?????????? ?????????

?????????? ????????? - ??????????????? - /home/agenciai/public_html/cd38d8/authselect.zip

???????
PK��[N�L��L��user-nsswitch.confnu��[��# # /etc/nsswitch.conf # # Name Service Switch config file. This file should be # sorted with the most-used services at the beginning. # # Valid databases are: aliases, ethers, group, gshadow, hosts, # initgroups, netgroup, networks, passwd, protocols, publickey, # rpc, services, and shadow. # # Valid service provider entries include (in alphabetical order): # # compat Use /etc files plus _compat pseudo-db # db Use the pre-processed /var/db files # dns Use DNS (Domain Name Service) # files Use the local files in /etc # hesiod Use Hesiod (DNS) for user lookups # # See `info libc 'NSS Basics'` for more information. # # Commonly used alternative service providers (may need installation): # # ldap Use LDAP directory server # myhostname Use systemd host names # mymachines Use systemd machine names # mdns, mdns_minimal Use Avahi mDNS/DNS-SD # resolve Use systemd resolved resolver # sss Use System Security Services Daemon (sssd) # systemd Use systemd for dynamic user option # winbind Use Samba winbind support # wins Use Samba wins support # wrapper Use wrapper module for testing # # Notes: # # 'sssd' performs its own 'files'-based caching, so it should generally # come before 'files'. # # WARNING: Running nscd with a secondary caching service like sssd may # lead to unexpected behaviour, especially with how long # entries are cached. # # Installation instructions: # # To use 'db', install the appropriate package(s) (provide 'makedb' and # libnss_db.so.), and place the 'db' in front of 'files' for entries # you want to be looked up first in the databases, like this: # # passwd: db files # shadow: db files # group: db files # In order of likelihood of use to accelerate lookup. passwd: sss files systemd shadow: files group: sss files systemd hosts: files dns myhostname services: files sss netgroup: sss automount: files sss aliases: files ethers: files gshadow: files # Allow initgroups to default to the setting for group. # initgroups: files networks: files dns protocols: files publickey: files rpc: files PK��I�[�x�T��T��default/winbind/postloginnu��[��session optional pam_umask.so silent session [success=1 default=ignore] pam_succeed_if.so service !~ gdm* service !~ su* quiet session [default=1] pam_lastlog.so nowtmp {if "with-silent-lastlog":silent\|showfailed} session optional pam_lastlog.so silent noupdate showfailed PK��I�[�.�x1��1��default/winbind/smartcard-authnu��[��auth required pam_debug.so auth=authinfo_unavail PK��I�[�8U� �� default/winbind/fingerprint-authnu��[��auth required pam_debug.so auth=authinfo_unavail {exclude if "with-fingerprint"} {continue if "with-fingerprint"} auth required pam_env.so auth required pam_faillock.so preauth silent {include if "with-faillock"} auth [success=done default=bad] pam_fprintd.so auth required pam_faillock.so authfail {include if "with-faillock"} auth optional pam_gnome_keyring.so only_if=login auto_start {include if "with-pam-gnome-keyring"} auth required pam_deny.so account required pam_access.so {include if "with-pamaccess"} account required pam_faillock.so {include if "with-faillock"} account required pam_unix.so broken_shadow account sufficient pam_localuser.so account sufficient pam_usertype.so issystem account [default=bad success=ok user_unknown=ignore] pam_winbind.so {if "with-krb5":krb5_auth} account required pam_permit.so password required pam_deny.so session optional pam_keyinit.so revoke session required pam_limits.so -session optional pam_systemd.so session optional pam_oddjob_mkhomedir.so {include if "with-mkhomedir"} session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid session required pam_unix.so session optional pam_winbind.so {if "with-krb5":krb5_auth} session optional pam_gnome_keyring.so only_if=login auto_start {include if "with-pam-gnome-keyring"} PK��I�[$�8��default/winbind/dconf-dbnu��[��[org/gnome/login-screen] enable-smartcard-authentication=false enable-fingerprint-authentication={if "with-fingerprint":true\|false} PK��I�[�L�_� �� default/winbind/system-authnu��[��auth required pam_env.so auth required pam_faildelay.so delay=2000000 auth required pam_faillock.so preauth silent {include if "with-faillock"} auth sufficient pam_fprintd.so {include if "with-fingerprint"} auth sufficient pam_u2f.so cue {include if "with-pam-u2f"} auth required pam_u2f.so cue {if not "without-pam-u2f-nouserok":nouserok} {include if "with-pam-u2f-2fa"} auth sufficient pam_unix.so {if not "without-nullok":nullok} auth [default=1 ignore=ignore success=ok] pam_usertype.so isregular auth sufficient pam_winbind.so {if "with-krb5":krb5_auth} use_first_pass auth required pam_faillock.so authfail {include if "with-faillock"} auth optional pam_gnome_keyring.so only_if=login auto_start {include if "with-pam-gnome-keyring"} auth required pam_deny.so account required pam_access.so {include if "with-pamaccess"} account required pam_faillock.so {include if "with-faillock"} account required pam_unix.so broken_shadow account sufficient pam_localuser.so account sufficient pam_usertype.so issystem account [default=bad success=ok user_unknown=ignore] pam_winbind.so {if "with-krb5":krb5_auth} account required pam_permit.so password requisite pam_pwquality.so local_users_only password [default=1 ignore=ignore success=ok] pam_localuser.so {include if "with-pwhistory"} password requisite pam_pwhistory.so use_authtok {include if "with-pwhistory"} password sufficient pam_unix.so sha512 shadow {if not "without-nullok":nullok} use_authtok password sufficient pam_winbind.so {if "with-krb5":krb5_auth} use_authtok password required pam_deny.so session optional pam_keyinit.so revoke session required pam_limits.so -session optional pam_systemd.so session optional pam_oddjob_mkhomedir.so {include if "with-mkhomedir"} session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid session required pam_unix.so session optional pam_winbind.so {if "with-krb5":krb5_auth} session optional pam_gnome_keyring.so only_if=login auto_start {include if "with-pam-gnome-keyring"} PK��I�[�.�E��default/winbind/REQUIREMENTSnu��[��Make sure that winbind service is configured and enabled. See winbind documentation for more information. {include if "with-fingerprint"} - with-fingerprint is selected, make sure fprintd service is configured and enabled {include if "with-fingerprint"} {include if "with-pam-gnome-keyring"} - with-pam-gnome-keyring is selected, make sure the pam_gnome_keyring module {include if "with-pam-gnome-keyring"} is present. {include if "with-pam-gnome-keyring"} {include if "with-pam-u2f"} - with-pam-u2f is selected, make sure that the pam u2f module is installed {include if "with-pam-u2f"} - users can then configure keys using the pamu2fcfg tool {include if "with-pam-u2f"} {include if "with-pam-u2f-2fa"} - with-pam-u2f-2fa is selected, make sure that the pam u2f module is installed {include if "with-pam-u2f-2fa"} - users can then configure keys using the pamu2fcfg tool {include if "with-pam-u2f-2fa"} {include if "with-mkhomedir"} - with-mkhomedir is selected, make sure pam_oddjob_mkhomedir module {include if "with-mkhomedir"} is present and oddjobd service is enabled and active {include if "with-mkhomedir"} - systemctl enable --now oddjobd.service {include if "with-mkhomedir"} PK��I�[ ��y��default/winbind/nsswitch.confnu��[��passwd: files winbind systemd {exclude if "with-custom-passwd"} group: files [SUCCESS=merge] winbind [SUCCESS=merge] systemd {exclude if "with-custom-group"} PK��I�[Q��r��r��default/winbind/dconf-locksnu��[��/org/gnome/login-screen/enable-smartcard-authentication /org/gnome/login-screen/enable-fingerprint-authentication PK��I�[x�汶��default/winbind/READMEnu��[��Enable winbind for system authentication ======================================== Selecting this profile will enable Samba's winbind as the source of identity and authentication providers. The Samba standard Windows interoperability suite of utilities allows Linux systems to join an Active Directory environment by making them appear to be Windows clients. As a means of systems integration, Samba allows a Linux client to join an Active Directory Kerberos realm and to use Active Directory as its identity store. Winbind is a component of the Samba suite to provide unified logon. It uses a UNIX implementation of Microsoft RPC calls, Pluggable Authentication Modules (PAMs), and the Name Service Switch (NSS) to allow Windows domain users to appear and operate as UNIX users on a UNIX system. WINBIND CONFIGURATION --------------------- Authselect does not touch winbind's configuration. Please, read winbind's documentation to see how to configure it manually. Only local users will be available on the system if there is no existing winbind configuration. AVAILABLE OPTIONAL FEATURES --------------------------- with-faillock:: Enable account locking in case of too many consecutive authentication failures. with-mkhomedir:: Enable automatic creation of home directories for users on their first login. with-fingerprint:: Enable authentication with fingerprint reader through pam_fprintd. with-pam-gnome-keyring:: Enable pam-gnome-keyring support. with-pam-u2f:: Enable authentication via u2f dongle through pam_u2f. with-pam-u2f-2fa:: Enable 2nd factor authentication via u2f dongle through pam_u2f. without-pam-u2f-nouserok:: Module argument nouserok is omitted if also with-pam-u2f-2fa is used. WARNING: Omitting nouserok argument means that users without pam-u2f authentication configured will not be able to log in INCLUDING root. Make sure you are able to log in before losing root privileges. with-krb5:: Enable Kerberos authentication with pam_winbind. with-silent-lastlog:: Do not produce pam_lastlog message during login. with-pamaccess:: Check access.conf during account authorization. with-pwhistory:: Enable pam_pwhistory module for local users. without-nullok:: Do not add nullok parameter to pam_unix. DISABLE SPECIFIC NSSWITCH DATABASES ----------------------------------- Normally, nsswitch databases set by the profile overwrites values set in user-nsswitch.conf. The following options can force authselect to ignore value set by the profile and use the one set in user-nsswitch.conf instead. with-custom-passwd:: Ignore "passwd" database set by the profile. with-custom-group:: Ignore "group" database set by the profile. EXAMPLES -------- * Enable winbind with no additional modules authselect select winbind * Enable winbind and create home directories for users on their first login authselect select winbind with-mkhomedir SEE ALSO -------- * man winbindd(8) PK��I�[��a ��a ��default/winbind/password-authnu��[��auth required pam_env.so auth required pam_faildelay.so delay=2000000 auth required pam_faillock.so preauth silent {include if "with-faillock"} auth sufficient pam_u2f.so cue {include if "with-pam-u2f"} auth required pam_u2f.so cue {if not "without-pam-u2f-nouserok":nouserok} {include if "with-pam-u2f-2fa"} auth sufficient pam_unix.so {if not "without-nullok":nullok} auth [default=1 ignore=ignore success=ok] pam_usertype.so isregular auth sufficient pam_winbind.so {if "with-krb5":krb5_auth} use_first_pass auth required pam_faillock.so authfail {include if "with-faillock"} auth optional pam_gnome_keyring.so only_if=login auto_start {include if "with-pam-gnome-keyring"} auth required pam_deny.so account required pam_access.so {include if "with-pamaccess"} account required pam_faillock.so {include if "with-faillock"} account required pam_unix.so broken_shadow account sufficient pam_localuser.so account sufficient pam_usertype.so issystem account [default=bad success=ok user_unknown=ignore] pam_winbind.so {if "with-krb5":krb5_auth} account required pam_permit.so password requisite pam_pwquality.so local_users_only password [default=1 ignore=ignore success=ok] pam_localuser.so {include if "with-pwhistory"} password requisite pam_pwhistory.so use_authtok {include if "with-pwhistory"} password sufficient pam_unix.so sha512 shadow {if not "without-nullok":nullok} use_authtok password sufficient pam_winbind.so {if "with-krb5":krb5_auth} use_authtok password required pam_deny.so session optional pam_keyinit.so revoke session required pam_limits.so -session optional pam_systemd.so session optional pam_oddjob_mkhomedir.so {include if "with-mkhomedir"} session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid session required pam_unix.so session optional pam_winbind.so {if "with-krb5":krb5_auth} session optional pam_gnome_keyring.so only_if=login auto_start {include if "with-pam-gnome-keyring"} PK��I�[�2�zL��L��default/minimal/postloginnu��[��auth optional pam_ecryptfs.so unwrap {include if "with-ecryptfs"} password optional pam_ecryptfs.so unwrap {include if "with-ecryptfs"} session optional pam_umask.so silent session [success=1 default=ignore] pam_succeed_if.so service !~ gdm* service !~ su* quiet session [default=1] pam_lastlog.so nowtmp {if "with-silent-lastlog":silent\|showfailed} session optional pam_lastlog.so silent noupdate showfailed PK��I�[�.�x1��1��default/minimal/smartcard-authnu��[��auth required pam_debug.so auth=authinfo_unavail PK��I�[�.�x1��1�� default/minimal/fingerprint-authnu��[��auth required pam_debug.so auth=authinfo_unavail PK��I�[�=\g��g��default/minimal/dconf-dbnu��[��[org/gnome/login-screen] enable-smartcard-authentication=false enable-fingerprint-authentication=false PK��I�[�U�8��default/minimal/system-authnu��[��auth required pam_env.so auth required pam_faildelay.so delay=2000000 auth required pam_faillock.so preauth silent {include if "with-faillock"} auth sufficient pam_unix.so {if not "without-nullok":nullok} auth required pam_faillock.so authfail {include if "with-faillock"} auth required pam_deny.so account required pam_access.so {include if "with-pamaccess"} account required pam_faillock.so {include if "with-faillock"} account required pam_unix.so password requisite pam_pwquality.so password [default=1 ignore=ignore success=ok] pam_localuser.so {include if "with-pwhistory"} password requisite pam_pwhistory.so use_authtok {include if "with-pwhistory"} password sufficient pam_unix.so sha512 shadow {if not "without-nullok":nullok} use_authtok password required pam_deny.so session optional pam_keyinit.so revoke session required pam_limits.so session optional pam_ecryptfs.so unwrap {include if "with-ecryptfs"} -session optional pam_systemd.so session optional pam_oddjob_mkhomedir.so {include if "with-mkhomedir"} session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid session required pam_unix.so PK��I�[�L=W��W��default/minimal/REQUIREMENTSnu��[��- with-mkhomedir is selected, make sure pam_oddjob_mkhomedir module {include if "with-mkhomedir"} is present and oddjobd service is enabled and active {include if "with-mkhomedir"} - systemctl enable --now oddjobd.service {include if "with-mkhomedir"} {include if "with-mkhomedir"} - with-altfiles is selected, make sure nss_altfiles module is present {include if "with-altfiles"} PK��I�[FJ^7��default/minimal/nsswitch.confnu��[��aliases: files {exclude if "with-custom-aliases"} automount: files {exclude if "with-custom-automount"} ethers: files {exclude if "with-custom-ethers"} group: files [SUCCESS=merge] {if "with-altfiles":altfiles [SUCCESS=merge] }systemd {exclude if "with-custom-group"} hosts: files dns myhostname {exclude if "with-custom-hosts"} initgroups: files {exclude if "with-custom-initgroups"} netgroup: files {exclude if "with-custom-netgroup"} networks: files {exclude if "with-custom-networks"} passwd: files {if "with-altfiles":altfiles }systemd {exclude if "with-custom-passwd"} protocols: files {exclude if "with-custom-protocols"} publickey: files {exclude if "with-custom-publickey"} rpc: files {exclude if "with-custom-rpc"} services: files {exclude if "with-custom-services"} shadow: files {exclude if "with-custom-shadow"}PK��I�[Q��r��r��default/minimal/dconf-locksnu��[��/org/gnome/login-screen/enable-smartcard-authentication /org/gnome/login-screen/enable-fingerprint-authentication PK��I�[)�.xI ��I ��default/minimal/READMEnu��[��Local users only for minimal installations ========================================== Selecting this profile will enable local files as the source of identity and authentication providers. This profile can be used on systems that require minimal installation to save disk and memory space. It serves only local users and groups directly from system files instead of going through other authentication providers. Therefore SSSD, winbind and fprintd packages can be safely removed. Unless this system has strict memory and disk constraints, it is recommended to keep SSSD running and use 'sssd' profile to avoid functional limitations. AVAILABLE OPTIONAL FEATURES --------------------------- with-faillock:: Enable account locking in case of too many consecutive authentication failures. with-mkhomedir:: Enable automatic creation of home directories for users on their first login. with-ecryptfs:: Enable automatic per-user ecryptfs. with-silent-lastlog:: Do not produce pam_lastlog message during login. with-pamaccess:: Check access.conf during account authorization. with-pwhistory:: Enable pam_pwhistory module for local users. with-altfiles:: Use nss_altfiles for passwd and group nsswitch databases. without-nullok:: Do not add nullok parameter to pam_unix. DISABLE SPECIFIC NSSWITCH DATABASES ----------------------------------- Normally, nsswitch databases set by the profile overwrites values set in user-nsswitch.conf. The following options can force authselect to ignore value set by the profile and use the one set in user-nsswitch.conf instead. with-custom-aliases:: Ignore "aliases" map set by the profile. with-custom-automount:: Ignore "automount" map set by the profile. with-custom-ethers:: Ignore "ethers" map set by the profile. with-custom-group:: Ignore "group" map set by the profile. with-custom-hosts:: Ignore "hosts" map set by the profile. with-custom-initgroups:: Ignore "initgroups" map set by the profile. with-custom-netgroup:: Ignore "netgroup" map set by the profile. with-custom-networks:: Ignore "networks" map set by the profile. with-custom-passwd:: Ignore "passwd" map set by the profile. with-custom-protocols:: Ignore "protocols" map set by the profile. with-custom-publickey:: Ignore "publickey" map set by the profile. with-custom-rpc:: Ignore "rpc" map set by the profile. with-custom-services:: Ignore "services" map set by the profile. with-custom-shadow:: Ignore "shadow" map set by the profile. EXAMPLES -------- * Enable minimal profile authselect select minimal SEE ALSO -------- * man passwd(5) * man group(5) PK��I�[�U�8��default/minimal/password-authnu��[��auth required pam_env.so auth required pam_faildelay.so delay=2000000 auth required pam_faillock.so preauth silent {include if "with-faillock"} auth sufficient pam_unix.so {if not "without-nullok":nullok} auth required pam_faillock.so authfail {include if "with-faillock"} auth required pam_deny.so account required pam_access.so {include if "with-pamaccess"} account required pam_faillock.so {include if "with-faillock"} account required pam_unix.so password requisite pam_pwquality.so password [default=1 ignore=ignore success=ok] pam_localuser.so {include if "with-pwhistory"} password requisite pam_pwhistory.so use_authtok {include if "with-pwhistory"} password sufficient pam_unix.so sha512 shadow {if not "without-nullok":nullok} use_authtok password required pam_deny.so session optional pam_keyinit.so revoke session required pam_limits.so session optional pam_ecryptfs.so unwrap {include if "with-ecryptfs"} -session optional pam_systemd.so session optional pam_oddjob_mkhomedir.so {include if "with-mkhomedir"} session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid session required pam_unix.so PK��I�[�x�T��T��default/sssd/postloginnu��[��session optional pam_umask.so silent session [success=1 default=ignore] pam_succeed_if.so service !~ gdm* service !~ su* quiet session [default=1] pam_lastlog.so nowtmp {if "with-silent-lastlog":silent\|showfailed} session optional pam_lastlog.so silent noupdate showfailed PK��I�[�sX�3 ��3 ��default/sssd/smartcard-authnu��[��{imply "with-smartcard" if "with-smartcard-required"} auth required pam_debug.so auth=authinfo_unavail {exclude if "with-smartcard"} {continue if "with-smartcard"} auth required pam_env.so auth required pam_faillock.so preauth silent {include if "with-faillock"} auth sufficient pam_sss.so allow_missing_name {if "with-smartcard-required":require_cert_auth} auth required pam_faillock.so authfail {include if "with-faillock"} auth optional pam_gnome_keyring.so only_if=login auto_start {include if "with-pam-gnome-keyring"} auth required pam_deny.so account required pam_access.so {include if "with-pamaccess"} account required pam_faillock.so {include if "with-faillock"} account required pam_unix.so account sufficient pam_localuser.so {exclude if "with-files-access-provider"} account sufficient pam_usertype.so issystem account [default=bad success=ok user_unknown=ignore] pam_sss.so account required pam_permit.so session optional pam_keyinit.so revoke session required pam_limits.so -session optional pam_systemd.so session optional pam_oddjob_mkhomedir.so {include if "with-mkhomedir"} session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid session required pam_unix.so session optional pam_sss.so session optional pam_gnome_keyring.so only_if=login auto_start {include if "with-pam-gnome-keyring"} PK��I�[e!�� default/sssd/fingerprint-authnu��[��auth required pam_debug.so auth=authinfo_unavail {exclude if "with-fingerprint"} {continue if "with-fingerprint"} auth required pam_env.so auth required pam_deny.so # Smartcard authentication is required {include if "with-smartcard-required"} auth required pam_faillock.so preauth silent {include if "with-faillock"} auth [success=done default=bad] pam_fprintd.so auth required pam_faillock.so authfail {include if "with-faillock"} auth optional pam_gnome_keyring.so only_if=login auto_start {include if "with-pam-gnome-keyring"} auth required pam_deny.so account required pam_access.so {include if "with-pamaccess"} account required pam_faillock.so {include if "with-faillock"} account required pam_unix.so account sufficient pam_localuser.so {exclude if "with-files-access-provider"} account sufficient pam_usertype.so issystem account [default=bad success=ok user_unknown=ignore] pam_sss.so account required pam_permit.so password required pam_deny.so session optional pam_keyinit.so revoke session required pam_limits.so -session optional pam_systemd.so session optional pam_oddjob_mkhomedir.so {include if "with-mkhomedir"} session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid session required pam_unix.so session optional pam_sss.so session optional pam_gnome_keyring.so only_if=login auto_start {include if "with-pam-gnome-keyring"} PK��I�[��default/sssd/dconf-dbnu��[��{imply "with-smartcard" if "with-smartcard-required"} {imply "with-smartcard" if "with-smartcard-lock-on-removal"} [org/gnome/login-screen] enable-smartcard-authentication={if "with-smartcard":true\|false} enable-fingerprint-authentication={if "with-fingerprint":true\|false} enable-password-authentication={if "with-smartcard-required":false\|true} [org/gnome/settings-daemon/peripherals/smartcard] {include if "with-smartcard-lock-on-removal"} removal-action='lock-screen' {include if "with-smartcard-lock-on-removal"} PK��I�[��0\��default/sssd/system-authnu��[��{imply "with-smartcard" if "with-smartcard-required"} auth required pam_env.so auth required pam_faildelay.so delay=2000000 auth required pam_faillock.so preauth silent {include if "with-faillock"} auth [success=1 default=ignore] pam_succeed_if.so service notin login:gdm:xdm:kdm:kde:xscreensaver:gnome-screensaver:kscreensaver quiet use_uid {include if "with-smartcard-required"} auth [success=done ignore=ignore default=die] pam_sss.so require_cert_auth ignore_authinfo_unavail {include if "with-smartcard-required"} auth sufficient pam_fprintd.so {include if "with-fingerprint"} auth sufficient pam_u2f.so cue {include if "with-pam-u2f"} auth required pam_u2f.so cue {if not "without-pam-u2f-nouserok":nouserok} {include if "with-pam-u2f-2fa"} auth [default=1 ignore=ignore success=ok] pam_usertype.so isregular auth [default=1 ignore=ignore success=ok] pam_localuser.so {exclude if "with-smartcard"} auth [default=2 ignore=ignore success=ok] pam_localuser.so {include if "with-smartcard"} auth [success=done authinfo_unavail=ignore user_unknown=ignore ignore=ignore default=die] pam_sss.so try_cert_auth {include if "with-smartcard"} auth sufficient pam_unix.so {if not "without-nullok":nullok} auth [default=1 ignore=ignore success=ok] pam_usertype.so isregular {include if "with-gssapi"} auth sufficient pam_sss_gss.so {include if "with-gssapi"} auth [default=1 ignore=ignore success=ok] pam_usertype.so isregular auth sufficient pam_sss.so forward_pass auth required pam_faillock.so authfail {include if "with-faillock"} auth optional pam_gnome_keyring.so only_if=login auto_start {include if "with-pam-gnome-keyring"} auth required pam_deny.so account required pam_access.so {include if "with-pamaccess"} account required pam_faillock.so {include if "with-faillock"} account required pam_unix.so account sufficient pam_localuser.so {exclude if "with-files-access-provider"} account sufficient pam_usertype.so issystem account [default=bad success=ok user_unknown=ignore] pam_sss.so account required pam_permit.so password requisite pam_pwquality.so local_users_only password [default=1 ignore=ignore success=ok] pam_localuser.so {include if "with-pwhistory"} password requisite pam_pwhistory.so use_authtok {include if "with-pwhistory"} password sufficient pam_unix.so sha512 shadow {if not "without-nullok":nullok} use_authtok password [success=1 default=ignore] pam_localuser.so password sufficient pam_sss.so use_authtok password required pam_deny.so session optional pam_keyinit.so revoke session required pam_limits.so -session optional pam_systemd.so session optional pam_oddjob_mkhomedir.so {include if "with-mkhomedir"} session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid session required pam_unix.so session optional pam_sss.so session optional pam_gnome_keyring.so only_if=login auto_start {include if "with-pam-gnome-keyring"} PK��I�[�rΰ��default/sssd/REQUIREMENTSnu��[��Make sure that SSSD service is configured and enabled. See SSSD documentation for more information. {include if "with-smartcard"} - with-smartcard is selected, make sure smartcard authentication is enabled in sssd.conf: {include if "with-smartcard"} - set "pam_cert_auth = True" in [pam] section {include if "with-smartcard"} {include if "with-fingerprint"} - with-fingerprint is selected, make sure fprintd service is configured and enabled {include if "with-fingerprint"} {include if "with-pam-gnome-keyring"} - with-pam-gnome-keyring is selected, make sure the pam_gnome_keyring module {include if "with-pam-gnome-keyring"} is present. {include if "with-pam-gnome-keyring"} {include if "with-pam-u2f"} - with-pam-u2f is selected, make sure that the pam u2f module is installed {include if "with-pam-u2f"} - users can then configure keys using the pamu2fcfg tool {include if "with-pam-u2f"} {include if "with-pam-u2f-2fa"} - with-pam-u2f-2fa is selected, make sure that the pam u2f module is installed {include if "with-pam-u2f-2fa"} - users can then configure keys using the pamu2fcfg tool {include if "with-pam-u2f-2fa"} {include if "with-mkhomedir"} - with-mkhomedir is selected, make sure pam_oddjob_mkhomedir module {include if "with-mkhomedir"} is present and oddjobd service is enabled and active {include if "with-mkhomedir"} - systemctl enable --now oddjobd.service {include if "with-mkhomedir"} {include if "with-files-domain"} - with-files-domain is selected, make sure the files provider is enabled in SSSD {include if "with-files-domain"} - set enable_files_domain=true in [sssd] section of /etc/sssd/sssd.conf {include if "with-files-domain"} - or create a custom domain with id_provider=files {include if "with-files-domain"} {include if "with-gssapi"} - with-gssapi is selected, make sure that GSSAPI authenticaiton is enabled in SSSD {include if "with-gssapi"} - set pam_gssapi_services to a list of allowed services in /etc/sssd/sssd.conf {include if "with-gssapi"} - see additional information in pam_sss_gss(8) {include if "with-gssapi"} PK��I�[U��T9��9��default/sssd/nsswitch.confnu��[��passwd: {if "with-files-domain":sss files\|files sss} systemd {exclude if "with-custom-passwd"} group: {if "with-files-domain":sss [SUCCESS=merge] files [SUCCESS=merge]\|files [SUCCESS=merge] sss [SUCCESS=merge]} systemd {exclude if "with-custom-group"} netgroup: sss files {exclude if "with-custom-netgroup"} automount: sss files {exclude if "with-custom-automount"} services: sss files {exclude if "with-custom-services"} sudoers: files sss {include if "with-sudo"} subid: sss {include if "with-subid"} PK��I�[k��default/sssd/dconf-locksnu��[��/org/gnome/login-screen/enable-smartcard-authentication /org/gnome/login-screen/enable-fingerprint-authentication /org/gnome/login-screen/enable-password-authentication /org/gnome/settings-daemon/peripherals/smartcard/removal-action {include if "with-smartcard-lock-on-removal"} PK��I�[i� )��default/sssd/READMEnu��[��Enable SSSD for system authentication (also for local users only) ================================================================= Selecting this profile will enable SSSD as the source of identity and authentication providers. SSSD provides a set of daemons to manage access to remote directories and authentication mechanisms such as LDAP, Kerberos, FreeIPA or AD. It provides an NSS and PAM interface toward the system and a pluggable backend system to connect to multiple different account sources. More information about SSSD can be found on its project page: https://sssd.io However, if you do not want to keep SSSD running on your machine, you can keep this profile selected and just disable SSSD service. The resulting configuration will still work correctly even with SSSD disabled and local users and groups will be read from local files directly. SSSD CONFIGURATION ------------------ Authselect does not touch SSSD's configuration. Please, read SSSD's documentation to see how to configure it manually. Only local users will be available on the system if there is no existing SSSD configuration. AVAILABLE OPTIONAL FEATURES --------------------------- with-faillock:: Enable account locking in case of too many consecutive authentication failures. with-mkhomedir:: Enable automatic creation of home directories for users on their first login. with-smartcard:: Enable authentication with smartcards through SSSD. Please note that smartcard support must be also explicitly enabled within SSSD's configuration. with-smartcard-lock-on-removal:: Lock screen when a smartcard is removed. with-smartcard-required:: Smartcard authentication is required. No other means of authentication (including password) will be enabled. with-fingerprint:: Enable authentication with fingerprint reader through pam_fprintd. with-pam-gnome-keyring:: Enable pam-gnome-keyring support. with-pam-u2f:: Enable authentication via u2f dongle through pam_u2f. with-pam-u2f-2fa:: Enable 2nd factor authentication via u2f dongle through pam_u2f. without-pam-u2f-nouserok:: Module argument nouserok is omitted if also with-pam-u2f-2fa is used. WARNING: Omitting nouserok argument means that users without pam-u2f authentication configured will not be able to log in INCLUDING* root. Make sure you are able to log in before losing root privileges. with-silent-lastlog:: Do not produce pam_lastlog message during login. with-sudo:: Allow sudo to use SSSD as a source for sudo rules in addition of /etc/sudoers. with-pamaccess:: Check access.conf during account authorization. with-pwhistory:: Enable pam_pwhistory module for local users. with-files-domain:: If set, SSSD will be contacted before "files" when resolving users and groups. The order in nsswitch.conf will be set to "sss files" instead of "files sss" for passwd and group maps. with-files-access-provider:: If set, account management for local users is handled also by pam_sss. This is needed if there is an explicitly configured domain with id_provider=files and non-empty access_provider setting in sssd.conf. WARNING: SSSD access check will become mandatory for local users and if SSSD is stopped then local users will not be able to log in. Only system accounts (as defined by pam_usertype, including root) will be able to log in. with-gssapi:: If set, pam_sss_gss module is enabled to perform user authentication over GSSAPI. with-subid:: Enable SSSD as a source of subid database in /etc/nsswitch.conf. without-nullok:: Do not add nullok parameter to pam_unix. DISABLE SPECIFIC NSSWITCH DATABASES ----------------------------------- Normally, nsswitch databases set by the profile overwrites values set in user-nsswitch.conf. The following options can force authselect to ignore value set by the profile and use the one set in user-nsswitch.conf instead. with-custom-passwd:: Ignore "passwd" database set by the profile. with-custom-group:: Ignore "group" database set by the profile. with-custom-netgroup:: Ignore "netgroup" database set by the profile. with-custom-automount:: Ignore "automount" database set by the profile. with-custom-services:: Ignore "services" database set by the profile. EXAMPLES -------- * Enable SSSD with sudo and smartcard support authselect select sssd with-sudo with-smartcard * Enable SSSD with sudo support and create home directories for users on their first login authselect select sssd with-mkhomedir with-sudo SEE ALSO -------- * man sssd.conf(5) PK��I�[��晔��default/sssd/password-authnu��[��auth required pam_env.so auth required pam_faildelay.so delay=2000000 auth required pam_deny.so # Smartcard authentication is required {include if "with-smartcard-required"} auth required pam_faillock.so preauth silent {include if "with-faillock"} auth sufficient pam_u2f.so cue {include if "with-pam-u2f"} auth required pam_u2f.so cue {if not "without-pam-u2f-nouserok":nouserok} {include if "with-pam-u2f-2fa"} auth [default=1 ignore=ignore success=ok] pam_usertype.so isregular auth [default=1 ignore=ignore success=ok] pam_localuser.so auth sufficient pam_unix.so {if not "without-nullok":nullok} auth [default=1 ignore=ignore success=ok] pam_usertype.so isregular auth sufficient pam_sss.so forward_pass auth required pam_faillock.so authfail {include if "with-faillock"} auth optional pam_gnome_keyring.so auto_start {include if "with-pam-gnome-keyring"} auth required pam_deny.so account required pam_access.so {include if "with-pamaccess"} account required pam_faillock.so {include if "with-faillock"} account required pam_unix.so account sufficient pam_localuser.so {exclude if "with-files-access-provider"} account sufficient pam_usertype.so issystem account [default=bad success=ok user_unknown=ignore] pam_sss.so account required pam_permit.so password requisite pam_pwquality.so local_users_only password [default=1 ignore=ignore success=ok] pam_localuser.so {include if "with-pwhistory"} password requisite pam_pwhistory.so use_authtok {include if "with-pwhistory"} password sufficient pam_unix.so sha512 shadow {if not "without-nullok":nullok} use_authtok password [success=1 default=ignore] pam_localuser.so password sufficient pam_sss.so use_authtok password required pam_deny.so session optional pam_keyinit.so revoke session required pam_limits.so -session optional pam_systemd.so session optional pam_oddjob_mkhomedir.so {include if "with-mkhomedir"} session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid session required pam_unix.so session optional pam_sss.so session optional pam_gnome_keyring.so auto_start {include if "with-pam-gnome-keyring"} PK��[N�L��L��user-nsswitch.confnu��[��PK��I�[�x�T��T��default/winbind/postloginnu��[��PK��I�[�.�x1��1��+ ��default/winbind/smartcard-authnu��[��PK��I�[�8U� �� default/winbind/fingerprint-authnu��[��PK��I�[$�8��default/winbind/dconf-dbnu��[��PK��I�[�L�_� �� default/winbind/system-authnu��[��PK��I�[�.�E��"��default/winbind/REQUIREMENTSnu��[��PK��I�[ ��y����default/winbind/nsswitch.confnu��[��PK��I�[Q��r��r��+��default/winbind/dconf-locksnu��[��PK��I�[x�汶��,��default/winbind/READMEnu��[��PK��I�[��a ��a ��8��default/winbind/password-authnu��[��PK��I�[�2�zL��L��0F��default/minimal/postloginnu��[��PK��I�[�.�x1��1��H��default/minimal/smartcard-authnu��[��PK��I�[�.�x1��1�� DI��default/minimal/fingerprint-authnu��[��PK��I�[�=\g��g��I��default/minimal/dconf-dbnu��[��PK��I�[�U�8��tJ��default/minimal/system-authnu��[��PK��I�[�L=W��W��TS��default/minimal/REQUIREMENTSnu��[��PK��I�[FJ^7��U��default/minimal/nsswitch.confnu��[��PK��I�[Q��r��r��^[��default/minimal/dconf-locksnu��[��PK��I�[)�.xI ��I ��\��default/minimal/READMEnu��[��PK��I�[�U�8��f��default/minimal/password-authnu��[��PK��I�[�x�T��T��o��default/sssd/postloginnu��[��PK��I�[�sX�3 ��3 ��&q��default/sssd/smartcard-authnu��[��PK��I�[e!�� z��default/sssd/fingerprint-authnu��[��PK��I�[��default/sssd/dconf-dbnu��[��PK��I�[��0\��default/sssd/system-authnu��[��PK��I�[�rΰ��default/sssd/REQUIREMENTSnu��[��PK��I�[U��T9��9��ڦ��default/sssd/nsswitch.confnu��[��PK��I�[k��]��default/sssd/dconf-locksnu��[��PK��I�[i� )��default/sssd/READMEnu��[��PK��I�[��晔��default/sssd/password-authnu��[��PK��

| ver. 1.6 | Github | . | PHP 8.2.30 | ??????????? ?????????: 0 | proxy | phpinfo | ???????????