[pam] Désormais, passwd change les mots de passe ldap avec cracklib

2014-03-19 00:57:47 +01:00 · 2014-03-19 00:57:47 +01:00 · ec3370be18
commit ec3370be18
parent a6875590fd
2 changed files with 15 additions and 20 deletions
--- a/Bundler/pam.xml
+++ b/Bundler/pam.xml
@ -6,7 +6,7 @@
  <Group name="ssh">
    <Service name="ssh"/>
  </Group>
-  <Group name="db-server">
+  <Group name="ldap">
    <Package name="libpam-cracklib"/>
  </Group>
 </Bundle>
--- a/Python/etc/pam.d/common-password
+++ b/Python/etc/pam.d/common-password
@ -41,14 +41,9 @@ pam-auth-update(8) for details.
@# uncomment the next two in order to use this.
@# (Replaces the `OBSCURE_CHECKS_ENAB', `CRACKLIB_DICTPATH')

-if not has('wheezy'):
-    if has('ldap'):
-        print "password   sufficient %s ignore_unknown_user md5 try_first_pass" % pam_module
-    print "password   required   pam_unix.so nullok obscure min=4 max=8 md5 try_first_pass"
-
-else:
@# here are the per-package modules (the "Primary" block)
 if has('ldap'):
+    @password       requisite                       pam_cracklib.so retry=3 minlen=9 dcredit=-1 ucredit=-1 lcredit=-1 ocredit=1 reject_username gecoscheck enforce_for_root difok=0
    @password       [success=2 default=ignore]      pam_unix.so  nullok obscure sha512 min=4 max=8 md5 try_first_pass
    print "password       [success=1 default=ignore]      %s minimum_uid=1000 ignore_unkown_user md5 try_first_pass" % pam_module
 else: