remove wrong commit

15 files changed, 0 insertions, 374 deletions

diff --git a/server/modules/pam-hso/etc/pam-script/pam_script_ses_close b/server/modules/pam-hso/etc/pam-script/pam_script_ses_close
deleted file mode 100755
index dc7b5bd7..00000000
--- a/server/modules/pam-hso/etc/pam-script/pam_script_ses_close
+++ /dev/null
@@ -1,8 +0,0 @@
-#!/bin/bash
-
-export PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/opt/openslx/bin:/opt/openslx/sbin:/opt/openslx/usr/bin:/opt/openslx/usr/sbin"
-
-echo "[$PAM_TYPE] Closing session for $PAM_USER"
-
-[ $(id -g $PAM_USER) -eq 1001 ] && umount /home/$PAM_USER
-
diff --git a/server/modules/pam-hso/etc/pam-script/pam_script_ses_open b/server/modules/pam-hso/etc/pam-script/pam_script_ses_open
deleted file mode 100755
index 4cf6bf58..00000000
--- a/server/modules/pam-hso/etc/pam-script/pam_script_ses_open
+++ /dev/null
@@ -1,24 +0,0 @@
-#!/bin/sh
-
-export PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/opt/openslx/bin:/opt/openslx/sbin:/opt/openslx/usr/bin:/opt/openslx/usr/sbin"
-
-
-#check who is logged in to put the "Home"-Folder on the correct Desktop
-#Doesn't work with root!
-#export loggedInUser=$(whoami)
-[ ! -z "$PAM_USER" ] && export loggedInUser="$PAM_USER"
-
-
-#create Folder on Desktop to link with H-Drive, if not already existent
-if [ ! -d /home/users/$loggedInUser ]; then
-	mkdir -p /home/users/$loggedInUser
-fi
-
-
-#ask for username
-#read -p "Benutzername: " username
-
-
-#mount H-Drive
-ncpmount -A fs1-2-home.rz.hs-offenburg.de -S fs1-2-home.rz.hs-offenburg.de -V HOME/USERS/$loggedInUser -U $loggedInUser.HRZ.FHO /home/users/$loggedInUser
-
diff --git a/server/modules/pam-hso/etc/pam.d/common-account b/server/modules/pam-hso/etc/pam.d/common-account
deleted file mode 100644
index 3a5d5a14..00000000
--- a/server/modules/pam-hso/etc/pam.d/common-account
+++ /dev/null
@@ -1,26 +0,0 @@
-#
-# /etc/pam.d/common-account - authorization settings common to all services
-#
-# This file is included from other service-specific PAM config files,
-# and should contain a list of the authorization modules that define
-# the central access policy for use on the system.  The default is to
-# only deny service to users whose accounts are expired in /etc/shadow.
-#
-# As of pam 1.0.1-6, this file is managed by pam-auth-update by default.
-# To take advantage of this, it is recommended that you configure any
-# local modules either before or after the default block, and use
-# pam-auth-update to manage selection of other modules.  See
-# pam-auth-update(8) for details.
-#
-
-# here are the per-package modules (the "Primary" block)
-account	[success=2 new_authtok_reqd=done default=ignore]	pam_unix.so
-account [success=1 new_authtok_reqd=done default=ignore]	pam_ldap.so use_first_pass
-# here's the fallback if no module succeeds
-account	requisite			pam_deny.so
-# prime the stack with a positive return value if there isn't one already;
-# this avoids us returning an error just because nothing sets a success code
-# since the modules above will each just jump around
-account	required			pam_permit.so
-# and here are more per-package modules (the "Additional" block)
-# end of pam-auth-update config
diff --git a/server/modules/pam-hso/etc/pam.d/common-auth b/server/modules/pam-hso/etc/pam.d/common-auth
deleted file mode 100644
index 8a2d4c86..00000000
--- a/server/modules/pam-hso/etc/pam.d/common-auth
+++ /dev/null
@@ -1,26 +0,0 @@
-#
-# /etc/pam.d/common-auth - authentication settings common to all services
-#
-# This file is included from other service-specific PAM config files,
-# and should contain a list of the authentication modules that define
-# the central authentication scheme for use on the system
-# (e.g., /etc/shadow, LDAP, Kerberos, etc.).  The default is to use the
-# traditional Unix authentication mechanisms.
-#
-# As of pam 1.0.1-6, this file is managed by pam-auth-update by default.
-# To take advantage of this, it is recommended that you configure any
-# local modules either before or after the default block, and use
-# pam-auth-update to manage selection of other modules.  See
-# pam-auth-update(8) for details.
-
-# here are the per-package modules (the "Primary" block)
-auth	[success=2 default=ignore]	pam_unix.so try_first_pass
-auth	[success=1 default=ignore]	pam_ldap.so use_first_pass nullok_secure
-# here's the fallback if no module succeeds
-auth	requisite			pam_deny.so
-# prime the stack with a positive return value if there isn't one already;
-# this avoids us returning an error just because nothing sets a success code
-# since the modules above will each just jump around
-auth	required			pam_permit.so
-# and here are more per-package modules (the "Additional" block)
-# end of pam-auth-update config
diff --git a/server/modules/pam-hso/etc/pam.d/common-password b/server/modules/pam-hso/etc/pam.d/common-password
deleted file mode 100644
index cb8c7b71..00000000
--- a/server/modules/pam-hso/etc/pam.d/common-password
+++ /dev/null
@@ -1,33 +0,0 @@
-#
-# /etc/pam.d/common-password - password-related modules common to all services
-#
-# This file is included from other service-specific PAM config files,
-# and should contain a list of modules that define the services to be
-# used to change user passwords.  The default is pam_unix.
-
-# Explanation of pam_unix options:
-#
-# The "sha512" option enables salted SHA512 passwords.  Without this option,
-# the default is Unix crypt.  Prior releases used the option "md5".
-#
-# The "obscure" option replaces the old `OBSCURE_CHECKS_ENAB' option in
-# login.defs.
-#
-# See the pam_unix manpage for other options.
-
-# As of pam 1.0.1-6, this file is managed by pam-auth-update by default.
-# To take advantage of this, it is recommended that you configure any
-# local modules either before or after the default block, and use
-# pam-auth-update to manage selection of other modules.  See
-# pam-auth-update(8) for details.
-
-# here are the per-package modules (the "Primary" block)
-password	[success=1 default=ignore]	pam_unix.so obscure sha512
-# here's the fallback if no module succeeds
-password	requisite			pam_deny.so
-# prime the stack with a positive return value if there isn't one already;
-# this avoids us returning an error just because nothing sets a success code
-# since the modules above will each just jump around
-password	required			pam_permit.so
-# and here are more per-package modules (the "Additional" block)
-# end of pam-auth-update config
diff --git a/server/modules/pam-hso/etc/pam.d/common-session b/server/modules/pam-hso/etc/pam.d/common-session
deleted file mode 100644
index 4c4a7e95..00000000
--- a/server/modules/pam-hso/etc/pam.d/common-session
+++ /dev/null
@@ -1,36 +0,0 @@
-#
-# /etc/pam.d/common-session - session-related modules common to all services
-#
-# This file is included from other service-specific PAM config files,
-# and should contain a list of modules that define tasks to be performed
-# at the start and end of sessions of *any* kind (both interactive and
-# non-interactive).
-#
-# As of pam 1.0.1-6, this file is managed by pam-auth-update by default.
-# To take advantage of this, it is recommended that you configure any
-# local modules either before or after the default block, and use
-# pam-auth-update to manage selection of other modules.  See
-# pam-auth-update(8) for details.
-
-# here are the per-package modules (the "Primary" block)
-session	[default=1]     pam_permit.so
-# here's the fallback if no module succeeds
-session	requisite       pam_deny.so
-# prime the stack with a positive return value if there isn't one already;
-# this avoids us returning an error just because nothing sets a success code
-# since the modules above will each just jump around
-session	required        pam_permit.so
-# The pam_umask module will set the umask according to the system default in
-# /etc/login.defs and user settings, solving the problem of different
-# umask settings with different shells, display managers, remote sessions etc.
-# See "man pam_umask".
-session optional        pam_umask.so
-# and here are more per-package modules (the "Additional" block)
-session	required        pam_systemd.so
-session optional        pam_env.so readenv=1
-session optional        pam_env.so readenv=1 envfile=/etc/default/locale
-session	[success=1]     pam_unix.so 
-session [success=ok]    pam_ldap.so
-session	sufficient      pam_script.so
-session optional        pam_mkhomedir.so skel=/etc/skel umask=0022
-# end of pam-auth-update config
diff --git a/server/modules/pam-hso/etc/pam.d/common-session-noninteractive b/server/modules/pam-hso/etc/pam.d/common-session-noninteractive
deleted file mode 100644
index 1fee2c4f..00000000
--- a/server/modules/pam-hso/etc/pam.d/common-session-noninteractive
+++ /dev/null
@@ -1,30 +0,0 @@
-#
-# /etc/pam.d/common-session-noninteractive - session-related modules
-# common to all non-interactive services
-#
-# This file is included from other service-specific PAM config files,
-# and should contain a list of modules that define tasks to be performed
-# at the start and end of all non-interactive sessions.
-#
-# As of pam 1.0.1-6, this file is managed by pam-auth-update by default.
-# To take advantage of this, it is recommended that you configure any
-# local modules either before or after the default block, and use
-# pam-auth-update to manage selection of other modules.  See
-# pam-auth-update(8) for details.
-
-# here are the per-package modules (the "Primary" block)
-session	[default=1]			pam_permit.so
-# here's the fallback if no module succeeds
-session	requisite			pam_deny.so
-# prime the stack with a positive return value if there isn't one already;
-# this avoids us returning an error just because nothing sets a success code
-# since the modules above will each just jump around
-session	required			pam_permit.so
-# The pam_umask module will set the umask according to the system default in
-# /etc/login.defs and user settings, solving the problem of different
-# umask settings with different shells, display managers, remote sessions etc.
-# See "man pam_umask".
-session optional			pam_umask.so
-# and here are more per-package modules (the "Additional" block)
-session	required	pam_unix.so 
-# end of pam-auth-update config
diff --git a/server/modules/pam-hso/etc/pam.d/kdm b/server/modules/pam-hso/etc/pam.d/kdm
deleted file mode 100644
index e6a4ec9b..00000000
--- a/server/modules/pam-hso/etc/pam.d/kdm
+++ /dev/null
@@ -1,10 +0,0 @@
-#
-# /etc/pam.d/kdm - specify the PAM behaviour of kdm
-#
-auth       required     pam_nologin.so
-auth       required     pam_env.so readenv=1
-auth       required     pam_env.so readenv=1 envfile=/etc/default/locale
-auth       include      common-auth
-account    include      common-account
-password   include      common-password
-session    include      common-session
diff --git a/server/modules/pam-hso/etc/pam.d/kdm-np b/server/modules/pam-hso/etc/pam.d/kdm-np
deleted file mode 100644
index dc10e5b5..00000000
--- a/server/modules/pam-hso/etc/pam.d/kdm-np
+++ /dev/null
@@ -1,11 +0,0 @@
-#
-# /etc/pam.d/kdm-np - specify the PAM behaviour of kdm for passwordless logins
-#
-auth       required     pam_nologin.so
-auth       required     pam_env.so readenv=1
-auth       required     pam_env.so readenv=1 envfile=/etc/default/locale
-session    required     pam_limits.so
-account    include      common-account
-password   include      common-password
-session    include      common-session
-auth       required     pam_permit.so
diff --git a/server/modules/pam-hso/etc/pam.d/login b/server/modules/pam-hso/etc/pam.d/login
deleted file mode 100644
index 1065f351..00000000
--- a/server/modules/pam-hso/etc/pam.d/login
+++ /dev/null
@@ -1,101 +0,0 @@
-#
-# The PAM configuration file for the Shadow `login' service
-#
-
-# Enforce a minimal delay in case of failure (in microseconds).
-# (Replaces the `FAIL_DELAY' setting from login.defs)
-# Note that other modules may require another minimal delay. (for example,
-# to disable any delay, you should add the nodelay option to pam_unix)
-auth       optional   pam_faildelay.so  delay=3000000
-
-# Outputs an issue file prior to each login prompt (Replaces the
-# ISSUE_FILE option from login.defs). Uncomment for use
-# auth       required   pam_issue.so issue=/etc/issue
-
-# Disallows root logins except on tty's listed in /etc/securetty
-# (Replaces the `CONSOLE' setting from login.defs)
-#
-# With the default control of this module:
-#   [success=ok new_authtok_reqd=ok ignore=ignore user_unknown=bad default=die]
-# root will not be prompted for a password on insecure lines.
-# if an invalid username is entered, a password is prompted (but login
-# will eventually be rejected)
-#
-# You can change it to a "requisite" module if you think root may mis-type
-# her login and should not be prompted for a password in that case. But
-# this will leave the system as vulnerable to user enumeration attacks.
-#
-# You can change it to a "required" module if you think it permits to
-# guess valid user names of your system (invalid user names are considered
-# as possibly being root on insecure lines), but root passwords may be
-# communicated over insecure lines.
-auth [success=ok new_authtok_reqd=ok ignore=ignore user_unknown=bad default=die] pam_securetty.so
-
-# Disallows other than root logins when /etc/nologin exists
-# (Replaces the `NOLOGINS_FILE' option from login.defs)
-auth       requisite  pam_nologin.so
-
-# SELinux needs to be the first session rule. This ensures that any 
-# lingering context has been cleared. Without out this it is possible 
-# that a module could execute code in the wrong domain.
-# When the module is present, "required" would be sufficient (When SELinux
-# is disabled, this returns success.)
-# OpenSLX: Not Needed?
-#session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so close
-
-# This module parses environment configuration file(s)
-# and also allows you to use an extended config
-# file /etc/security/pam_env.conf.
-# 
-# parsing /etc/environment needs "readenv=1"
-session       required   pam_env.so readenv=1
-# locale variables are also kept into /etc/default/locale in etch
-# reading this file *in addition to /etc/environment* does not hurt
-session       required   pam_env.so readenv=1 envfile=/etc/default/locale
-
-# Standard Un*x authentication.
-auth include common-auth
-
-# TODO do we need this?
-# This allows certain extra groups to be granted to a user
-# based on things like time of day, tty, service, and user.
-# Please edit /etc/security/group.conf to fit your needs
-# (Replaces the `CONSOLE_GROUPS' option in login.defs)
-#auth       optional   pam_group.so
-
-# Uncomment and edit /etc/security/time.conf if you need to set
-# time restrainst on logins.
-# (Replaces the `PORTTIME_CHECKS_ENAB' option from login.defs
-# as well as /etc/porttime)
-# account    requisite  pam_time.so
-
-# Uncomment and edit /etc/security/access.conf if you need to
-# set access limits.
-# (Replaces /etc/login.access file)
-# account  required       pam_access.so
-
-# TODO do we need this?
-# Sets up user limits according to /etc/security/limits.conf
-# (Replaces the use of /etc/limits in old login)
-#session    required   pam_limits.so
-
-# TODO check if this is needed
-# Prints the last login info upon succesful login
-# (Replaces the `LASTLOG_ENAB' option from login.defs)
-session    optional   pam_lastlog.so
-
-# Prints the motd upon succesful login
-# (Replaces the `MOTD_FILE' option in login.defs)
-session    optional   pam_motd.so
-
-# Standard Un*x account and session
-account include common-account
-session include common-session
-password include common-password
-
-# SELinux needs to intervene at login time to ensure that the process
-# starts in the proper default security context. Only sessions which are
-# intended to run in the user's context should be run after this.
-session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so open
-# When the module is present, "required" would be sufficient (When SELinux
-# is disabled, this returns success.)
diff --git a/server/modules/pam-hso/etc/pam.d/other b/server/modules/pam-hso/etc/pam.d/other
deleted file mode 100644
index 840eb77f..00000000
--- a/server/modules/pam-hso/etc/pam.d/other
+++ /dev/null
@@ -1,10 +0,0 @@
-#%PAM-1.0
-auth	 required	pam_warn.so
-auth	 required	pam_deny.so
-account  required	pam_warn.so
-account	 required	pam_deny.so
-password required	pam_warn.so
-password required	pam_deny.so
-session  required       pam_warn.so
-session	 required	pam_deny.so
-
diff --git a/server/modules/pam-hso/etc/pam.d/passwd b/server/modules/pam-hso/etc/pam.d/passwd
deleted file mode 100644
index 32eaa3c6..00000000
--- a/server/modules/pam-hso/etc/pam.d/passwd
+++ /dev/null
@@ -1,6 +0,0 @@
-#
-# The PAM configuration file for the Shadow `passwd' service
-#
-
-password include common-password
-
diff --git a/server/modules/pam-hso/etc/pam.d/sshd b/server/modules/pam-hso/etc/pam.d/sshd
deleted file mode 100644
index 8954d639..00000000
--- a/server/modules/pam-hso/etc/pam.d/sshd
+++ /dev/null
@@ -1,41 +0,0 @@
-# PAM configuration for the Secure Shell service
-
-# Read environment variables from /etc/environment and
-# /etc/security/pam_env.conf.
-auth       required     pam_env.so # [1]
-# In Debian 4.0 (etch), locale-related environment variables were moved to
-# /etc/default/locale, so read that as well.
-auth       required     pam_env.so envfile=/etc/default/locale
-
-# Standard Un*x authentication.
-auth include common-auth
-
-# Disallow non-root logins when /etc/nologin exists.
-account    required     pam_nologin.so
-
-# Uncomment and edit /etc/security/access.conf if you need to set complex
-# access limits that are hard to express in sshd_config.
-# account  required     pam_access.so
-
-# Standard Un*x authorization.
-account include common-account
-
-# Standard Un*x session setup and teardown.
-session include common-session
-
-# Print the message of the day upon successful login.
-session    optional     pam_motd.so # [1]
-
-# TODO do we need this?
-# Print the status of the user's mailbox upon successful login.
-#session    optional     pam_mail.so standard noenv # [1]
-
-# TODO do we need this?
-# Set up user limits from /etc/security/limits.conf.
-#session    required     pam_limits.so
-
-# Set up SELinux capabilities (need modified pam)
-# session  required     pam_selinux.so multiple
-
-# Standard Un*x password updating.
-password include common-password
diff --git a/server/modules/pam-hso/etc/pam.d/vmware-authd b/server/modules/pam-hso/etc/pam.d/vmware-authd
deleted file mode 100644
index 1f9b60f9..00000000
--- a/server/modules/pam-hso/etc/pam.d/vmware-authd
+++ /dev/null
@@ -1,6 +0,0 @@
-#%PAM-1.0
-auth     include        common-auth
-account  include        common-account
-password include        common-password
-session  include        common-session
-
diff --git a/server/modules/pam-hso/etc/pam.d/xdm b/server/modules/pam-hso/etc/pam.d/xdm
deleted file mode 100644
index d21651db..00000000
--- a/server/modules/pam-hso/etc/pam.d/xdm
+++ /dev/null
@@ -1,6 +0,0 @@
-#%PAM-1.0
-auth     include        common-auth
-account  include        common-account
-password include        common-password
-session  required       pam_loginuid.so
-session  include        common-session