diff options
author | jmbills <jason.m.bills@intel.com> | 2022-01-18 21:55:05 +0300 |
---|---|---|
committer | GitHub <noreply@github.com> | 2022-01-18 21:55:05 +0300 |
commit | 7cf0c1cd0ce835d1833509b7b911e8a97380278b (patch) | |
tree | 0b45c3beaa9874facc4ed1a2395a31e42be0135d /meta-supermicro/meta-common/recipes-extended/pam/libpam/pam.d/common-password | |
parent | 4dac5fcd49b5e2de1074f1363775ec0f19041072 (diff) | |
parent | 1fc0d70f658da30091bcd49f9bf29aecd6b99ba7 (diff) | |
download | openbmc-7cf0c1cd0ce835d1833509b7b911e8a97380278b.tar.xz |
Merge pull request #76 from Intel-BMC/update1-0.86
Update
Diffstat (limited to 'meta-supermicro/meta-common/recipes-extended/pam/libpam/pam.d/common-password')
-rw-r--r-- | meta-supermicro/meta-common/recipes-extended/pam/libpam/pam.d/common-password | 30 |
1 files changed, 30 insertions, 0 deletions
diff --git a/meta-supermicro/meta-common/recipes-extended/pam/libpam/pam.d/common-password b/meta-supermicro/meta-common/recipes-extended/pam/libpam/pam.d/common-password new file mode 100644 index 000000000..5a42680ee --- /dev/null +++ b/meta-supermicro/meta-common/recipes-extended/pam/libpam/pam.d/common-password @@ -0,0 +1,30 @@ +# +# /etc/pam.d/common-password - password-related modules common to all services +# +# This file is included from other service-specific PAM config files, +# and should contain a list of modules that define the services to be +# used to change user passwords. The default is pam_unix. + +# Explanation of pam_unix options: +# +# The "sha512" option enables salted SHA512 passwords. Without this option, +# the default is Unix crypt. Prior releases used the option "md5". +# +# The "obscure" option replaces the old `OBSCURE_CHECKS_ENAB' option in +# login.defs. +# +# See the pam_unix manpage for other options. + +# here are the per-package modules (the "Primary" block) +password [success=ok default=die] pam_cracklib.so debug enforce_for_root reject_username minlen=9 difok=0 lcredit=-1 ocredit=-1 dcredit=-1 ucredit=-1 maxrepeat=3 +password [success=ok default=die] pam_ipmicheck.so spec_grp_name=ipmi use_authtok +password [success=ok ignore=ignore default=die] pam_pwhistory.so debug enforce_for_root remember=0 use_authtok +password [success=ok default=die] pam_unix.so sha512 use_authtok +password [success=1 default=die] pam_ipmisave.so spec_grp_name=ipmi spec_pass_file=/etc/ipmi_pass key_file=/etc/key_file +# here's the fallback if no module succeeds +password requisite pam_deny.so +# prime the stack with a positive return value if there isn't one already; +# this avoids us returning an error just because nothing sets a success code +# since the modules above will each just jump around +password required pam_permit.so +# and here are more per-package modules (the "Additional" block) |