From 4e316b8f9ddd3d65b38124d5ac156bf5534deb16 Mon Sep 17 00:00:00 2001
From: Britney Fransen <brfransen@gmail.com>
Date: Sun, 4 Oct 2020 16:31:04 +0000
Subject: pambase: update to 20200721

---
 abs/core/pambase/PKGBUILD     | 13 ++++++-------
 abs/core/pambase/other        | 12 ++++++++----
 abs/core/pambase/system-auth  | 32 +++++++++++++++++++++-----------
 abs/core/pambase/system-login |  3 +--
 4 files changed, 36 insertions(+), 24 deletions(-)

diff --git a/abs/core/pambase/PKGBUILD b/abs/core/pambase/PKGBUILD
index 7d0f0c2..537077f 100644
--- a/abs/core/pambase/PKGBUILD
+++ b/abs/core/pambase/PKGBUILD
@@ -1,12 +1,11 @@
-# $Id$
 # Maintainer: Dave Reisner <dreisner@archlinux.org>
 
 pkgname=pambase
-pkgver=20171006
-pkgrel=1
+pkgver=20200721.1
+pkgrel=2
 pkgdesc="Base PAM configuration for services"
 arch=('any')
-url="http://www.archlinux.org"
+url="https://www.archlinux.org"
 license=('GPL')
 source=('system-auth'
         'system-local-login'
@@ -20,12 +19,12 @@ backup=('etc/pam.d/system-auth'
         'etc/pam.d/system-remote-login'
         'etc/pam.d/system-services'
         'etc/pam.d/other')
-sha256sums=('3eb67872e436817ec97c4f3795adba2cf1d3829ea4e107ef5747569e4eeb5746'
+sha256sums=('89d62406b2d623a76d53c33aca98ce8ee124ed4a450ff6c8a44cfccca78baa2f'
             '005736b9bd650ff5e5d82a7e288853776d5bb8c90185d5774c07231c1e1c64a9'
-            '75b3bc548ff8b037d28bda9413d2e18ddda17c96a7956f00d259b9d29b87a5b3'
+            '2ed270c2789526336cc6479e63f6263b5c6f41cfc829a17a449a38621b6bf020'
             '005736b9bd650ff5e5d82a7e288853776d5bb8c90185d5774c07231c1e1c64a9'
             '6eb1acdd3fa9f71a7f93fbd529be57ea65bcafc6e3a98a06af4d88013fc6a567'
-            'de66118684a2ecec18017dd96e50a489f30465510250c007ced16f81fb542ba5')
+            'd5ed59ec2157c19c87964a162f7ca84d53c19fb2bd68d3fbc1671ba8d906346f')
 
 package() {
   install -dm755 "$pkgdir/etc/pam.d"
diff --git a/abs/core/pambase/other b/abs/core/pambase/other
index 08498b4..3f50bd1 100644
--- a/abs/core/pambase/other
+++ b/abs/core/pambase/other
@@ -1,5 +1,9 @@
 #%PAM-1.0
-auth		required	pam_unix.so
-account		required	pam_unix.so
-password	required	pam_unix.so
-session		required	pam_unix.so
+auth      required   pam_deny.so
+auth      required   pam_warn.so
+account   required   pam_deny.so
+account   required   pam_warn.so
+password  required   pam_deny.so
+password  required   pam_warn.so
+session   required   pam_deny.so
+session   required   pam_warn.so
diff --git a/abs/core/pambase/system-auth b/abs/core/pambase/system-auth
index 2645043..af1d3a6 100644
--- a/abs/core/pambase/system-auth
+++ b/abs/core/pambase/system-auth
@@ -1,16 +1,26 @@
 #%PAM-1.0
 
-auth      required  pam_unix.so     try_first_pass nullok
-auth      optional  pam_permit.so
-auth      required  pam_env.so
+auth       required                    pam_faillock.so      preauth
+# Optionally use requisite above if you do not want to prompt for the password
+# on locked accounts.
+auth       [success=2 default=ignore]  pam_unix.so          try_first_pass nullok
+-auth      [success=1 default=ignore]  pam_systemd_home.so
+auth       [default=die]               pam_faillock.so      authfail
+auth       optional                    pam_permit.so
+auth       required                    pam_env.so
+auth       required                    pam_faillock.so      authsucc
+# If you drop the above call to pam_faillock.so the lock will be done also
+# on non-consecutive authentication failures.
 
-account   required  pam_unix.so
-account   optional  pam_permit.so
-account   required  pam_time.so
+-account   [success=1 default=ignore]  pam_systemd_home.so
+account    required                    pam_unix.so
+account    optional                    pam_permit.so
+account    required                    pam_time.so
 
-password  required  pam_unix.so     try_first_pass nullok sha512 shadow
-password  optional  pam_permit.so
+-password  [success=1 default=ignore]  pam_systemd_home.so
+password   required                    pam_unix.so          try_first_pass nullok shadow
+password   optional                    pam_permit.so
 
-session   required  pam_limits.so
-session   required  pam_unix.so
-session   optional  pam_permit.so
+session    required                    pam_limits.so
+session    required                    pam_unix.so
+session    optional                    pam_permit.so
diff --git a/abs/core/pambase/system-login b/abs/core/pambase/system-login
index 6ab3e7b..80eed54 100644
--- a/abs/core/pambase/system-login
+++ b/abs/core/pambase/system-login
@@ -1,6 +1,5 @@
 #%PAM-1.0
 
-auth       required   pam_tally.so         onerr=succeed file=/var/log/faillog
 auth       required   pam_shells.so
 auth       requisite  pam_nologin.so
 auth       include    system-auth
@@ -17,4 +16,4 @@ session    include    system-auth
 session    optional   pam_motd.so          motd=/etc/motd
 session    optional   pam_mail.so          dir=/var/spool/mail standard quiet
 -session   optional   pam_systemd.so
-session    required   pam_env.so
+session    required   pam_env.so           user_readenv=1
-- 
cgit v0.12