diff options
author | Richard Marian Thomaiyar <richard.marian.thomaiyar@linux.intel.com> | 2018-10-03 11:36:51 +0300 |
---|---|---|
committer | Brad Bishop <bradleyb@fuzziesquirrel.com> | 2018-10-18 16:04:42 +0300 |
commit | 6ad4e5bc647bd823fd10fca9022b7129df2fa369 (patch) | |
tree | 76026280fc478eaefc5ae2bc047ec29a9c1c82db /meta-phosphor | |
parent | f30336b2faae1b0fa09eee9ac966d80e1fa1628a (diff) | |
download | openbmc-6ad4e5bc647bd823fd10fca9022b7129df2fa369.tar.xz |
Enable pam-ipmi modules in pam password stack
Enabled pam-ipmicheck & pam-ipmisave modules in
pam password stacked modules. This modules will
store 'ipmi' group users password in encrypted
form in /etc/ipmi_pass file along with /etc/shadow.
This special file will be used by phosphor-ipmi-net
during RAKP messages.
This will not affect users who doesn't belong to
'ipmi' group.
(From meta-phosphor rev: 945a28a80ea24c59441ce511aff95092121dfc78)
Change-Id: I1b9e2c78c1e0b8a0f8da2a28c6d89638c45f692d
Signed-off-by: Richard Marian Thomaiyar <richard.marian.thomaiyar@linux.intel.com>
Signed-off-by: Brad Bishop <bradleyb@fuzziesquirrel.com>
Diffstat (limited to 'meta-phosphor')
-rw-r--r-- | meta-phosphor/recipes-core/pam/libpam/pam.d/common-password | 6 |
1 files changed, 4 insertions, 2 deletions
diff --git a/meta-phosphor/recipes-core/pam/libpam/pam.d/common-password b/meta-phosphor/recipes-core/pam/libpam/pam.d/common-password index ddd7ca1d7..ac3f368c8 100644 --- a/meta-phosphor/recipes-core/pam/libpam/pam.d/common-password +++ b/meta-phosphor/recipes-core/pam/libpam/pam.d/common-password @@ -16,9 +16,11 @@ # See the pam_unix manpage for other options. # here are the per-package modules (the "Primary" block) -password [success=ok default=die] pam_cracklib.so debug enforce_for_root reject_username minlen=8 difok=0 +password [success=ok default=die] pam_ipmicheck.so spec_grp_name=ipmi +password [success=ok default=die] pam_cracklib.so debug enforce_for_root reject_username minlen=8 difok=0 use_authtok #password [success=ok ignore=ignore default=die] pam_pwhistory.so debug enforce_for_root remember=0 use_authtok -password [success=1 default=die] pam_unix.so sha512 use_authtok +password [success=ok default=die] pam_unix.so sha512 use_authtok +password [success=1 default=die] pam_ipmisave.so spec_grp_name=ipmi spec_pass_file=/etc/ipmi_pass key_file=/etc/key_file # here's the fallback if no module succeeds password requisite pam_deny.so # prime the stack with a positive return value if there isn't one already; |