diff options
author | Ratan Gupta <ratagupt@linux.vnet.ibm.com> | 2018-11-03 09:35:06 +0300 |
---|---|---|
committer | Brad Bishop <bradleyb@fuzziesquirrel.com> | 2018-11-08 01:34:46 +0300 |
commit | bc02b1829359d69326cf0824a390b85921ed5b6b (patch) | |
tree | 5753c0de9b67d1c6b9fd948e5e7f2be378170b58 | |
parent | 20b4af64e4669cb2dc96939a81ac95b22ab4c530 (diff) | |
download | openbmc-bc02b1829359d69326cf0824a390b85921ed5b6b.tar.xz |
PAM:Enable password history pam module
pam password history module is required to not allow the
history passwords.
We have the following D-bus property which is required this
module.
https://github.com/openbmc/phosphor-dbus-interfaces/blob/master/
xyz/openbmc_project/User/AccountPolicy.interface.yaml#L27
(From meta-phosphor rev: 59e8633fc824999fcef46f099174ee322a9750f7)
Change-Id: I3493c1386c08ea8497a3d3868ed8ffb67a024a1d
Signed-off-by: Ratan Gupta <ratagupt@linux.vnet.ibm.com>
Signed-off-by: Brad Bishop <bradleyb@fuzziesquirrel.com>
-rw-r--r-- | meta-phosphor/recipes-core/pam/libpam/pam.d/common-password | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/meta-phosphor/recipes-core/pam/libpam/pam.d/common-password b/meta-phosphor/recipes-core/pam/libpam/pam.d/common-password index ac3f368c8..f0f051802 100644 --- a/meta-phosphor/recipes-core/pam/libpam/pam.d/common-password +++ b/meta-phosphor/recipes-core/pam/libpam/pam.d/common-password @@ -18,7 +18,7 @@ # here are the per-package modules (the "Primary" block) password [success=ok default=die] pam_ipmicheck.so spec_grp_name=ipmi password [success=ok default=die] pam_cracklib.so debug enforce_for_root reject_username minlen=8 difok=0 use_authtok -#password [success=ok ignore=ignore default=die] pam_pwhistory.so debug enforce_for_root remember=0 use_authtok +password [success=ok ignore=ignore default=die] pam_pwhistory.so debug enforce_for_root remember=0 use_authtok password [success=ok default=die] pam_unix.so sha512 use_authtok password [success=1 default=die] pam_ipmisave.so spec_grp_name=ipmi spec_pass_file=/etc/ipmi_pass key_file=/etc/key_file # here's the fallback if no module succeeds |