PAM support updates: change the dependency back to sys-libs/pam but ask for at least version 0.99 (so that we know we have the proper pam_tally, and we can drop some conditionals), OpenPAM wouldn't work for shadow for now. Simplify the pam.d installation, without using the for loop and case statement. Use the 'epam syntax' for the selinux conditional. Update the options passed to pam_tally so that they don't throw warnings when used with Linux-PAM 0.99.

(Portage version: 2.1.3.17)

1 files changed, 27 insertions, 0 deletions

diff --git a/sys-apps/shadow/files/login.pamd.2 b/sys-apps/shadow/files/login.pamd.2
new file mode 100644
index 000000000000..fdbdf1cda9b0
--- /dev/null
+++ b/sys-apps/shadow/files/login.pamd.2
@@ -0,0 +1,27 @@
+#%PAM-1.0
+
+auth       required	pam_securetty.so
+auth       required	pam_tally.so file=/var/log/faillog onerr=succeed
+auth       required	pam_shells.so
+auth       required	pam_nologin.so
+auth       include	system-auth
+
+account    required	pam_access.so
+account    include	system-auth
+account    required	pam_tally.so file=/var/log/faillog onerr=succeed
+
+password   include	system-auth
+
+#%EPAM-Use-Flag:selinux%## pam_selinux.so close should be the first session rule
+#%EPAM-Use-Flag:selinux%#session    required	pam_selinux.so close
+#%EPAM-Use-Flag:selinux%#
+session    required	pam_env.so
+session    optional	pam_lastlog.so
+session    optional	pam_motd.so motd=/etc/motd
+session    optional	pam_mail.so
+
+session    include	system-auth
+
+#%EPAM-Use-Flag:selinux%## pam_selinux.so open should be the last session rule
+#%EPAM-Use-Flag:selinux%#session    required	pam_selinux.so multiple open
+#%EPAM-Use-Flag:selinux%#