diff options
author | Ed Tanous <ed@tanous.net> | 2019-03-21 20:10:56 +0300 |
---|---|---|
committer | GitHub <noreply@github.com> | 2019-03-21 20:10:56 +0300 |
commit | 10bcfa157476d3c5401f2fa1cc36bc29ba508c1e (patch) | |
tree | bc590b26d8bdd06b6459c4debaa3041207e5c2cc /meta-phosphor/recipes-extended/pam | |
parent | 0a33a7ec0b66a3dc40ece30d75cec2afb79ab743 (diff) | |
parent | 225376f0a37ee9b6f20626e5f377d8833ea1727f (diff) | |
download | openbmc-10bcfa157476d3c5401f2fa1cc36bc29ba508c1e.tar.xz |
Merge pull request #2 from Intel-BMC/update2
Update to latest
Diffstat (limited to 'meta-phosphor/recipes-extended/pam')
-rw-r--r-- | meta-phosphor/recipes-extended/pam/libpam/pam.d/common-account | 3 | ||||
-rw-r--r-- | meta-phosphor/recipes-extended/pam/libpam/pam.d/common-auth | 6 |
2 files changed, 6 insertions, 3 deletions
diff --git a/meta-phosphor/recipes-extended/pam/libpam/pam.d/common-account b/meta-phosphor/recipes-extended/pam/libpam/pam.d/common-account index 10cfc73ea..82449cad0 100644 --- a/meta-phosphor/recipes-extended/pam/libpam/pam.d/common-account +++ b/meta-phosphor/recipes-extended/pam/libpam/pam.d/common-account @@ -14,7 +14,8 @@ # # here are the per-package modules (the "Primary" block) -account [success=1 new_authtok_reqd=done default=ignore] pam_unix.so +account [success=2 new_authtok_reqd=done default=ignore] pam_unix.so +-account [success=1 new_authtok_reqd=done default=ignore] pam_ldap.so ignore_unknown_user ignore_authinfo_unavail # here's the fallback if no module succeeds account requisite pam_deny.so account required pam_tally2.so diff --git a/meta-phosphor/recipes-extended/pam/libpam/pam.d/common-auth b/meta-phosphor/recipes-extended/pam/libpam/pam.d/common-auth index 4ac58fb54..7bebd9a6a 100644 --- a/meta-phosphor/recipes-extended/pam/libpam/pam.d/common-auth +++ b/meta-phosphor/recipes-extended/pam/libpam/pam.d/common-auth @@ -8,8 +8,10 @@ # traditional Unix authentication mechanisms. # here are the per-package modules (the "Primary" block) -auth [success=ok default=1] pam_tally2.so deny=0 unlock_time=0 -auth [success=1 default=ignore] pam_unix.so nullok_secure +auth [success=ok default=2] pam_tally2.so deny=0 unlock_time=0 +# Try for local user first, and then try for ldap +auth [success=2 default=ignore] pam_unix.so nullok_secure +-auth [success=1 default=ignore] pam_ldap.so ignore_unknown_user ignore_authinfo_unavail # here's the fallback if no module succeeds auth requisite pam_deny.so # prime the stack with a positive return value if there isn't one already; |