shaba/systemd-stable
1
1
Fork 0
mirror of https://github.com/systemd/systemd-stable.git synced 2025-01-31 01:47:15 +03:00
Code

factory: tighten PAM configuration

Browse Source 
Apparently PAM reacts differently on different systems (?) and if no
authoritative matching module is found might either succeed/fail,
depending on the system.

Let's lock this down explicitly, by hooking in pam_deny.so.

Of course, these PAM files are just examples, and no distro in its right
mind would ship these unmodified, but let's default to something safe.

Fixes: #12950
(cherry picked from commit ed40cb82f7fe59f6584309553f5619c263f8c64f)
(cherry picked from commit d9a5a70a59cfef563d20e997efb6a029a8f357f0)
(cherry picked from commit 71963cde3ee9355f0f1569208d96d523923da509)
This commit is contained in:
Lennart Poettering 2019-07-12 12:17:12 +02:00 committed by Zbigniew Jędrzejewski-Szmek
parent 8027aa3900
commit 2cfd510c48
1 changed files with 3 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
factory/etc/pam.d/system-auth
View File

@ -1,11 +1,14 @@
# This file is part of systemd.
auth sufficient pam_unix.so nullok try_first_pass
auth required pam_deny.so
account required pam_nologin.so
account sufficient pam_unix.so
account required pam_permit.so
password sufficient pam_unix.so nullok sha512 shadow try_first_pass try_authtok
password required pam_deny.so
-session optional pam_loginuid.so
-session optional pam_systemd.so