diff options
author | Richard Marian Thomaiyar <richard.marian.thomaiyar@linux.intel.com> | 2019-07-26 11:16:13 +0300 |
---|---|---|
committer | Brad Bishop <bradleyb@fuzziesquirrel.com> | 2019-08-08 18:52:56 +0300 |
commit | bef0743506084a22eb127dbaf098e2c4710afe0e (patch) | |
tree | e6bf1a03f90b4c80d7601822217ac3d1dc52e9b5 | |
parent | 20973e08f10c1cd1830ba9f522b45eecfa757690 (diff) | |
download | openbmc-bef0743506084a22eb127dbaf098e2c4710afe0e.tar.xz |
phosphor: pam: Fix credits to maintain minlen req
Default credit for pam-cracklib was used, causing issue
in meeting minlen requirement for new password. i.e. 1 credit
will be applied if the password containts, digits, upper case,
or lower case etc, making minlen to be accepted. "fw6ev9" will
pass pam_cracklib earlier for minlen as password length was 6, +2
credit got substitued for lower case & digits use in the password.
Correcting the same now, by not providing any credit, and so the
minlen of 8 chars in the password must be met.
Tested
1. Tested password 'fw6ev9' fails to set
2. Tested password '0penBmc1' was accepted as it passes 8 character
Note: With this commit, the current default passwd for root user
'0penBmc' will work fine, but the same can't be used as password
during password update.
(From meta-phosphor rev: 0e67cd66f4f530b4ccccb2ab400ba2dabb3c0737)
Change-Id: Ieeebef45a655563ac7779627b1cf38ef6080c046
Signed-off-by: Richard Marian Thomaiyar <richard.marian.thomaiyar@linux.intel.com>
Signed-off-by: Brad Bishop <bradleyb@fuzziesquirrel.com>
-rw-r--r-- | meta-phosphor/recipes-extended/pam/libpam/pam.d/common-password | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/meta-phosphor/recipes-extended/pam/libpam/pam.d/common-password b/meta-phosphor/recipes-extended/pam/libpam/pam.d/common-password index f0f051802..cf6a62a2c 100644 --- a/meta-phosphor/recipes-extended/pam/libpam/pam.d/common-password +++ b/meta-phosphor/recipes-extended/pam/libpam/pam.d/common-password @@ -17,7 +17,7 @@ # here are the per-package modules (the "Primary" block) password [success=ok default=die] pam_ipmicheck.so spec_grp_name=ipmi -password [success=ok default=die] pam_cracklib.so debug enforce_for_root reject_username minlen=8 difok=0 use_authtok +password [success=ok default=die] pam_cracklib.so debug enforce_for_root reject_username minlen=8 difok=0 lcredit=0 ocredit=0 dcredit=0 ucredit=0 use_authtok password [success=ok ignore=ignore default=die] pam_pwhistory.so debug enforce_for_root remember=0 use_authtok password [success=ok default=die] pam_unix.so sha512 use_authtok password [success=1 default=die] pam_ipmisave.so spec_grp_name=ipmi spec_pass_file=/etc/ipmi_pass key_file=/etc/key_file |