mirrors/flatcar-scripts
1
0
Fork 0
mirror of https://github.com/flatcar/scripts.git synced 2025-08-24 07:51:03 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #1965 from mjg59/pam_fix

Browse Source 
sys-auth/pambase: Fall back to pam_deny in auth
This commit is contained in:
Matthew Garrett 2016-05-18 13:37:04 -07:00
commit 38b0befb11
2 changed files with 17 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

30
sdk_container/src/third_party/coreos-overlay/sys-auth/pambase/files/pambase-20120417-sssd.patch vendored
View File

@ -1,7 +1,7 @@
diff -ur pambase-20140313.orig/system-auth.in pambase-20140313/system-auth.in
--- pambase-20140313.orig/system-auth.in 2014-03-13 07:13:15.000000000 -0700
+++ pambase-20140313/system-auth.in 2016-05-02 12:57:35.437730031 -0700
@@ -7,7 +7,8 @@
diff -ur pambase-20120417.orig/system-auth.in pambase-20120417/system-auth.in
--- pambase-20120417.orig/system-auth.in 2016-05-15 21:01:29.705547981 -0700
+++ pambase-20120417/system-auth.in 2016-05-15 21:03:08.134220108 -0700
@@ -7,14 +7,16 @@
#if HAVE_KRB5
auth KRB5_CONTROL pam_krb5.so KRB5_PARAMS
#endif
@ -9,17 +9,18 @@ diff -ur pambase-20140313.orig/system-auth.in pambase-20140313/system-auth.in
+auth sufficient pam_sss.so use_first_pass
+auth sufficient pam_unix.so try_first_pass LIKEAUTH nullok DEBUG
/* This is needed to make sure that the Kerberos skip-on-success won't cause a bad jump. */
auth optional pam_permit.so
-auth optional pam_permit.so
+auth required pam_deny.so
@@ -16,6 +17,7 @@
#if HAVE_KRB5
account KRB5_CONTROL pam_krb5.so KRB5_PARAMS
#endif
account required pam_unix.so DEBUG
/* This is needed to make sure that the Kerberos skip-on-success won't cause a bad jump. */
+account sufficient pam_sss.so
/* This is needed to make sure that the Kerberos skip-on-success won't cause a bad jump. */
account optional pam_permit.so
#if HAVE_CRACKLIB
@@ -27,7 +29,8 @@
@@ -27,9 +29,10 @@
#if HAVE_KRB5
password KRB5_CONTROL pam_krb5.so KRB5_PARAMS
#endif
@ -27,11 +28,14 @@ diff -ur pambase-20140313.orig/system-auth.in pambase-20140313/system-auth.in
+password sufficient pam_unix.so try_first_pass UNIX_AUTHTOK nullok UNIX_EXTENDED_ENCRYPTION DEBUG
+password sufficient pam_sss.so use_authtok
/* This is needed to make sure that the Kerberos skip-on-success won't cause a bad jump. */
password optional pam_permit.so
-password optional pam_permit.so
+password required pam_deny.so
diff -ur pambase-20140313.orig/system-session.inc pambase-20140313/system-session.inc
--- pambase-20140313.orig/system-session.inc 2014-03-13 07:13:15.000000000 -0700
+++ pambase-20140313/system-session.inc 2016-05-02 12:57:59.723883487 -0700
#if HAVE_PAM_SSH
session optional pam_ssh.so
diff -ur pambase-20120417.orig/system-session.inc pambase-20120417/system-session.inc
--- pambase-20120417.orig/system-session.inc 2012-03-20 11:10:47.000000000 -0700
+++ pambase-20120417/system-session.inc 2016-05-15 21:02:00.151753215 -0700
@@ -23,3 +23,4 @@
#endif

0
sdk_container/src/third_party/coreos-overlay/sys-auth/pambase/pambase-20120417-r5.ebuild → sdk_container/src/third_party/coreos-overlay/sys-auth/pambase/pambase-20120417-r6.ebuild vendored
View File