diff options
Diffstat (limited to 'strata/foundation')
-rw-r--r-- | strata/foundation/systemd.morph | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/strata/foundation/systemd.morph b/strata/foundation/systemd.morph index efca734f..5dc48e70 100644 --- a/strata/foundation/systemd.morph +++ b/strata/foundation/systemd.morph @@ -39,3 +39,8 @@ post-install-commands: EOF # Use the pam config systemd provides - cp -a "$DESTDIR/$PREFIX"/share/factory/etc/pam.d/* "$DESTDIR/etc/pam.d" + +# Add pam_deny.so to the default systemd-auth pam.d config file. Without +# it, if shadow is configured to use PAM, it would be possible to login +# to a system with the wrong password. +- echo 'auth requisite pam_deny.so' >> "$DESTDIR"/etc/pam.d/system-auth |