Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-commits

From: Sam James <sam@g.o>
To: gentoo-commits@l.g.o
Subject: [gentoo-commits] proj/pambase:master commit in: templates/
Date: Mon, 26 Oct 2020 22:49:59
Message-Id: 1603752486.99919c4b2b59af27e7ad1daa6fbe8c614a8463c0.sam@gentoo
1 commit: 99919c4b2b59af27e7ad1daa6fbe8c614a8463c0
2 Author: Sam James <sam <AT> gentoo <DOT> org>
3 AuthorDate: Mon Oct 26 08:32:29 2020 +0000
4 Commit: Sam James <sam <AT> gentoo <DOT> org>
5 CommitDate: Mon Oct 26 22:48:06 2020 +0000
6 URL: https://gitweb.gentoo.org/proj/pambase.git/commit/?id=99919c4b
7
8 templates/system-auth.tpl: skip pam_unix with krb5
9
10 Before this change, success on pam_krb5 would result in jumping
11 one line (over pam_permit) back into pam_unix.
12
13 Incidentally, we did the later stanza correctly. This was a regression
14 from old pambase.
15
16 Bug: https://bugs.gentoo.org/748405
17 Signed-off-by: Sam James <sam <AT> gentoo.org>
18
19 templates/system-auth.tpl | 8 ++++----
20 1 file changed, 4 insertions(+), 4 deletions(-)
21
22 diff --git a/templates/system-auth.tpl b/templates/system-auth.tpl
23 index 8b61701..668303f 100644
24 --- a/templates/system-auth.tpl
25 +++ b/templates/system-auth.tpl
26 @@ -4,20 +4,20 @@ auth sufficient pam_ssh.so
27 {% endif %}
28
29 {% if krb5 %}
30 -auth [success=1 default=ignore] pam_krb5.so {{ krb5_params }}
31 +auth [success=4 default=ignore] pam_krb5.so {{ krb5_params }}
32 {% endif %}
33
34 -auth optional pam_permit.so
35 auth requisite pam_faillock.so preauth
36 auth [success=1 default=ignore] pam_unix.so {{ nullok|default('', true) }} {{ debug|default('', true) }} try_first_pass
37 auth [default=die] pam_faillock.so authfail
38 +auth optional pam_permit.so
39
40 {% if krb5 %}
41 -account [success=1 default=ignore] pam_krb5.so {{ krb5_params }}
42 +account [success=2 default=ignore] pam_krb5.so {{ krb5_params }}
43 {% endif %}
44 account required pam_unix.so {{ debug|default('', true) }}
45 -account optional pam_permit.so
46 account required pam_faillock.so
47 +account optional pam_permit.so
48
49 {% if passwdqc %}
50 password required pam_passwdqc.so config=/etc/security/passwdqc.conf
Report Message
Find on MARC Find on Google Groups