From 899f3bf1b307c686c7a6e44d2e82db06aceb2153 Mon Sep 17 00:00:00 2001
From: Luis <lumaro@disroot.org>
Date: Sun, 22 Oct 2023 12:37:03 +0000
Subject: [PATCH] linux-pam: hashing algorithm changed from SHA512 to yescrypt

---
 testing/linux-pam/.checksums  |   3 +
 testing/linux-pam/.pkgfiles   | 202 ++++++++++++++++++++++++++++++++++
 testing/linux-pam/musl.patch  |  90 +++++++++++++++
 testing/linux-pam/other       |   5 +
 testing/linux-pam/spkgbuild   |  36 ++++++
 testing/linux-pam/system-auth |  17 +++
 6 files changed, 353 insertions(+)
 create mode 100644 testing/linux-pam/.checksums
 create mode 100644 testing/linux-pam/.pkgfiles
 create mode 100755 testing/linux-pam/musl.patch
 create mode 100755 testing/linux-pam/other
 create mode 100755 testing/linux-pam/spkgbuild
 create mode 100755 testing/linux-pam/system-auth

diff --git a/testing/linux-pam/.checksums b/testing/linux-pam/.checksums
new file mode 100644
index 000000000..f8049aae5
--- /dev/null
+++ b/testing/linux-pam/.checksums
@@ -0,0 +1,3 @@
+a913bd5fbf9edeafaacf3eb1eb86fd83  linux-pam-1.5.3.tar.xz
+6e6c8719e5989d976a14610f340bd33a  other
+d16d449133538e9247ee9ab7e7d19ee0  system-auth
diff --git a/testing/linux-pam/.pkgfiles b/testing/linux-pam/.pkgfiles
new file mode 100644
index 000000000..3f67026b1
--- /dev/null
+++ b/testing/linux-pam/.pkgfiles
@@ -0,0 +1,202 @@
+linux-pam-1.5.3-2
+drwxr-xr-x root/root    etc/
+-rw-r--r-- root/root    etc/environment
+drwxr-xr-x root/root    etc/pam.d/
+-rw-r--r-- root/root    etc/pam.d/other
+-rw-r--r-- root/root    etc/pam.d/system-auth
+drwxr-xr-x root/root    etc/security/
+-rw-r--r-- root/root    etc/security/access.conf
+-rw-r--r-- root/root    etc/security/faillock.conf
+-rw-r--r-- root/root    etc/security/group.conf
+-rw-r--r-- root/root    etc/security/limits.conf
+drwxr-xr-x root/root    etc/security/limits.d/
+-rw-r--r-- root/root    etc/security/namespace.conf
+drwxr-xr-x root/root    etc/security/namespace.d/
+-rwxr-xr-x root/root    etc/security/namespace.init
+-rw-r--r-- root/root    etc/security/pam_env.conf
+-rw-r--r-- root/root    etc/security/pwhistory.conf
+-rw-r--r-- root/root    etc/security/time.conf
+drwxr-xr-x root/root    lib/
+lrwxrwxrwx root/root    lib/libpam.so.0 -> libpam.so.0.85.1
+-rwxr-xr-x root/root    lib/libpam.so.0.85.1
+lrwxrwxrwx root/root    lib/libpam_misc.so.0 -> libpam_misc.so.0.82.1
+-rwxr-xr-x root/root    lib/libpam_misc.so.0.82.1
+lrwxrwxrwx root/root    lib/libpamc.so.0 -> libpamc.so.0.82.1
+-rwxr-xr-x root/root    lib/libpamc.so.0.82.1
+drwxr-xr-x root/root    lib/security/
+-rwxr-xr-x root/root    lib/security/pam_access.so
+-rwxr-xr-x root/root    lib/security/pam_debug.so
+-rwxr-xr-x root/root    lib/security/pam_deny.so
+-rwxr-xr-x root/root    lib/security/pam_echo.so
+-rwxr-xr-x root/root    lib/security/pam_env.so
+-rwxr-xr-x root/root    lib/security/pam_exec.so
+-rwxr-xr-x root/root    lib/security/pam_faildelay.so
+-rwxr-xr-x root/root    lib/security/pam_faillock.so
+-rwxr-xr-x root/root    lib/security/pam_filter.so
+drwxr-xr-x root/root    lib/security/pam_filter/
+-rwxr-xr-x root/root    lib/security/pam_filter/upperLOWER
+-rwxr-xr-x root/root    lib/security/pam_ftp.so
+-rwxr-xr-x root/root    lib/security/pam_group.so
+-rwxr-xr-x root/root    lib/security/pam_issue.so
+-rwxr-xr-x root/root    lib/security/pam_keyinit.so
+-rwxr-xr-x root/root    lib/security/pam_limits.so
+-rwxr-xr-x root/root    lib/security/pam_listfile.so
+-rwxr-xr-x root/root    lib/security/pam_localuser.so
+-rwxr-xr-x root/root    lib/security/pam_loginuid.so
+-rwxr-xr-x root/root    lib/security/pam_mail.so
+-rwxr-xr-x root/root    lib/security/pam_mkhomedir.so
+-rwxr-xr-x root/root    lib/security/pam_motd.so
+-rwxr-xr-x root/root    lib/security/pam_namespace.so
+-rwxr-xr-x root/root    lib/security/pam_nologin.so
+-rwxr-xr-x root/root    lib/security/pam_permit.so
+-rwxr-xr-x root/root    lib/security/pam_pwhistory.so
+-rwxr-xr-x root/root    lib/security/pam_rhosts.so
+-rwxr-xr-x root/root    lib/security/pam_rootok.so
+-rwxr-xr-x root/root    lib/security/pam_securetty.so
+-rwxr-xr-x root/root    lib/security/pam_setquota.so
+-rwxr-xr-x root/root    lib/security/pam_shells.so
+-rwxr-xr-x root/root    lib/security/pam_stress.so
+-rwxr-xr-x root/root    lib/security/pam_succeed_if.so
+-rwxr-xr-x root/root    lib/security/pam_time.so
+-rwxr-xr-x root/root    lib/security/pam_timestamp.so
+-rwxr-xr-x root/root    lib/security/pam_umask.so
+-rwxr-xr-x root/root    lib/security/pam_unix.so
+-rwxr-xr-x root/root    lib/security/pam_usertype.so
+-rwxr-xr-x root/root    lib/security/pam_warn.so
+-rwxr-xr-x root/root    lib/security/pam_wheel.so
+-rwxr-xr-x root/root    lib/security/pam_xauth.so
+drwxr-xr-x root/root    sbin/
+-rwxr-xr-x root/root    sbin/faillock
+-rwxr-xr-x root/root    sbin/mkhomedir_helper
+-rwxr-xr-x root/root    sbin/pam_namespace_helper
+-rwxr-xr-x root/root    sbin/pam_timestamp_check
+-rwxr-xr-x root/root    sbin/pwhistory_helper
+-rwsr-xr-x root/root    sbin/unix_chkpwd
+-rwxr-xr-x root/root    sbin/unix_update
+drwxr-xr-x root/root    usr/
+drwxr-xr-x root/root    usr/include/
+drwxr-xr-x root/root    usr/include/security/
+-rw-r--r-- root/root    usr/include/security/_pam_compat.h
+-rw-r--r-- root/root    usr/include/security/_pam_macros.h
+-rw-r--r-- root/root    usr/include/security/_pam_types.h
+-rw-r--r-- root/root    usr/include/security/pam_appl.h
+-rw-r--r-- root/root    usr/include/security/pam_client.h
+-rw-r--r-- root/root    usr/include/security/pam_ext.h
+-rw-r--r-- root/root    usr/include/security/pam_filter.h
+-rw-r--r-- root/root    usr/include/security/pam_misc.h
+-rw-r--r-- root/root    usr/include/security/pam_modules.h
+-rw-r--r-- root/root    usr/include/security/pam_modutil.h
+drwxr-xr-x root/root    usr/lib/
+lrwxrwxrwx root/root    usr/lib/libpam.so -> ../../lib/libpam.so.0.85.1
+lrwxrwxrwx root/root    usr/lib/libpam_misc.so -> ../../lib/libpam_misc.so.0.82.1
+lrwxrwxrwx root/root    usr/lib/libpamc.so -> ../../lib/libpamc.so.0.82.1
+drwxr-xr-x root/root    usr/lib/pkgconfig/
+-rw-r--r-- root/root    usr/lib/pkgconfig/pam.pc
+-rw-r--r-- root/root    usr/lib/pkgconfig/pam_misc.pc
+-rw-r--r-- root/root    usr/lib/pkgconfig/pamc.pc
+drwxr-xr-x root/root    usr/share/
+drwxr-xr-x root/root    usr/share/man/
+drwxr-xr-x root/root    usr/share/man/man3/
+-rw-r--r-- root/root    usr/share/man/man3/misc_conv.3.gz
+-rw-r--r-- root/root    usr/share/man/man3/pam.3.gz
+-rw-r--r-- root/root    usr/share/man/man3/pam_acct_mgmt.3.gz
+-rw-r--r-- root/root    usr/share/man/man3/pam_authenticate.3.gz
+-rw-r--r-- root/root    usr/share/man/man3/pam_chauthtok.3.gz
+-rw-r--r-- root/root    usr/share/man/man3/pam_close_session.3.gz
+-rw-r--r-- root/root    usr/share/man/man3/pam_conv.3.gz
+-rw-r--r-- root/root    usr/share/man/man3/pam_end.3.gz
+-rw-r--r-- root/root    usr/share/man/man3/pam_error.3.gz
+-rw-r--r-- root/root    usr/share/man/man3/pam_fail_delay.3.gz
+-rw-r--r-- root/root    usr/share/man/man3/pam_get_authtok.3.gz
+-rw-r--r-- root/root    usr/share/man/man3/pam_get_authtok_noverify.3.gz
+-rw-r--r-- root/root    usr/share/man/man3/pam_get_authtok_verify.3.gz
+-rw-r--r-- root/root    usr/share/man/man3/pam_get_data.3.gz
+-rw-r--r-- root/root    usr/share/man/man3/pam_get_item.3.gz
+-rw-r--r-- root/root    usr/share/man/man3/pam_get_user.3.gz
+-rw-r--r-- root/root    usr/share/man/man3/pam_getenv.3.gz
+-rw-r--r-- root/root    usr/share/man/man3/pam_getenvlist.3.gz
+-rw-r--r-- root/root    usr/share/man/man3/pam_info.3.gz
+-rw-r--r-- root/root    usr/share/man/man3/pam_misc_drop_env.3.gz
+-rw-r--r-- root/root    usr/share/man/man3/pam_misc_paste_env.3.gz
+-rw-r--r-- root/root    usr/share/man/man3/pam_misc_setenv.3.gz
+-rw-r--r-- root/root    usr/share/man/man3/pam_open_session.3.gz
+-rw-r--r-- root/root    usr/share/man/man3/pam_prompt.3.gz
+-rw-r--r-- root/root    usr/share/man/man3/pam_putenv.3.gz
+-rw-r--r-- root/root    usr/share/man/man3/pam_set_data.3.gz
+-rw-r--r-- root/root    usr/share/man/man3/pam_set_item.3.gz
+-rw-r--r-- root/root    usr/share/man/man3/pam_setcred.3.gz
+-rw-r--r-- root/root    usr/share/man/man3/pam_sm_acct_mgmt.3.gz
+-rw-r--r-- root/root    usr/share/man/man3/pam_sm_authenticate.3.gz
+-rw-r--r-- root/root    usr/share/man/man3/pam_sm_chauthtok.3.gz
+-rw-r--r-- root/root    usr/share/man/man3/pam_sm_close_session.3.gz
+-rw-r--r-- root/root    usr/share/man/man3/pam_sm_open_session.3.gz
+-rw-r--r-- root/root    usr/share/man/man3/pam_sm_setcred.3.gz
+-rw-r--r-- root/root    usr/share/man/man3/pam_start.3.gz
+-rw-r--r-- root/root    usr/share/man/man3/pam_strerror.3.gz
+-rw-r--r-- root/root    usr/share/man/man3/pam_syslog.3.gz
+-rw-r--r-- root/root    usr/share/man/man3/pam_verror.3.gz
+-rw-r--r-- root/root    usr/share/man/man3/pam_vinfo.3.gz
+-rw-r--r-- root/root    usr/share/man/man3/pam_vprompt.3.gz
+-rw-r--r-- root/root    usr/share/man/man3/pam_vsyslog.3.gz
+-rw-r--r-- root/root    usr/share/man/man3/pam_xauth_data.3.gz
+drwxr-xr-x root/root    usr/share/man/man5/
+-rw-r--r-- root/root    usr/share/man/man5/access.conf.5.gz
+-rw-r--r-- root/root    usr/share/man/man5/environment.5.gz
+-rw-r--r-- root/root    usr/share/man/man5/faillock.conf.5.gz
+-rw-r--r-- root/root    usr/share/man/man5/group.conf.5.gz
+-rw-r--r-- root/root    usr/share/man/man5/limits.conf.5.gz
+-rw-r--r-- root/root    usr/share/man/man5/namespace.conf.5.gz
+-rw-r--r-- root/root    usr/share/man/man5/pam.conf.5.gz
+-rw-r--r-- root/root    usr/share/man/man5/pam.d.5.gz
+-rw-r--r-- root/root    usr/share/man/man5/pam_env.conf.5.gz
+-rw-r--r-- root/root    usr/share/man/man5/pwhistory.conf.5.gz
+-rw-r--r-- root/root    usr/share/man/man5/time.conf.5.gz
+drwxr-xr-x root/root    usr/share/man/man8/
+-rw-r--r-- root/root    usr/share/man/man8/PAM.8.gz
+-rw-r--r-- root/root    usr/share/man/man8/faillock.8.gz
+-rw-r--r-- root/root    usr/share/man/man8/mkhomedir_helper.8.gz
+-rw-r--r-- root/root    usr/share/man/man8/pam.8.gz
+-rw-r--r-- root/root    usr/share/man/man8/pam_access.8.gz
+-rw-r--r-- root/root    usr/share/man/man8/pam_debug.8.gz
+-rw-r--r-- root/root    usr/share/man/man8/pam_deny.8.gz
+-rw-r--r-- root/root    usr/share/man/man8/pam_echo.8.gz
+-rw-r--r-- root/root    usr/share/man/man8/pam_env.8.gz
+-rw-r--r-- root/root    usr/share/man/man8/pam_exec.8.gz
+-rw-r--r-- root/root    usr/share/man/man8/pam_faildelay.8.gz
+-rw-r--r-- root/root    usr/share/man/man8/pam_faillock.8.gz
+-rw-r--r-- root/root    usr/share/man/man8/pam_filter.8.gz
+-rw-r--r-- root/root    usr/share/man/man8/pam_ftp.8.gz
+-rw-r--r-- root/root    usr/share/man/man8/pam_group.8.gz
+-rw-r--r-- root/root    usr/share/man/man8/pam_issue.8.gz
+-rw-r--r-- root/root    usr/share/man/man8/pam_keyinit.8.gz
+-rw-r--r-- root/root    usr/share/man/man8/pam_limits.8.gz
+-rw-r--r-- root/root    usr/share/man/man8/pam_listfile.8.gz
+-rw-r--r-- root/root    usr/share/man/man8/pam_localuser.8.gz
+-rw-r--r-- root/root    usr/share/man/man8/pam_loginuid.8.gz
+-rw-r--r-- root/root    usr/share/man/man8/pam_mail.8.gz
+-rw-r--r-- root/root    usr/share/man/man8/pam_mkhomedir.8.gz
+-rw-r--r-- root/root    usr/share/man/man8/pam_motd.8.gz
+-rw-r--r-- root/root    usr/share/man/man8/pam_namespace.8.gz
+-rw-r--r-- root/root    usr/share/man/man8/pam_namespace_helper.8.gz
+-rw-r--r-- root/root    usr/share/man/man8/pam_nologin.8.gz
+-rw-r--r-- root/root    usr/share/man/man8/pam_permit.8.gz
+-rw-r--r-- root/root    usr/share/man/man8/pam_pwhistory.8.gz
+-rw-r--r-- root/root    usr/share/man/man8/pam_rhosts.8.gz
+-rw-r--r-- root/root    usr/share/man/man8/pam_rootok.8.gz
+-rw-r--r-- root/root    usr/share/man/man8/pam_securetty.8.gz
+-rw-r--r-- root/root    usr/share/man/man8/pam_setquota.8.gz
+-rw-r--r-- root/root    usr/share/man/man8/pam_shells.8.gz
+-rw-r--r-- root/root    usr/share/man/man8/pam_stress.8.gz
+-rw-r--r-- root/root    usr/share/man/man8/pam_succeed_if.8.gz
+-rw-r--r-- root/root    usr/share/man/man8/pam_time.8.gz
+-rw-r--r-- root/root    usr/share/man/man8/pam_timestamp.8.gz
+-rw-r--r-- root/root    usr/share/man/man8/pam_timestamp_check.8.gz
+-rw-r--r-- root/root    usr/share/man/man8/pam_umask.8.gz
+-rw-r--r-- root/root    usr/share/man/man8/pam_unix.8.gz
+-rw-r--r-- root/root    usr/share/man/man8/pam_usertype.8.gz
+-rw-r--r-- root/root    usr/share/man/man8/pam_warn.8.gz
+-rw-r--r-- root/root    usr/share/man/man8/pam_wheel.8.gz
+-rw-r--r-- root/root    usr/share/man/man8/pam_xauth.8.gz
+-rw-r--r-- root/root    usr/share/man/man8/pwhistory_helper.8.gz
+-rw-r--r-- root/root    usr/share/man/man8/unix_chkpwd.8.gz
+-rw-r--r-- root/root    usr/share/man/man8/unix_update.8.gz
diff --git a/testing/linux-pam/musl.patch b/testing/linux-pam/musl.patch
new file mode 100755
index 000000000..abb2cede0
--- /dev/null
+++ b/testing/linux-pam/musl.patch
@@ -0,0 +1,90 @@
+diff -ruN Linux-PAM-1.3.1-orig/modules/pam_exec/pam_exec.c Linux-PAM-1.3.1/modules/pam_exec/pam_exec.c
+--- Linux-PAM-1.3.1-orig/modules/pam_exec/pam_exec.c	2017-02-10 19:10:15.000000000 +0900
++++ Linux-PAM-1.3.1/modules/pam_exec/pam_exec.c	2019-06-12 01:48:32.254297617 +0900
+@@ -103,11 +103,14 @@
+   int optargc;
+   const char *logfile = NULL;
+   const char *authtok = NULL;
++  char authtok_buf[PAM_MAX_RESP_SIZE+1];
++
+   pid_t pid;
+   int fds[2];
+   int stdout_fds[2];
+   FILE *stdout_file = NULL;
+ 
++  memset(authtok_buf, 0, sizeof(authtok_buf));
+   if (argc < 1) {
+     pam_syslog (pamh, LOG_ERR,
+ 		"This module needs at least one argument");
+@@ -180,12 +183,12 @@
+ 	      if (resp)
+ 		{
+ 		  pam_set_item (pamh, PAM_AUTHTOK, resp);
+-		  authtok = strndupa (resp, PAM_MAX_RESP_SIZE);
++		  authtok = strncpy(authtok_buf, resp, sizeof(authtok_buf));
+ 		  _pam_drop (resp);
+ 		}
+ 	    }
+ 	  else
+-	    authtok = strndupa (void_pass, PAM_MAX_RESP_SIZE);
++	    authtok = strncpy(authtok_buf, void_pass, sizeof(authtok_buf));
+ 
+ 	  if (pipe(fds) != 0)
+ 	    {
+diff -ruN Linux-PAM-1.3.1-orig/modules/pam_lastlog/pam_lastlog.c Linux-PAM-1.3.1/modules/pam_lastlog/pam_lastlog.c
+--- Linux-PAM-1.3.1-orig/modules/pam_lastlog/pam_lastlog.c	2017-02-10 19:10:15.000000000 +0900
++++ Linux-PAM-1.3.1/modules/pam_lastlog/pam_lastlog.c	2019-06-12 01:45:31.750401266 +0900
+@@ -26,6 +26,7 @@
+ #include <sys/types.h>
+ #include <syslog.h>
+ #include <unistd.h>
++#include <paths.h>
+ 
+ #if defined(hpux) || defined(sunos) || defined(solaris)
+ # ifndef _PATH_LASTLOG
+@@ -403,7 +404,9 @@
+ 
+     if (announce & LASTLOG_WTMP) {
+ 	/* write wtmp entry for user */
++#ifdef HAVE_LOGWTMP
+ 	logwtmp(last_login.ll_line, user, remote_host);
++#endif
+     }
+ 
+     /* cleanup */
+@@ -714,7 +717,9 @@
+     terminal_line = get_tty(pamh);
+ 
+     /* Wipe out utmp logout entry */
++#ifdef HAVE_LOGWTMP
+     logwtmp(terminal_line, "", "");
++#endif
+ 
+     return PAM_SUCCESS;
+ }
+diff -ruN Linux-PAM-1.3.1-orig/modules/pam_rhosts/pam_rhosts.c Linux-PAM-1.3.1/modules/pam_rhosts/pam_rhosts.c
+--- Linux-PAM-1.3.1-orig/modules/pam_rhosts/pam_rhosts.c	2017-02-10 19:10:15.000000000 +0900
++++ Linux-PAM-1.3.1/modules/pam_rhosts/pam_rhosts.c	2019-06-12 01:46:16.469383082 +0900
+@@ -112,8 +112,10 @@
+ 
+ #ifdef HAVE_RUSEROK_AF
+     retval = ruserok_af (rhost, as_root, ruser, luser, PF_UNSPEC);
+-#else
++#elif HAVE_RUSEROK
+     retval = ruserok (rhost, as_root, ruser, luser);
++#else
++    retval = 1;
+ #endif
+     if (retval != 0) {
+       if (!opt_silent || opt_debug)
+diff -ruN Linux-PAM-1.3.1-orig/modules/pam_unix/pam_unix_acct.c Linux-PAM-1.3.1/modules/pam_unix/pam_unix_acct.c
+--- Linux-PAM-1.3.1-orig/modules/pam_unix/pam_unix_acct.c	2017-02-10 19:10:15.000000000 +0900
++++ Linux-PAM-1.3.1/modules/pam_unix/pam_unix_acct.c	2019-06-12 01:46:48.168661988 +0900
+@@ -48,6 +48,7 @@
+ #include <time.h>		/* for time() */
+ #include <errno.h>
+ #include <sys/wait.h>
++#include <sys/resource.h>	/* for RLIMIT_NOFILE */
+ 
+ #include <security/_pam_macros.h>
+ 
diff --git a/testing/linux-pam/other b/testing/linux-pam/other
new file mode 100755
index 000000000..08498b423
--- /dev/null
+++ b/testing/linux-pam/other
@@ -0,0 +1,5 @@
+#%PAM-1.0
+auth		required	pam_unix.so
+account		required	pam_unix.so
+password	required	pam_unix.so
+session		required	pam_unix.so
diff --git a/testing/linux-pam/spkgbuild b/testing/linux-pam/spkgbuild
new file mode 100755
index 000000000..578670aa1
--- /dev/null
+++ b/testing/linux-pam/spkgbuild
@@ -0,0 +1,36 @@
+# description	: Pluggable Authentication Modules used to enable the local system administrator to choose how applications authenticate users
+
+name=linux-pam
+version=1.5.3
+release=2
+source="$name-$version.tar.xz::https://github.com/linux-pam/linux-pam/releases/download/v$version/Linux-PAM-$version.tar.xz
+	other
+	system-auth"
+
+build() {
+	cd Linux-PAM-$version
+
+ 	./configure \
+	    --prefix=/usr                    \
+            --sysconfdir=/etc                \
+            --libdir=/usr/lib                \
+            --disable-regenerate-docu        \
+	    --disable-nls                    \
+            --enable-securedir=/lib/security
+	make
+	make DESTDIR=$PKG install
+
+	chmod -v 4755 $PKG/sbin/unix_chkpwd
+
+	for file in pam pam_misc pamc
+	do
+	  mv -v $PKG/usr/lib/lib${file}.so.* $PKG/lib
+	  ln -sfv ../../lib/$(readlink $PKG/usr/lib/lib${file}.so) $PKG/usr/lib/lib${file}.so
+	done
+
+	mkdir -m 755 $PKG/etc/pam.d
+	install -D -m 644 -o root -g root $SRC/other $PKG/etc/pam.d/other
+	install -D -m 644 -o root -g root $SRC/system-auth $PKG/etc/pam.d/system-auth
+	
+	rm -rf $PKG/usr/lib/systemd
+}
diff --git a/testing/linux-pam/system-auth b/testing/linux-pam/system-auth
new file mode 100755
index 000000000..262ef4d8b
--- /dev/null
+++ b/testing/linux-pam/system-auth
@@ -0,0 +1,17 @@
+#%PAM-1.0
+
+auth      required  pam_unix.so     try_first_pass nullok
+auth      optional  pam_permit.so
+auth      required  pam_env.so
+
+account   required  pam_unix.so
+account   optional  pam_permit.so
+account   required  pam_time.so
+
+password  required  pam_unix.so     try_first_pass nullok yescrypt shadow
+password  optional  pam_permit.so
+
+session   optional  pam_umask.so    usergroups
+session   required  pam_limits.so
+session   required  pam_unix.so
+session   optional  pam_permit.so