mirror of
https://github.com/Kicksecure/security-misc.git
synced 2025-01-31 17:23:28 -05:00
41 lines
1.4 KiB
Bash
Executable File
41 lines
1.4 KiB
Bash
Executable File
#!/bin/bash
|
|
|
|
## Copyright (C) 2019 - 2024 ENCRYPTED SUPPORT LP <adrelanos@whonix.org>
|
|
## See the file COPYING for copying conditions.
|
|
|
|
## https://serverfault.com/questions/134471/success-n-control-syntax-in-pam-conf-pam-d-files
|
|
|
|
set -x
|
|
|
|
true "PAM_SERVICE: $PAM_SERVICE"
|
|
|
|
## PAM configuration notes
|
|
##
|
|
## success=$num
|
|
## "will specify how many rules to skip when successful."
|
|
## https://serverfault.com/questions/134471/success-n-control-syntax-in-pam-conf-pam-d-files
|
|
##
|
|
## ignore
|
|
## "when used with a stack of modules, the module's return status will not contribute to the return code the application obtains."
|
|
## http://www.linux-pam.org/Linux-PAM-html/sag-configuration-file.html
|
|
|
|
## - Failed dovecot ssh logins from malicious remotes should not result in account getting locked.
|
|
## This list can later be extended as needed.
|
|
pam_service_exclusion_list="dovecot sshd"
|
|
|
|
for pam_service_exclusion_item in $pam_service_exclusion_list ; do
|
|
if [ "$PAM_SERVICE" = "$pam_service_exclusion_item" ]; then
|
|
## exit success so [success=1 default=ignore] will result in skipping the
|
|
## next PAM module (the pam_faillock module).
|
|
exit 0
|
|
fi
|
|
done
|
|
|
|
## exit failure so [success=1 default=ignore] will result in running the
|
|
## next PAM module (the pam_faillock module).
|
|
##
|
|
## Causes confusing error message:
|
|
## pam_exec(sudo:auth): /usr/libexec/security-misc/pam_faillock_not_if_x failed: exit code 1
|
|
## https://github.com/linux-pam/linux-pam/issues/329
|
|
exit 1
|