linux-pam: align with usermngr (move PAM setup to usermngr)

linux-pam/Makefile

@@ -31,8 +31,8 @@ MESON_ARGS += \
 
 define Package/linux-pam/install
 	$(INSTALL_DIR) $(1)/usr/lib/security
-	$(INSTALL_DIR) $(1)/etc/uci-defaults/
+	$(INSTALL_DIR) $(1)/etc/init.d
-	$(INSTALL_BIN) ./files/pam_faillock.uci_default $(1)/etc/uci-defaults/99-add_pam_faillock
+	$(INSTALL_BIN) ./linux_pam.init $(1)/etc/init.d/linux_pam
 endef
 
 $(eval $(call BuildPackage,linux-pam))

linux-pam/files/pam_faillock.uci_default

@@ -1,43 +0,0 @@
-#!/bin/sh
-
-create_faillock_files()
-{
-	# also create files needed by pam_faillock
-	touch /var/log/faillock
-	chmod 700 /var/log/faillock
-	touch /var/log/btmp
-	chmod 700 /var/log/btmp
-}
-
-update_pam_common_auth()
-{
-	local file="/etc/pam.d/common-auth"
-	local deny=6
-	local unlock_time=300
-
-	# update pam_unix.so line
-	sed -i -E 's|^.*pam_unix\.so.*|auth\t sufficient\tpam_unix.so nullok_secure|' "$file"
-
-	# Insert pam_faillock lines before and after pam_unix.so
-	sed -i -E "/pam_unix.so nullok_secure/i auth     required       pam_faillock.so preauth deny=$deny even_deny_root unlock_time=$unlock_time" "$file"
-	sed -i -E "/pam_unix.so nullok_secure/a auth     [default=die]  pam_faillock.so authfail audit deny=$deny even_deny_root unlock_time=$unlock_time" "$file"
-}
-
-update_pam_common_account()
-{
-	# update account file
-	sed -i "/pam_unix.so/ i account  required       pam_faillock.so" /etc/pam.d/common-account
-}
-
-if [ -f "/usr/lib/security/pam_faillock.so" ]; then
-	update_pam_common_auth
-	update_pam_common_account
-	create_faillock_files
-fi
-
-if [ -f /etc/config/sshd ]; then
-	uci -q set sshd.@sshd[0].UsePAM=1
-	uci commit sshd
-fi
-
-exit 0

linux-pam/linux_pam.init

@@ -0,0 +1,18 @@
+#!/bin/sh /etc/rc.common
+
+START=11
+STOP=90
+USE_PROCD=1
+
+create_faillock_files()
+{
+	# also create files needed by pam_faillock
+	touch /var/log/faillock
+	chmod 700 /var/log/faillock
+	touch /var/log/btmp
+	chmod 700 /var/log/btmp
+}
+
+boot() {
+	create_faillock_files
+}