1
1
mirror of https://github.com/systemd/systemd-stable.git synced 2024-12-22 13:33:56 +03:00

factory: tighten PAM configuration

Apparently PAM reacts differently on different systems (?) and if no
authoritative matching module is found might either succeed/fail,
depending on the system.

Let's lock this down explicitly, by hooking in pam_deny.so.

Of course, these PAM files are just examples, and no distro in its right
mind would ship these unmodified, but let's default to something safe.

Fixes: #12950
This commit is contained in:
Lennart Poettering 2019-07-12 12:17:12 +02:00
parent b65011dad0
commit ed40cb82f7

View File

@ -1,11 +1,14 @@
# This file is part of systemd.
auth sufficient pam_unix.so nullok try_first_pass
auth required pam_deny.so
account required pam_nologin.so
account sufficient pam_unix.so
account required pam_permit.so
password sufficient pam_unix.so nullok sha512 shadow try_first_pass try_authtok
password required pam_deny.so
-session optional pam_loginuid.so
-session optional pam_systemd.so