diff options
author | Pedro Alvarez <pedro.alvarez@codethink.co.uk> | 2015-05-05 11:25:43 +0000 |
---|---|---|
committer | Baserock Gerrit <gerrit@baserock.org> | 2015-05-07 14:09:14 +0000 |
commit | ef619b6115513dd36923c39190f907b55b0a4825 (patch) | |
tree | 1b813683e225c9ce5a718e0e331220e8b8b98371 /strata/core | |
parent | ebf9125fb758c9b0fb74277e8babb5c4669534d6 (diff) | |
download | definitions-ef619b6115513dd36923c39190f907b55b0a4825.tar.gz |
Configure shadow to work with PAM.
Also modify some /etc/pam.d files:
- Make the requirement on pam_selinux.so optional in shadow default
pam.d configuration files.
- Modify 'system-auth' when installing systemd to add pam_deny.so,
so that login attempts with wrong passwords fail now that
shadow is configured to use PAM.
Change-Id: I7110d27b6b46ce33eeaeae904dea854deb46c759
Diffstat (limited to 'strata/core')
-rw-r--r-- | strata/core/shadow.morph | 9 |
1 files changed, 6 insertions, 3 deletions
diff --git a/strata/core/shadow.morph b/strata/core/shadow.morph index 34ec6197..c8715a7d 100644 --- a/strata/core/shadow.morph +++ b/strata/core/shadow.morph @@ -6,13 +6,11 @@ configure-commands: - | ./autogen.sh --with-selinux=no \ --sysconfdir=/etc \ - --with-pam=yes \ + --with-libpam=yes \ --prefix="$PREFIX" \ --bindir=/bin post-install-commands: # Disable things handled by pam instead -- rm "$DESTDIR/etc/limits" -- rm "$DESTDIR/etc/login.access" - | for OPTION in FAIL_DELAY \ FAILLOG_ENAB \ @@ -48,3 +46,8 @@ post-install-commands: else echo 'ENCRYPT_METHOD SHA512' >>"$DESTDIR/etc/login.defs" fi + +# The default pam.d config files have pam_selinux.so as a requirement, even +# when shadow is configured '--with-selinux=no'. We change this default config +# to make this requirement optional. +- sed -i -e 's/\(.*\)required\(.*pam_selinux.so.*\)/\1optional\2/' "$DESTDIR"/etc/pam.d/* |