Initial public release: fresh history
This commit is contained in:
8
system/issue/issue.fblogin
Normal file
8
system/issue/issue.fblogin
Normal file
@@ -0,0 +1,8 @@
|
||||
************************************************************
|
||||
* Welcome to The Klarch *
|
||||
* Authorized use only — activity logged. *
|
||||
* *
|
||||
* If you are reading this it is too late *
|
||||
* I know who you are... *
|
||||
************************************************************
|
||||
|
||||
29
system/pamd/fblogin
Normal file
29
system/pamd/fblogin
Normal file
@@ -0,0 +1,29 @@
|
||||
# fblogin — PAM stack for framebuffer display manager + greeter
|
||||
# One file handles both:
|
||||
# - Greeter process: we call pam_open_session() only (no auth); pam_systemd marks class=greeter.
|
||||
# - User login: full auth + session.
|
||||
|
||||
# --- Auth (user login path) ---
|
||||
auth optional pam_issue.so issue=/etc/issue.fblogin
|
||||
auth [success=1 default=ignore] pam_fprintd.so max_tries=3
|
||||
auth requisite pam_nologin.so
|
||||
auth required pam_unix.so nullok
|
||||
|
||||
# --- Account checks ---
|
||||
account required pam_unix.so
|
||||
|
||||
# --- Password updates (if a module requests it) ---
|
||||
password required pam_unix.so nullok sha512 shadow
|
||||
|
||||
# --- Session (runs both for greeter + user) ---
|
||||
session required pam_limits.so
|
||||
session required pam_env.so readenv=1
|
||||
session optional pam_loginuid.so
|
||||
session optional pam_lastlog2.so
|
||||
# pam_systemd registers a proper logind session over D-Bus.
|
||||
# XDG_SESSION_CLASS=greeter is provided by the program for greeter child.
|
||||
session optional pam_systemd.so
|
||||
|
||||
# Keep at end so we still get a traditional session when needed.
|
||||
session required pam_unix.so
|
||||
|
||||
34
system/systemd/fblogin@.service
Normal file
34
system/systemd/fblogin@.service
Normal file
@@ -0,0 +1,34 @@
|
||||
[Unit]
|
||||
Description=Framebuffer Login on %I
|
||||
Documentation=man:systemd-logind.service(8) man:logind.conf(5)
|
||||
After=systemd-user-sessions.service systemd-logind.service plymouth-quit-wait.service
|
||||
Wants=systemd-logind.service
|
||||
Conflicts=getty@%i.service
|
||||
ConditionPathExists=/dev/%I
|
||||
|
||||
[Service]
|
||||
Environment=FBLOGIN_DEBUG=1
|
||||
Environment=FBLOGIN_LOG_FILE=/var/log/fblogin/fblogin.log
|
||||
# Bind to a real TTY
|
||||
TTYPath=/dev/%I
|
||||
TTYReset=yes
|
||||
TTYVHangup=yes
|
||||
StandardInput=tty
|
||||
StandardOutput=tty
|
||||
StandardError=tty
|
||||
|
||||
# Program does PAM (auth + session) itself; do NOT set PAMName here.
|
||||
# Production defaults (no debug spam; strict PAM session)
|
||||
Environment=FBLOGIN_DEBUG=0
|
||||
Environment=FBLOGIN_STRICT_SESSION=1
|
||||
# Optional: enable matrix background by flipping to 1
|
||||
# Environment=FBLOGIN_CMATRIX=1
|
||||
|
||||
ExecStart=/usr/local/bin/fblogin
|
||||
Type=simple
|
||||
Restart=always
|
||||
RestartSec=1
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
||||
|
||||
Reference in New Issue
Block a user