crans/crans_bcfg2
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

[pam.d] La partie wheezy ne marche pas comme prévu, là ça devrait être mieux

Browse source
This commit is contained in:
Pierre-Elliott Bécue 2013-05-08 23:11:06 +02:00
parent a818dc2778
commit 08278f99fe
4 changed files with 16 additions and 10 deletions
Download patch file Download diff file Expand all files Collapse all files

4
Python/etc/pam.d/common-account
View file

@ -25,7 +25,7 @@ if not has('wheezy'):
else: else:
@# here are the per-package modules (the "Primary" block) @# here are the per-package modules (the "Primary" block)
@account [success=1 new_authtok_reqd=done default=ignore] pam_unix.so use_first_pass @account [success=1 new_authtok_reqd=done default=ignore] pam_unix.so use_first_pass
@# here's the fallback if no module succeeds @# here's the fallback if no module succeeds
@account requisite pam_deny.so @account requisite pam_deny.so
@# prime the stack with a positive return value if there isn't one already; @# prime the stack with a positive return value if there isn't one already;
@ -34,5 +34,5 @@ else:
@account required pam_permit.so @account required pam_permit.so
@# and here are more per-package modules (the "Additional" block) @# and here are more per-package modules (the "Additional" block)
if has("ldap"): if has("ldap"):
print "account [success=ok new_authtok_reqd=done ignore=ignore user_unknown=ignore authinfo_unavail=ignore default=bad] %s minimum_uid=1000" % pam_module print "account [success=ok new_authtok_reqd=done ignore=ignore user_unknown=ignore authinfo_unavail=ignore default=bad] %s minimum_uid=1000" % pam_module
@# end of pam-auth-update config @# end of pam-auth-update config

6
Python/etc/pam.d/common-auth
View file

@ -25,8 +25,10 @@ if not has('wheezy'):
else: else:
@# here are the per-package modules (the "Primary" block) @# here are the per-package modules (the "Primary" block)
if has('ldap'): if has('ldap'):
print "auth [success=2 default=ignore] %s minimum_uid=1000" % pam_module print "auth [success=2 default=ignore] pam_unix.so nullok_secure"
@auth [success=1 default=ignore] pam_unix.so nullok_secure print "auth [success=1 default=ignore] %s minimum_uid=1000 use_first_pass" % pam_module
else:
print "auth [success=1 default=ignore] pam_unix.so nullok_secure"
@# here's the fallback if no module succeeds @# here's the fallback if no module succeeds
@auth requisite pam_deny.so @auth requisite pam_deny.so
@# prime the stack with a positive return value if there isn't one already; @# prime the stack with a positive return value if there isn't one already;

10
Python/etc/pam.d/common-password
View file

@ -42,13 +42,17 @@ pam-auth-update(8) for details.
@# (Replaces the `OBSCURE_CHECKS_ENAB', `CRACKLIB_DICTPATH') @# (Replaces the `OBSCURE_CHECKS_ENAB', `CRACKLIB_DICTPATH')
if not has('wheezy'): if not has('wheezy'):
print "password sufficient %s ignore_unknown_user md5 try_first_pass" % pam_module if has('ldap'):
print "password sufficient %s ignore_unknown_user md5 try_first_pass" % pam_module
print "password required pam_unix.so nullok obscure min=4 max=8 md5 try_first_pass" print "password required pam_unix.so nullok obscure min=4 max=8 md5 try_first_pass"
else: else:
@# here are the per-package modules (the "Primary" block) @# here are the per-package modules (the "Primary" block)
@password [success=2 default=ignore] pam_unix.so nullok obscure sha512 min=4 max=8 md5 try_first_pass if has('ldap'):
print "password [success=1 default=ignore] %s minimum_uid=1000 ignore_unkown_user md5 try_first_pass" % pam_module @password [success=2 default=ignore] pam_unix.so nullok obscure sha512 min=4 max=8 md5 try_first_pass
print "password [success=1 default=ignore] %s minimum_uid=1000 ignore_unkown_user md5 try_first_pass" % pam_module
else:
@password [success=1 default=ignore] pam_unix.so nullok obscure sha512 min=4 max=8 md5 try_first_pass
@# here's the fallback if no module succeeds @# here's the fallback if no module succeeds
@password requisite pam_deny.so @password requisite pam_deny.so
@# prime the stack with a positive return value if there isn't one already; @# prime the stack with a positive return value if there isn't one already;

6
Python/etc/pam.d/common-session
View file

@ -24,7 +24,7 @@ if not has('wheezy'):
else: else:
@# here are the per-package modules (the "Primary" block) @# here are the per-package modules (the "Primary" block)
@session [default=1] pam_permit.so @session [default=1] pam_permit.so
@# here's the fallback if no module succeeds @# here's the fallback if no module succeeds
@session requisite pam_deny.so @session requisite pam_deny.so
@# prime the stack with a positive return value if there isn't one already; @# prime the stack with a positive return value if there isn't one already;
@ -32,7 +32,7 @@ else:
@# since the modules above will each just jump around @# since the modules above will each just jump around
@session required pam_permit.so @session required pam_permit.so
@# and here are more per-package modules (the "Additional" block) @# and here are more per-package modules (the "Additional" block)
@session required pam_unix.so @session required pam_unix.so
if has('ldap'): if has('ldap'):
print "session [success=ok default=ignore] %s minimum_uid=1000" % pam_module print "session [success=ok default=ignore] %s minimum_uid=1000" % pam_module
@# end of pam-auth-update config @# end of pam-auth-update config