nowtmp showfailed session optional pam_lastlog.so silent noupdate showfailed nsswitch.conf000064400000005636151700142340007264 0ustar00# Generated by authselect on Wed Aug 7 14:17:51 2024 # Do not modify this file manually. # If you want to make changes to nsswitch.conf please modify # /etc/authselect/user-nsswitch.conf and run 'authselect apply-changes'. # # Note that your changes may not be applied as they may be # overwritten by selected profile. Maps set in the authselect # profile takes always precedence and overwrites the same maps # set in the user file. Only maps that are not set by the profile # are applied from the user file. # # For example, if the profile sets: # passwd: sss files # and /etc/authselect/user-nsswitch.conf contains: # passwd: files # hosts: files dns # the resulting generated nsswitch.conf will be: # passwd: sss files # from profile # hosts: files dns # from user file passwd: files sss systemd group: files sss systemd netgroup: sss files automount: sss files services: sss files # Included from /etc/authselect/user-nsswitch.conf # # /etc/nsswitch.conf # # Name Service Switch config file. This file should be # sorted with the most-used services at the beginning. # # Valid databases are: aliases, ethers, group, gshadow, hosts, # initgroups, netgroup, networks, passwd, protocols, publickey, # rpc, services, and shadow. # # Valid service provider entries include (in alphabetical order): # # compat Use /etc files plus *_compat pseudo-db # db Use the pre-processed /var/db files # dns Use DNS (Domain Name Service) # files Use the local files in /etc # hesiod Use Hesiod (DNS) for user lookups # nis Use NIS (NIS version 2), also called YP # nisplus Use NIS+ (NIS version 3) # # See `info libc 'NSS Basics'` for more information. # # Commonly used alternative service providers (may need installation): # # ldap Use LDAP directory server # myhostname Use systemd host names # mymachines Use systemd machine names # mdns*, mdns*_minimal Use Avahi mDNS/DNS-SD # resolve Use systemd resolved resolver # sss Use System Security Services Daemon (sssd) # systemd Use systemd for dynamic user option # winbind Use Samba winbind support # wins Use Samba wins support # wrapper Use wrapper module for testing # # Notes: # # # WARNING: Running nscd with a secondary caching service like sssd may # lead to unexpected behaviour, especially with how long # entries are cached. # # Installation instructions: # # To use 'db', install the appropriate package(s) (provide 'makedb' and # libnss_db.so.*), and place the 'db' in front of 'files' for entries # you want to be looked up first in the databases, like this: # # passwd: db files # shadow: db files # group: db files # In order of likelihood of use to accelerate lookup. shadow: files sss hosts: files dns myhostname aliases: files ethers: files gshadow: files # Allow initgroups to default to the setting for group. # initgroups: files networks: files dns protocols: files publickey: files rpc: files dconf-db000064400000000347151700142340006144 0ustar00# Generated by authselect on Wed Aug 7 14:17:51 2024 # Do not modify this file manually. [org/gnome/login-screen] enable-smartcard-authentication=false enable-fingerprint-authentication=false enable-password-authentication=true dconf-locks000064400000000404151700142340006664 0ustar00# Generated by authselect on Wed Aug 7 14:17:51 2024 # Do not modify this file manually. /org/gnome/login-screen/enable-smartcard-authentication /org/gnome/login-screen/enable-fingerprint-authentication /org/gnome/login-screen/enable-password-authentication authselect.conf000064400000000006151700142340007545 0ustar00sssd default/minimal/README000064400000005111151704231640010477 0ustar00Local users only for minimal installations ========================================== Selecting this profile will enable local files as the source of identity and authentication providers. This profile can be used on systems that require minimal installation to save disk and memory space. It serves only local users and groups directly from system files instead of going through other authentication providers. Therefore SSSD, winbind and fprintd packages can be safely removed. Unless this system has strict memory and disk constraints, it is recommended to keep SSSD running and use 'sssd' profile to avoid functional limitations. AVAILABLE OPTIONAL FEATURES --------------------------- with-faillock:: Enable account locking in case of too many consecutive authentication failures. with-mkhomedir:: Enable automatic creation of home directories for users on their first login. with-ecryptfs:: Enable automatic per-user ecryptfs. with-silent-lastlog:: Do not produce pam_lastlog message during login. with-pamaccess:: Check access.conf during account authorization. with-pwhistory:: Enable pam_pwhistory module for local users. with-altfiles:: Use nss_altfiles for passwd and group nsswitch databases. without-nullok:: Do not add nullok parameter to pam_unix. DISABLE SPECIFIC NSSWITCH DATABASES ----------------------------------- Normally, nsswitch databases set by the profile overwrites values set in user-nsswitch.conf. The following options can force authselect to ignore value set by the profile and use the one set in user-nsswitch.conf instead. with-custom-aliases:: Ignore "aliases" map set by the profile. with-custom-automount:: Ignore "automount" map set by the profile. with-custom-ethers:: Ignore "ethers" map set by the profile. with-custom-group:: Ignore "group" map set by the profile. with-custom-hosts:: Ignore "hosts" map set by the profile. with-custom-initgroups:: Ignore "initgroups" map set by the profile. with-custom-netgroup:: Ignore "netgroup" map set by the profile. with-custom-networks:: Ignore "networks" map set by the profile. with-custom-passwd:: Ignore "passwd" map set by the profile. with-custom-protocols:: Ignore "protocols" map set by the profile. with-custom-publickey:: Ignore "publickey" map set by the profile. with-custom-rpc:: Ignore "rpc" map set by the profile. with-custom-services:: Ignore "services" map set by the profile. with-custom-shadow:: Ignore "shadow" map set by the profile. EXAMPLES -------- * Enable minimal profile authselect select minimal SEE ALSO -------- * man passwd(5) * man group(5) default/minimal/REQUIREMENTS000064400000001127151704231640011470 0ustar00- with-mkhomedir is selected, make sure pam_oddjob_mkhomedir module {include if "with-mkhomedir"} is present and oddjobd service is enabled and active {include if "with-mkhomedir"} - systemctl enable --now oddjobd.service {include if "with-mkhomedir"} {include if "with-mkhomedir"} - with-altfiles is selected, make sure nss_altfiles module is present {include if "with-altfiles"} default/minimal/dconf-db000064400000000147151704231640011222 0ustar00[org/gnome/login-screen] enable-smartcard-authentication=false enable-fingerprint-authentication=false default/minimal/dconf-locks000064400000000162151704231640011745 0ustar00/org/gnome/login-screen/enable-smartcard-authentication /org/gnome/login-screen/enable-fingerprint-authentication default/minimal/fingerprint-auth000064400000000061151704231640013027 0ustar00auth required pam_debug.so auth=authinfo_unavail default/minimal/nsswitch.conf000064400000002372151704231640012336 0ustar00aliases: files {exclude if "with-custom-aliases"} automount: files {exclude if "with-custom-automount"} ethers: files {exclude if "with-custom-ethers"} group: files {if "with-altfiles":altfiles }systemd {exclude if "with-custom-group"} hosts: files dns myhostname {exclude if "with-custom-hosts"} initgroups: files {exclude if "with-custom-initgroups"} netgroup: files {exclude if "with-custom-netgroup"} networks: files {exclude if "with-custom-networks"} passwd: files {if "with-altfiles":altfiles }systemd {exclude if "with-custom-passwd"} protocols: files {exclude if "with-custom-protocols"} publickey: files {exclude if "with-custom-publickey"} rpc: files {exclude if "with-custom-rpc"} services: files {exclude if "with-custom-services"} shadow: files {exclude if "with-custom-shadow"}default/minimal/password-auth000064400000004225151704231640012350 0ustar00auth required pam_env.so auth required pam_faildelay.so delay=2000000 auth required pam_faillock.so preauth silent {include if "with-faillock"} auth sufficient pam_unix.so {if not "without-nullok":nullok} auth required pam_faillock.so authfail {include if "with-faillock"} auth required pam_deny.so account required pam_access.so {include if "with-pamaccess"} account required pam_faillock.so {include if "with-faillock"} account required pam_unix.so password requisite pam_pwquality.so password [default=1 ignore=ignore success=ok] pam_localuser.so {include if "with-pwhistory"} password requisite pam_pwhistory.so use_authtok {include if "with-pwhistory"} password sufficient pam_unix.so sha512 shadow {if not "without-nullok":nullok} use_authtok password required pam_deny.so session optional pam_keyinit.so revoke session required pam_limits.so session optional pam_ecryptfs.so unwrap {include if "with-ecryptfs"} -session optional pam_systemd.so session optional pam_oddjob_mkhomedir.so {include if "with-mkhomedir"} session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid session required pam_unix.so default/minimal/postlogin000064400000001114151704231640011557 0ustar00auth optional pam_ecryptfs.so unwrap {include if "with-ecryptfs"} password optional pam_ecryptfs.so unwrap {include if "with-ecryptfs"} session optional pam_umask.so silent session [success=1 default=ignore] pam_succeed_if.so service !~ gdm* service !~ su* quiet session [default=1] pam_lastlog.so nowtmp {if "with-silent-lastlog":silent|showfailed} session optional pam_lastlog.so silent noupdate showfailed default/minimal/smartcard-auth000064400000000061151704231640012460 0ustar00auth required pam_debug.so auth=authinfo_unavail default/minimal/system-auth000064400000004225151704231640012032 0ustar00auth required pam_env.so auth required pam_faildelay.so delay=2000000 auth required pam_faillock.so preauth silent {include if "with-faillock"} auth sufficient pam_unix.so {if not "without-nullok":nullok} auth required pam_faillock.so authfail {include if "with-faillock"} auth required pam_deny.so account required pam_access.so {include if "with-pamaccess"} account required pam_faillock.so {include if "with-faillock"} account required pam_unix.so password requisite pam_pwquality.so password [default=1 ignore=ignore success=ok] pam_localuser.so {include if "with-pwhistory"} password requisite pam_pwhistory.so use_authtok {include if "with-pwhistory"} password sufficient pam_unix.so sha512 shadow {if not "without-nullok":nullok} use_authtok password required pam_deny.so session optional pam_keyinit.so revoke session required pam_limits.so session optional pam_ecryptfs.so unwrap {include if "with-ecryptfs"} -session optional pam_systemd.so session optional pam_oddjob_mkhomedir.so {include if "with-mkhomedir"} session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid session required pam_unix.so default/nis/README000064400000006115151704231640007647 0ustar00Enable NIS for system authentication ==================================== Selecting this profile will enable Network Information Services as the source of identity and authentication providers. NIS CONFIGURATION ----------------- Authselect does not touch NIS configuration. Please, read NIS' documentation to see how to configure it manually. AVAILABLE OPTIONAL FEATURES --------------------------- with-faillock:: Enable account locking in case of too many consecutive authentication failures. with-mkhomedir:: Enable automatic creation of home directories for users on their first login. with-fingerprint:: Enable authentication with fingerprint reader through *pam_fprintd*. with-pam-gnome-keyring:: Enable pam-gnome-keyring support. with-pam-u2f:: Enable authentication via u2f dongle through *pam_u2f*. with-pam-u2f-2fa:: Enable 2nd factor authentication via u2f dongle through *pam_u2f*. without-pam-u2f-nouserok:: Module argument nouserok is omitted if also with-pam-u2f-2fa is used. *WARNING*: Omitting nouserok argument means that users without pam-u2f authentication configured will not be able to log in *INCLUDING* root. Make sure you are able to log in before losing root privileges. with-silent-lastlog:: Do not produce pam_lastlog message during login. with-pamaccess:: Check access.conf during account authorization. with-pwhistory:: Enable pam_pwhistory module for local users. with-nispwquality:: If this option is set pam_pwquality module will check password quality for NIS users as well as local users during password change. Without this option only local users passwords are checked. without-nullok:: Do not add nullok parameter to pam_unix. DISABLE SPECIFIC NSSWITCH DATABASES ----------------------------------- Normally, nsswitch databases set by the profile overwrites values set in user-nsswitch.conf. The following options can force authselect to ignore value set by the profile and use the one set in user-nsswitch.conf instead. with-custom-aliases:: Ignore "aliases" map set by the profile. with-custom-automount:: Ignore "automount" map set by the profile. with-custom-ethers:: Ignore "ethers" map set by the profile. with-custom-group:: Ignore "group" map set by the profile. with-custom-hosts:: Ignore "hosts" map set by the profile. with-custom-initgroups:: Ignore "initgroups" map set by the profile. with-custom-netgroup:: Ignore "netgroup" map set by the profile. with-custom-networks:: Ignore "networks" map set by the profile. with-custom-passwd:: Ignore "passwd" map set by the profile. with-custom-protocols:: Ignore "protocols" map set by the profile. with-custom-publickey:: Ignore "publickey" map set by the profile. with-custom-rpc:: Ignore "rpc" map set by the profile. with-custom-services:: Ignore "services" map set by the profile. with-custom-shadow:: Ignore "shadow" map set by the profile. EXAMPLES -------- * Enable NIS with no additional modules authselect select nis * Enable NIS and create home directories for users on their first login authselect select nis with-mkhomedir default/nis/REQUIREMENTS000064400000003606151704231640010637 0ustar00Make sure that NIS service is configured and enabled. See NIS documentation for more information. {include if "with-fingerprint"} - with-fingerprint is selected, make sure fprintd service is configured and enabled {include if "with-fingerprint"} {include if "with-pam-u2f"} - with-pam-u2f is selected, make sure that the pam u2f module is installed {include if "with-pam-u2f"} - users can then configure keys using the pamu2fcfg tool {include if "with-pam-u2f"} {include if "with-pam-gnome-keyring"} - with-pam-gnome-keyring is selected, make sure the pam_gnome_keyring module {include if "with-pam-gnome-keyring"} is present. {include if "with-pam-gnome-keyring"} {include if "with-pam-u2f-2fa"} - with-pam-u2f-2fa is selected, make sure that the pam u2f module is installed {include if "with-pam-u2f-2fa"} - users can then configure keys using the pamu2fcfg tool {include if "with-pam-u2f-2fa"} {include if "with-mkhomedir"} - with-mkhomedir is selected, make sure pam_oddjob_mkhomedir module {include if "with-mkhomedir"} is present and oddjobd service is enabled and active {include if "with-mkhomedir"} - systemctl enable --now oddjobd.service {include if "with-mkhomedir"} default/nis/dconf-db000064400000000204151704231640010357 0ustar00[org/gnome/login-screen] enable-smartcard-authentication=false enable-fingerprint-authentication={if "with-fingerprint":true|false} default/nis/dconf-locks000064400000000162151704231640011110 0ustar00/org/gnome/login-screen/enable-smartcard-authentication /org/gnome/login-screen/enable-fingerprint-authentication default/nis/fingerprint-auth000064400000003531151704231640012177 0ustar00auth required pam_debug.so auth=authinfo_unavail {exclude if "with-fingerprint"} {continue if "with-fingerprint"} auth required pam_env.so auth required pam_faillock.so preauth silent {include if "with-faillock"} auth [success=done default=bad] pam_fprintd.so auth required pam_faillock.so authfail {include if "with-faillock"} auth optional pam_gnome_keyring.so only_if=login auto_start {include if "with-pam-gnome-keyring"} auth required pam_deny.so account required pam_access.so {include if "with-pamaccess"} account required pam_faillock.so {include if "with-faillock"} account required pam_unix.so broken_shadow password required pam_deny.so session optional pam_keyinit.so revoke session required pam_limits.so -session optional pam_systemd.so session optional pam_oddjob_mkhomedir.so {include if "with-mkhomedir"} session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid session required pam_unix.so session optional pam_gnome_keyring.so only_if=login auto_start {include if "with-pam-gnome-keyring"} default/nis/nsswitch.conf000064400000002033151704231640011473 0ustar00aliases: files nis {exclude if "with-custom-aliases"} automount: files nis {exclude if "with-custom-automount"} ethers: files nis {exclude if "with-custom-ethers"} group: files nis systemd {exclude if "with-custom-group"} hosts: files nis dns myhostname {exclude if "with-custom-hosts"} initgroups: files nis {exclude if "with-custom-initgroups"} netgroup: files nis {exclude if "with-custom-netgroup"} networks: files nis {exclude if "with-custom-networks"} passwd: files nis systemd {exclude if "with-custom-passwd"} protocols: files nis {exclude if "with-custom-protocols"} publickey: files nis {exclude if "with-custom-publickey"} rpc: files nis {exclude if "with-custom-rpc"} services: files nis {exclude if "with-custom-services"} shadow: files nis {exclude if "with-custom-shadow"} default/nis/password-auth000064400000005245151704231640011516 0ustar00auth required pam_env.so auth required pam_faildelay.so delay=2000000 auth required pam_faillock.so preauth silent {include if "with-faillock"} auth sufficient pam_u2f.so cue {include if "with-pam-u2f"} auth required pam_u2f.so cue {if not "without-pam-u2f-nouserok":nouserok} {include if "with-pam-u2f-2fa"} auth sufficient pam_unix.so {if not "without-nullok":nullok} auth required pam_faillock.so authfail {include if "with-faillock"} auth optional pam_gnome_keyring.so only_if=login auto_start {include if "with-pam-gnome-keyring"} auth required pam_deny.so account required pam_access.so {include if "with-pamaccess"} account required pam_faillock.so {include if "with-faillock"} account required pam_unix.so broken_shadow password requisite pam_pwquality.so {if not "with-nispwquality":local_users_only} password [default=1 ignore=ignore success=ok] pam_localuser.so {include if "with-pwhistory"} password requisite pam_pwhistory.so use_authtok {include if "with-pwhistory"} password sufficient pam_unix.so sha512 shadow {if not "without-nullok":nullok} use_authtok nis password required pam_deny.so session optional pam_keyinit.so revoke session required pam_limits.so -session optional pam_systemd.so session optional pam_oddjob_mkhomedir.so {include if "with-mkhomedir"} session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid session required pam_unix.so session optional pam_gnome_keyring.so only_if=login auto_start {include if "with-pam-gnome-keyring"} default/nis/postlogin000064400000000524151704231640010726 0ustar00session optional pam_umask.so silent session [success=1 default=ignore] pam_succeed_if.so service !~ gdm* service !~ su* quiet session [default=1] pam_lastlog.so nowtmp {if "with-silent-lastlog":silent|showfailed} session optional pam_lastlog.so silent noupdate showfailed default/nis/smartcard-auth000064400000000061151704231640011623 0ustar00auth required pam_debug.so auth=authinfo_unavail default/nis/system-auth000064400000005446151704231640011203 0ustar00auth required pam_env.so auth required pam_faildelay.so delay=2000000 auth required pam_faillock.so preauth silent {include if "with-faillock"} auth sufficient pam_fprintd.so {include if "with-fingerprint"} auth sufficient pam_u2f.so cue {include if "with-pam-u2f"} auth required pam_u2f.so cue {if not "without-pam-u2f-nouserok":nouserok} {include if "with-pam-u2f-2fa"} auth sufficient pam_unix.so {if not "without-nullok":nullok} auth required pam_faillock.so authfail {include if "with-faillock"} auth optional pam_gnome_keyring.so only_if=login auto_start {include if "with-pam-gnome-keyring"} auth required pam_deny.so account required pam_access.so {include if "with-pamaccess"} account required pam_faillock.so {include if "with-faillock"} account required pam_unix.so broken_shadow password requisite pam_pwquality.so {if not "with-nispwquality":local_users_only} password [default=1 ignore=ignore success=ok] pam_localuser.so {include if "with-pwhistory"} password requisite pam_pwhistory.so use_authtok {include if "with-pwhistory"} password sufficient pam_unix.so sha512 shadow {if not "without-nullok":nullok} use_authtok nis password required pam_deny.so session optional pam_keyinit.so revoke session required pam_limits.so -session optional pam_systemd.so session optional pam_oddjob_mkhomedir.so {include if "with-mkhomedir"} session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid session required pam_unix.so session optional pam_gnome_keyring.so only_if=login auto_start {include if "with-pam-gnome-keyring"} default/sssd/README000064400000011031151704231640010023 0ustar00Enable SSSD for system authentication (also for local users only) ================================================================= Selecting this profile will enable SSSD as the source of identity and authentication providers. SSSD provides a set of daemons to manage access to remote directories and authentication mechanisms such as LDAP, Kerberos, FreeIPA or AD. It provides an NSS and PAM interface toward the system and a pluggable backend system to connect to multiple different account sources. More information about SSSD can be found on its project page: https://sssd.io However, if you do not want to keep SSSD running on your machine, you can keep this profile selected and just disable SSSD service. The resulting configuration will still work correctly even with SSSD disabled and local users and groups will be read from local files directly. SSSD CONFIGURATION ------------------ Authselect does not touch SSSD's configuration. Please, read SSSD's documentation to see how to configure it manually. Only local users will be available on the system if there is no existing SSSD configuration. AVAILABLE OPTIONAL FEATURES --------------------------- with-faillock:: Enable account locking in case of too many consecutive authentication failures. with-mkhomedir:: Enable automatic creation of home directories for users on their first login. with-smartcard:: Enable authentication with smartcards through SSSD. Please note that smartcard support must be also explicitly enabled within SSSD's configuration. with-smartcard-lock-on-removal:: Lock screen when a smartcard is removed. with-smartcard-required:: Smartcard authentication is required. No other means of authentication (including password) will be enabled. with-fingerprint:: Enable authentication with fingerprint reader through *pam_fprintd*. with-pam-gnome-keyring:: Enable pam-gnome-keyring support. with-pam-u2f:: Enable authentication via u2f dongle through *pam_u2f*. with-pam-u2f-2fa:: Enable 2nd factor authentication via u2f dongle through *pam_u2f*. without-pam-u2f-nouserok:: Module argument nouserok is omitted if also with-pam-u2f-2fa is used. *WARNING*: Omitting nouserok argument means that users without pam-u2f authentication configured will not be able to log in *INCLUDING* root. Make sure you are able to log in before losing root privileges. with-silent-lastlog:: Do not produce pam_lastlog message during login. with-sudo:: Allow sudo to use SSSD as a source for sudo rules in addition of /etc/sudoers. with-pamaccess:: Check access.conf during account authorization. with-pwhistory:: Enable pam_pwhistory module for local users. with-files-domain:: If set, SSSD will be contacted before "files" when resolving users and groups. The order in nsswitch.conf will be set to "sss files" instead of "files sss" for passwd and group maps. with-files-access-provider:: If set, account management for local users is handled also by pam_sss. This is needed if there is an explicitly configured domain with id_provider=files and non-empty access_provider setting in sssd.conf. *WARNING:* SSSD access check will become mandatory for local users and if SSSD is stopped then local users will not be able to log in. Only system accounts (as defined by pam_usertype, including root) will be able to log in. with-gssapi:: If set, pam_sss_gss module is enabled to perform user authentication over GSSAPI. with-subid:: Enable SSSD as a source of subid database in /etc/nsswitch.conf. without-nullok:: Do not add nullok parameter to pam_unix. DISABLE SPECIFIC NSSWITCH DATABASES ----------------------------------- Normally, nsswitch databases set by the profile overwrites values set in user-nsswitch.conf. The following options can force authselect to ignore value set by the profile and use the one set in user-nsswitch.conf instead. with-custom-passwd:: Ignore "passwd" database set by the profile. with-custom-group:: Ignore "group" database set by the profile. with-custom-netgroup:: Ignore "netgroup" database set by the profile. with-custom-automount:: Ignore "automount" database set by the profile. with-custom-services:: Ignore "services" database set by the profile. EXAMPLES -------- * Enable SSSD with sudo and smartcard support authselect select sssd with-sudo with-smartcard * Enable SSSD with sudo support and create home directories for users on their first login authselect select sssd with-mkhomedir with-sudo SEE ALSO -------- * man sssd.conf(5) default/sssd/REQUIREMENTS000064400000006260151704231640011021 0ustar00Make sure that SSSD service is configured and enabled. See SSSD documentation for more information. {include if "with-smartcard"} - with-smartcard is selected, make sure smartcard authentication is enabled in sssd.conf: {include if "with-smartcard"} - set "pam_cert_auth = True" in [pam] section {include if "with-smartcard"} {include if "with-fingerprint"} - with-fingerprint is selected, make sure fprintd service is configured and enabled {include if "with-fingerprint"} {include if "with-pam-gnome-keyring"} - with-pam-gnome-keyring is selected, make sure the pam_gnome_keyring module {include if "with-pam-gnome-keyring"} is present. {include if "with-pam-gnome-keyring"} {include if "with-pam-u2f"} - with-pam-u2f is selected, make sure that the pam u2f module is installed {include if "with-pam-u2f"} - users can then configure keys using the pamu2fcfg tool {include if "with-pam-u2f"} {include if "with-pam-u2f-2fa"} - with-pam-u2f-2fa is selected, make sure that the pam u2f module is installed {include if "with-pam-u2f-2fa"} - users can then configure keys using the pamu2fcfg tool {include if "with-pam-u2f-2fa"} {include if "with-mkhomedir"} - with-mkhomedir is selected, make sure pam_oddjob_mkhomedir module {include if "with-mkhomedir"} is present and oddjobd service is enabled and active {include if "with-mkhomedir"} - systemctl enable --now oddjobd.service {include if "with-mkhomedir"} {include if "with-files-domain"} - with-files-domain is selected, make sure the files provider is enabled in SSSD {include if "with-files-domain"} - set enable_files_domain=true in [sssd] section of /etc/sssd/sssd.conf {include if "with-files-domain"} - or create a custom domain with id_provider=files {include if "with-files-domain"} {include if "with-gssapi"} - with-gssapi is selected, make sure that GSSAPI authenticaiton is enabled in SSSD {include if "with-gssapi"} - set pam_gssapi_services to a list of allowed services in /etc/sssd/sssd.conf {include if "with-gssapi"} - see additional information in pam_sss_gss(8) {include if "with-gssapi"} default/sssd/dconf-db000064400000001034151704231640010544 0ustar00{imply "with-smartcard" if "with-smartcard-required"} {imply "with-smartcard" if "with-smartcard-lock-on-removal"} [org/gnome/login-screen] enable-smartcard-authentication={if "with-smartcard":true|false} enable-fingerprint-authentication={if "with-fingerprint":true|false} enable-password-authentication={if "with-smartcard-required":false|true} [org/gnome/settings-daemon/peripherals/smartcard] {include if "with-smartcard-lock-on-removal"} removal-action='lock-screen' {include if "with-smartcard-lock-on-removal"} default/sssd/dconf-locks000064400000000427151704231640011277 0ustar00/org/gnome/login-screen/enable-smartcard-authentication /org/gnome/login-screen/enable-fingerprint-authentication /org/gnome/login-screen/enable-password-authentication /org/gnome/settings-daemon/peripherals/smartcard/removal-action {include if "with-smartcard-lock-on-removal"} default/sssd/fingerprint-auth000064400000004635151704231640012370 0ustar00auth required pam_debug.so auth=authinfo_unavail {exclude if "with-fingerprint"} {continue if "with-fingerprint"} auth required pam_env.so auth required pam_deny.so # Smartcard authentication is required {include if "with-smartcard-required"} auth required pam_faillock.so preauth silent {include if "with-faillock"} auth [success=done default=bad] pam_fprintd.so auth required pam_faillock.so authfail {include if "with-faillock"} auth optional pam_gnome_keyring.so only_if=login auto_start {include if "with-pam-gnome-keyring"} auth required pam_deny.so account required pam_access.so {include if "with-pamaccess"} account required pam_faillock.so {include if "with-faillock"} account required pam_unix.so account sufficient pam_localuser.so {exclude if "with-files-access-provider"} account sufficient pam_usertype.so issystem account [default=bad success=ok user_unknown=ignore] pam_sss.so account required pam_permit.so password required pam_deny.so session optional pam_keyinit.so revoke session required pam_limits.so -session optional pam_systemd.so session optional pam_oddjob_mkhomedir.so {include if "with-mkhomedir"} session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid session required pam_unix.so session optional pam_sss.so session optional pam_gnome_keyring.so only_if=login auto_start {include if "with-pam-gnome-keyring"} default/sssd/nsswitch.conf000064400000000771151704231640011665 0ustar00passwd: {if "with-files-domain":sss files|files sss} systemd {exclude if "with-custom-passwd"} group: {if "with-files-domain":sss files|files sss} systemd {exclude if "with-custom-group"} netgroup: sss files {exclude if "with-custom-netgroup"} automount: sss files {exclude if "with-custom-automount"} services: sss files {exclude if "with-custom-services"} sudoers: files sss {include if "with-sudo"} subid: sss {include if "with-subid"} default/sssd/password-auth000064400000007224151704231640011700 0ustar00auth required pam_env.so auth required pam_faildelay.so delay=2000000 auth required pam_deny.so # Smartcard authentication is required {include if "with-smartcard-required"} auth required pam_faillock.so preauth silent {include if "with-faillock"} auth sufficient pam_u2f.so cue {include if "with-pam-u2f"} auth required pam_u2f.so cue {if not "without-pam-u2f-nouserok":nouserok} {include if "with-pam-u2f-2fa"} auth [default=1 ignore=ignore success=ok] pam_usertype.so isregular auth [default=1 ignore=ignore success=ok] pam_localuser.so auth sufficient pam_unix.so {if not "without-nullok":nullok} auth [default=1 ignore=ignore success=ok] pam_usertype.so isregular auth sufficient pam_sss.so forward_pass auth required pam_faillock.so authfail {include if "with-faillock"} auth optional pam_gnome_keyring.so auto_start {include if "with-pam-gnome-keyring"} auth required pam_deny.so account required pam_access.so {include if "with-pamaccess"} account required pam_faillock.so {include if "with-faillock"} account required pam_unix.so account sufficient pam_localuser.so {exclude if "with-files-access-provider"} account sufficient pam_usertype.so issystem account [default=bad success=ok user_unknown=ignore] pam_sss.so account required pam_permit.so password requisite pam_pwquality.so local_users_only password [default=1 ignore=ignore success=ok] pam_localuser.so {include if "with-pwhistory"} password requisite pam_pwhistory.so use_authtok {include if "with-pwhistory"} password sufficient pam_unix.so sha512 shadow {if not "without-nullok":nullok} use_authtok password [success=1 default=ignore] pam_localuser.so password sufficient pam_sss.so use_authtok password required pam_deny.so session optional pam_keyinit.so revoke session required pam_limits.so -session optional pam_systemd.so session optional pam_oddjob_mkhomedir.so {include if "with-mkhomedir"} session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid session required pam_unix.so session optional pam_sss.so session optional pam_gnome_keyring.so auto_start {include if "with-pam-gnome-keyring"} default/sssd/postlogin000064400000000524151704231640011111 0ustar00session optional pam_umask.so silent session [success=1 default=ignore] pam_succeed_if.so service !~ gdm* service !~ su* quiet session [default=1] pam_lastlog.so nowtmp {if "with-silent-lastlog":silent|showfailed} session optional pam_lastlog.so silent noupdate showfailed default/sssd/smartcard-auth000064400000004463151704231640012020 0ustar00{imply "with-smartcard" if "with-smartcard-required"} auth required pam_debug.so auth=authinfo_unavail {exclude if "with-smartcard"} {continue if "with-smartcard"} auth required pam_env.so auth required pam_faillock.so preauth silent {include if "with-faillock"} auth sufficient pam_sss.so allow_missing_name {if "with-smartcard-required":require_cert_auth} auth required pam_faillock.so authfail {include if "with-faillock"} auth optional pam_gnome_keyring.so only_if=login auto_start {include if "with-pam-gnome-keyring"} auth required pam_deny.so account required pam_access.so {include if "with-pamaccess"} account required pam_faillock.so {include if "with-faillock"} account required pam_unix.so account sufficient pam_localuser.so {exclude if "with-files-access-provider"} account sufficient pam_usertype.so issystem account [default=bad success=ok user_unknown=ignore] pam_sss.so account required pam_permit.so session optional pam_keyinit.so revoke session required pam_limits.so -session optional pam_systemd.so session optional pam_oddjob_mkhomedir.so {include if "with-mkhomedir"} session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid session required pam_unix.so session optional pam_sss.so session optional pam_gnome_keyring.so only_if=login auto_start {include if "with-pam-gnome-keyring"} default/sssd/system-auth000064400000011252151704231640011356 0ustar00{imply "with-smartcard" if "with-smartcard-required"} auth required pam_env.so auth required pam_faildelay.so delay=2000000 auth required pam_faillock.so preauth silent {include if "with-faillock"} auth [success=1 default=ignore] pam_succeed_if.so service notin login:gdm:xdm:kdm:kde:xscreensaver:gnome-screensaver:kscreensaver quiet use_uid {include if "with-smartcard-required"} auth [success=done ignore=ignore default=die] pam_sss.so require_cert_auth ignore_authinfo_unavail {include if "with-smartcard-required"} auth sufficient pam_fprintd.so {include if "with-fingerprint"} auth sufficient pam_u2f.so cue {include if "with-pam-u2f"} auth required pam_u2f.so cue {if not "without-pam-u2f-nouserok":nouserok} {include if "with-pam-u2f-2fa"} auth [default=1 ignore=ignore success=ok] pam_usertype.so isregular auth [default=1 ignore=ignore success=ok] pam_localuser.so {exclude if "with-smartcard"} auth [default=2 ignore=ignore success=ok] pam_localuser.so {include if "with-smartcard"} auth [success=done authinfo_unavail=ignore user_unknown=ignore ignore=ignore default=die] pam_sss.so try_cert_auth {include if "with-smartcard"} auth sufficient pam_unix.so {if not "without-nullok":nullok} auth [default=1 ignore=ignore success=ok] pam_usertype.so isregular {include if "with-gssapi"} auth sufficient pam_sss_gss.so {include if "with-gssapi"} auth [default=1 ignore=ignore success=ok] pam_usertype.so isregular auth sufficient pam_sss.so forward_pass auth required pam_faillock.so authfail {include if "with-faillock"} auth optional pam_gnome_keyring.so only_if=login auto_start {include if "with-pam-gnome-keyring"} auth required pam_deny.so account required pam_access.so {include if "with-pamaccess"} account required pam_faillock.so {include if "with-faillock"} account required pam_unix.so account sufficient pam_localuser.so {exclude if "with-files-access-provider"} account sufficient pam_usertype.so issystem account [default=bad success=ok user_unknown=ignore] pam_sss.so account required pam_permit.so password requisite pam_pwquality.so local_users_only password [default=1 ignore=ignore success=ok] pam_localuser.so {include if "with-pwhistory"} password requisite pam_pwhistory.so use_authtok {include if "with-pwhistory"} password sufficient pam_unix.so sha512 shadow {if not "without-nullok":nullok} use_authtok password [success=1 default=ignore] pam_localuser.so password sufficient pam_sss.so use_authtok password required pam_deny.so session optional pam_keyinit.so revoke session required pam_limits.so -session optional pam_systemd.so session optional pam_oddjob_mkhomedir.so {include if "with-mkhomedir"} session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid session required pam_unix.so session optional pam_sss.so session optional pam_gnome_keyring.so only_if=login auto_start {include if "with-pam-gnome-keyring"} default/winbind/README000064400000005666151704231640010522 0ustar00Enable winbind for system authentication ======================================== Selecting this profile will enable Samba's winbind as the source of identity and authentication providers. The Samba standard Windows interoperability suite of utilities allows Linux systems to join an Active Directory environment by making them appear to be Windows clients. As a means of systems integration, Samba allows a Linux client to join an Active Directory Kerberos realm and to use Active Directory as its identity store. Winbind is a component of the Samba suite to provide unified logon. It uses a UNIX implementation of Microsoft RPC calls, Pluggable Authentication Modules (PAMs), and the Name Service Switch (NSS) to allow Windows domain users to appear and operate as UNIX users on a UNIX system. WINBIND CONFIGURATION --------------------- Authselect does not touch winbind's configuration. Please, read winbind's documentation to see how to configure it manually. Only local users will be available on the system if there is no existing winbind configuration. AVAILABLE OPTIONAL FEATURES --------------------------- with-faillock:: Enable account locking in case of too many consecutive authentication failures. with-mkhomedir:: Enable automatic creation of home directories for users on their first login. with-fingerprint:: Enable authentication with fingerprint reader through *pam_fprintd*. with-pam-gnome-keyring:: Enable pam-gnome-keyring support. with-pam-u2f:: Enable authentication via u2f dongle through *pam_u2f*. with-pam-u2f-2fa:: Enable 2nd factor authentication via u2f dongle through *pam_u2f*. without-pam-u2f-nouserok:: Module argument nouserok is omitted if also with-pam-u2f-2fa is used. *WARNING*: Omitting nouserok argument means that users without pam-u2f authentication configured will not be able to log in *INCLUDING* root. Make sure you are able to log in before losing root privileges. with-krb5:: Enable Kerberos authentication with *pam_winbind*. with-silent-lastlog:: Do not produce pam_lastlog message during login. with-pamaccess:: Check access.conf during account authorization. with-pwhistory:: Enable pam_pwhistory module for local users. without-nullok:: Do not add nullok parameter to pam_unix. DISABLE SPECIFIC NSSWITCH DATABASES ----------------------------------- Normally, nsswitch databases set by the profile overwrites values set in user-nsswitch.conf. The following options can force authselect to ignore value set by the profile and use the one set in user-nsswitch.conf instead. with-custom-passwd:: Ignore "passwd" database set by the profile. with-custom-group:: Ignore "group" database set by the profile. EXAMPLES -------- * Enable winbind with no additional modules authselect select winbind * Enable winbind and create home directories for users on their first login authselect select winbind with-mkhomedir SEE ALSO -------- * man winbindd(8) default/winbind/REQUIREMENTS000064400000003616151704231640011501 0ustar00Make sure that winbind service is configured and enabled. See winbind documentation for more information. {include if "with-fingerprint"} - with-fingerprint is selected, make sure fprintd service is configured and enabled {include if "with-fingerprint"} {include if "with-pam-gnome-keyring"} - with-pam-gnome-keyring is selected, make sure the pam_gnome_keyring module {include if "with-pam-gnome-keyring"} is present. {include if "with-pam-gnome-keyring"} {include if "with-pam-u2f"} - with-pam-u2f is selected, make sure that the pam u2f module is installed {include if "with-pam-u2f"} - users can then configure keys using the pamu2fcfg tool {include if "with-pam-u2f"} {include if "with-pam-u2f-2fa"} - with-pam-u2f-2fa is selected, make sure that the pam u2f module is installed {include if "with-pam-u2f-2fa"} - users can then configure keys using the pamu2fcfg tool {include if "with-pam-u2f-2fa"} {include if "with-mkhomedir"} - with-mkhomedir is selected, make sure pam_oddjob_mkhomedir module {include if "with-mkhomedir"} is present and oddjobd service is enabled and active {include if "with-mkhomedir"} - systemctl enable --now oddjobd.service {include if "with-mkhomedir"} default/winbind/dconf-db000064400000000204151704231640011220 0ustar00[org/gnome/login-screen] enable-smartcard-authentication=false enable-fingerprint-authentication={if "with-fingerprint":true|false} default/winbind/dconf-locks000064400000000162151704231640011751 0ustar00/org/gnome/login-screen/enable-smartcard-authentication /org/gnome/login-screen/enable-fingerprint-authentication default/winbind/fingerprint-auth000064400000004402151704231640013036 0ustar00auth required pam_debug.so auth=authinfo_unavail {exclude if "with-fingerprint"} {continue if "with-fingerprint"} auth required pam_env.so auth required pam_faillock.so preauth silent {include if "with-faillock"} auth [success=done default=bad] pam_fprintd.so auth required pam_faillock.so authfail {include if "with-faillock"} auth optional pam_gnome_keyring.so only_if=login auto_start {include if "with-pam-gnome-keyring"} auth required pam_deny.so account required pam_access.so {include if "with-pamaccess"} account required pam_faillock.so {include if "with-faillock"} account required pam_unix.so broken_shadow account sufficient pam_localuser.so account sufficient pam_usertype.so issystem account [default=bad success=ok user_unknown=ignore] pam_winbind.so {if "with-krb5":krb5_auth} account required pam_permit.so password required pam_deny.so session optional pam_keyinit.so revoke session required pam_limits.so -session optional pam_systemd.so session optional pam_oddjob_mkhomedir.so {include if "with-mkhomedir"} session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid session required pam_unix.so session optional pam_winbind.so {if "with-krb5":krb5_auth} session optional pam_gnome_keyring.so only_if=login auto_start {include if "with-pam-gnome-keyring"} default/winbind/nsswitch.conf000064400000000215151704231640012334 0ustar00passwd: files winbind systemd {exclude if "with-custom-passwd"} group: files winbind systemd {exclude if "with-custom-group"} default/winbind/password-auth000064400000006541151704231640012357 0ustar00auth required pam_env.so auth required pam_faildelay.so delay=2000000 auth required pam_faillock.so preauth silent {include if "with-faillock"} auth sufficient pam_u2f.so cue {include if "with-pam-u2f"} auth required pam_u2f.so cue {if not "without-pam-u2f-nouserok":nouserok} {include if "with-pam-u2f-2fa"} auth sufficient pam_unix.so {if not "without-nullok":nullok} auth [default=1 ignore=ignore success=ok] pam_usertype.so isregular auth sufficient pam_winbind.so {if "with-krb5":krb5_auth} use_first_pass auth required pam_faillock.so authfail {include if "with-faillock"} auth optional pam_gnome_keyring.so only_if=login auto_start {include if "with-pam-gnome-keyring"} auth required pam_deny.so account required pam_access.so {include if "with-pamaccess"} account required pam_faillock.so {include if "with-faillock"} account required pam_unix.so broken_shadow account sufficient pam_localuser.so account sufficient pam_usertype.so issystem account [default=bad success=ok user_unknown=ignore] pam_winbind.so {if "with-krb5":krb5_auth} account required pam_permit.so password requisite pam_pwquality.so local_users_only password [default=1 ignore=ignore success=ok] pam_localuser.so {include if "with-pwhistory"} password requisite pam_pwhistory.so use_authtok {include if "with-pwhistory"} password sufficient pam_unix.so sha512 shadow {if not "without-nullok":nullok} use_authtok password sufficient pam_winbind.so {if "with-krb5":krb5_auth} use_authtok password required pam_deny.so session optional pam_keyinit.so revoke session required pam_limits.so -session optional pam_systemd.so session optional pam_oddjob_mkhomedir.so {include if "with-mkhomedir"} session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid session required pam_unix.so session optional pam_winbind.so {if "with-krb5":krb5_auth} session optional pam_gnome_keyring.so only_if=login auto_start {include if "with-pam-gnome-keyring"} default/winbind/postlogin000064400000000524151704231640011567 0ustar00session optional pam_umask.so silent session [success=1 default=ignore] pam_succeed_if.so service !~ gdm* service !~ su* quiet session [default=1] pam_lastlog.so nowtmp {if "with-silent-lastlog":silent|showfailed} session optional pam_lastlog.so silent noupdate showfailed default/winbind/smartcard-auth000064400000000061151704231640012464 0ustar00auth required pam_debug.so auth=authinfo_unavail default/winbind/system-auth000064400000006742151704231640012044 0ustar00auth required pam_env.so auth required pam_faildelay.so delay=2000000 auth required pam_faillock.so preauth silent {include if "with-faillock"} auth sufficient pam_fprintd.so {include if "with-fingerprint"} auth sufficient pam_u2f.so cue {include if "with-pam-u2f"} auth required pam_u2f.so cue {if not "without-pam-u2f-nouserok":nouserok} {include if "with-pam-u2f-2fa"} auth sufficient pam_unix.so {if not "without-nullok":nullok} auth [default=1 ignore=ignore success=ok] pam_usertype.so isregular auth sufficient pam_winbind.so {if "with-krb5":krb5_auth} use_first_pass auth required pam_faillock.so authfail {include if "with-faillock"} auth optional pam_gnome_keyring.so only_if=login auto_start {include if "with-pam-gnome-keyring"} auth required pam_deny.so account required pam_access.so {include if "with-pamaccess"} account required pam_faillock.so {include if "with-faillock"} account required pam_unix.so broken_shadow account sufficient pam_localuser.so account sufficient pam_usertype.so issystem account [default=bad success=ok user_unknown=ignore] pam_winbind.so {if "with-krb5":krb5_auth} account required pam_permit.so password requisite pam_pwquality.so local_users_only password [default=1 ignore=ignore success=ok] pam_localuser.so {include if "with-pwhistory"} password requisite pam_pwhistory.so use_authtok {include if "with-pwhistory"} password sufficient pam_unix.so sha512 shadow {if not "without-nullok":nullok} use_authtok password sufficient pam_winbind.so {if "with-krb5":krb5_auth} use_authtok password required pam_deny.so session optional pam_keyinit.so revoke session required pam_limits.so -session optional pam_systemd.so session optional pam_oddjob_mkhomedir.so {include if "with-mkhomedir"} session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid session required pam_unix.so session optional pam_winbind.so {if "with-krb5":krb5_auth} session optional pam_gnome_keyring.so only_if=login auto_start {include if "with-pam-gnome-keyring"}
/home/emeraadmin/.htpasswds/../www/uploads/../node_modules/../4d695/authselect.tar