From 4e5e41c2e5607a298f30f679aa7ba8c4994033e3 Mon Sep 17 00:00:00 2001 From: Sam James Date: Wed, 5 Aug 2020 06:10:02 +0000 Subject: templates/*: remove unnecessary strips Now obsolete as of 732fb3bbfd7d007fdca78dd4587f1a7bd34bfa6c. Signed-off-by: Sam James --- templates/login.tpl | 4 ++-- templates/system-auth.tpl | 44 ++++++++++++++++++++++---------------------- templates/system-login.tpl | 28 ++++++++++++++-------------- templates/system-session.tpl | 12 ++++++------ 4 files changed, 44 insertions(+), 44 deletions(-) diff --git a/templates/login.tpl b/templates/login.tpl index 7476cb7..23e262a 100644 --- a/templates/login.tpl +++ b/templates/login.tpl @@ -1,6 +1,6 @@ -{% if securetty -%} +{% if securetty %} auth required pam_securetty.so -{% endif -%} +{% endif %} auth include system-local-login account include system-local-login diff --git a/templates/system-auth.tpl b/templates/system-auth.tpl index e8a6d91..298e45c 100644 --- a/templates/system-auth.tpl +++ b/templates/system-auth.tpl @@ -1,54 +1,54 @@ auth required pam_env.so {{ debug|default('', true) }} -{% if pam_ssh -%} +{% if pam_ssh %} auth sufficient pam_ssh.so -{% endif -%} +{% endif %} -{% if krb5 -%} +{% if krb5 %} auth [success=1 default=ignore] pam_krb5.so {{ krb5_params }} -{% endif -%} +{% endif %} auth required pam_unix.so try_first_pass {{ likeauth }} {{ nullok|default('', true) }} {{ debug|default('', true) }} auth optional pam_permit.so -{% if not minimal -%} +{% if not minimal %} auth required pam_faillock.so preauth silent audit deny=3 unlock_time=600 auth sufficient pam_unix.so {{ nullok|default('', true) }} try_first_pass auth [default=die] pam_faillock.so authfail audit deny=3 unlock_time=600 -{% endif -%} +{% endif %} -{% if krb5 -%} +{% if krb5 %} account [success=1 default=ignore] pam_krb5.so {{ krb5_params }} -{% endif -%} +{% endif %} account required pam_unix.so {{ debug|default('', true) }} account optional pam_permit.so -{% if not minimal -%} +{% if not minimal %} account required pam_faillock.so -{% endif -%} +{% endif %} -{% if passwdqc -%} +{% if passwdqc %} password required pam_passwdqc.so min=8,8,8,8,8 retry=3 -{% endif -%} +{% endif %} -{% if krb5 -%} +{% if krb5 %} password [success=1 default=ignore] pam_krb5.so {{ krb5_params }} -{% endif -%} +{% endif %} password required pam_unix.so try_first_pass {{ unix_authtok|default('', true) }} {{ nullok|default('', true) }} {{ unix_extended_encryption|default('', true) }} {{ debug|default('', true) }} password optional pam_permit.so -{%- if pam_ssh %} +{% if pam_ssh %} session optional pam_ssh.so -{% endif -%} +{% endif %} -{% if systemd -%} +{% if systemd %} -session optional pam_systemd.so -{% endif -%} +{% endif %} -{% if elogind -%} +{% if elogind %} -session optional pam_elogind.so -{% endif -%} +{% endif %} -{% if libcap -%} +{% if libcap %} -session optional pam_libcap.so -{% endif -%} +{% endif %} {% include "templates/system-session.tpl" %} diff --git a/templates/system-login.tpl b/templates/system-login.tpl index d8df530..d51481b 100644 --- a/templates/system-login.tpl +++ b/templates/system-login.tpl @@ -1,39 +1,39 @@ auth required pam_shells.so {{ debug|default('', true) }} auth required pam_nologin.so auth include system-auth -{% if not minimal -%} +{% if not minimal %} auth required pam_faillock.so preauth silent audit deny=3 unlock_time=600 auth sufficient pam_unix.so nullok try_first_pass auth [default=die] pam_faillock.so authfail audit deny=3 unlock_time=600 -{% endif -%} +{% endif %} account required pam_access.so {{ debug|default('', true) }} account required pam_nologin.so account include system-auth -{% if not minimal -%} +{% if not minimal %} account required pam_faillock.so -{% endif -%} +{% endif %} password include system-auth session optional pam_loginuid.so -{% if selinux -%} +{% if selinux %} session required pam_selinux.so close -{% endif -%} +{% endif %} session required pam_env.so envfile=/etc/profile.env {{ debug|default('', true) }} -{% if not minimal -%} +{% if not minimal %} session optional pam_lastlog.so silent {{ debug|default('', true) }} -{% endif -%} +{% endif %} session include system-auth -{% if selinux -%} +{% if selinux %} # Note: modules that run in the user's context must come after this line. session required pam_selinux.so multiple open -{% endif -%} +{% endif %} -{% if not minimal -%} +{% if not minimal %} session optional pam_motd.so motd=/etc/motd -{% endif -%} +{% endif %} -{% if not minimal -%} +{% if not minimal %} session optional pam_mail.so -{% endif -%} +{% endif %} diff --git a/templates/system-session.tpl b/templates/system-session.tpl index f2622a8..1538429 100644 --- a/templates/system-session.tpl +++ b/templates/system-session.tpl @@ -1,16 +1,16 @@ session required pam_limits.so {{ debug|default('', true) }} session required pam_env.so {{ debug|default('', true) }} -{% if mktemp -%} +{% if mktemp %} session optional pam_mktemp.so -{% endif -%} +{% endif %} -{%if krb5 -%} +{%if krb5 %} session [success=1 default=ignore] {{ krb5_params }} -{% endif -%} +{% endif %} session required pam_unix.so {{ debug|default('', true) }} -{%if krb5 -%} +{%if krb5 %} session [success=1 default=ignore] {{ krb5_params }} -{% endif -%} +{% endif %} session optional pam_permit.so -- cgit v1.2.3-65-gdbad