diff options
Diffstat (limited to 'meta-ampere/meta-common')
6 files changed, 16 insertions, 53 deletions
diff --git a/meta-ampere/meta-common/recipes-extended/libpwquality/libpwquality/pwquality.conf b/meta-ampere/meta-common/recipes-extended/libpwquality/libpwquality/pwquality.conf new file mode 100644 index 0000000000..378154e5b9 --- /dev/null +++ b/meta-ampere/meta-common/recipes-extended/libpwquality/libpwquality/pwquality.conf @@ -0,0 +1,8 @@ +enforce_for_root +minlen=9 +difok=0 +lcredit=-1 +ocredit=-1 +dcredit=-1 +ucredit=-1 +maxrepeat=3 diff --git a/meta-ampere/meta-common/recipes-extended/libpwquality/libpwquality_%.bbappend b/meta-ampere/meta-common/recipes-extended/libpwquality/libpwquality_%.bbappend new file mode 100644 index 0000000000..f72de93a1a --- /dev/null +++ b/meta-ampere/meta-common/recipes-extended/libpwquality/libpwquality_%.bbappend @@ -0,0 +1,5 @@ +FILESEXTRAPATHS:prepend := "${THISDIR}/${PN}:" + +SRC_URI += " \ + file://pwquality.conf \ + " diff --git a/meta-ampere/meta-common/recipes-extended/pam/libpam/faillock.conf b/meta-ampere/meta-common/recipes-extended/pam/libpam/faillock.conf new file mode 100644 index 0000000000..1d702f32e8 --- /dev/null +++ b/meta-ampere/meta-common/recipes-extended/pam/libpam/faillock.conf @@ -0,0 +1,2 @@ +deny=5 +unlock_time=1800 diff --git a/meta-ampere/meta-common/recipes-extended/pam/libpam/pam.d/common-auth b/meta-ampere/meta-common/recipes-extended/pam/libpam/pam.d/common-auth deleted file mode 100644 index 508ef7a0cc..0000000000 --- a/meta-ampere/meta-common/recipes-extended/pam/libpam/pam.d/common-auth +++ /dev/null @@ -1,21 +0,0 @@ -# -# /etc/pam.d/common-auth - authentication settings common to all services -# -# This file is included from other service-specific PAM config files, -# and should contain a list of the authentication modules that define -# the central authentication scheme for use on the system -# (e.g., /etc/shadow, LDAP, Kerberos, etc.). The default is to use the -# traditional Unix authentication mechanisms. - -# here are the per-package modules (the "Primary" block) -auth [success=ok user_unknown=ignore default=2] pam_tally2.so deny=5 unlock_time=1800 -# Try for local user first, and then try for ldap -auth [success=2 default=ignore] pam_unix.so quiet --auth [success=1 default=ignore] pam_ldap.so ignore_unknown_user ignore_authinfo_unavail -# here's the fallback if no module succeeds -auth requisite pam_deny.so -# prime the stack with a positive return value if there isn't one already; -# this avoids us returning an error just because nothing sets a success code -# since the modules above will each just jump around -auth required pam_permit.so -# and here are more per-package modules (the "Additional" block) diff --git a/meta-ampere/meta-common/recipes-extended/pam/libpam/pam.d/common-password b/meta-ampere/meta-common/recipes-extended/pam/libpam/pam.d/common-password deleted file mode 100644 index 5a42680ee2..0000000000 --- a/meta-ampere/meta-common/recipes-extended/pam/libpam/pam.d/common-password +++ /dev/null @@ -1,30 +0,0 @@ -# -# /etc/pam.d/common-password - password-related modules common to all services -# -# This file is included from other service-specific PAM config files, -# and should contain a list of modules that define the services to be -# used to change user passwords. The default is pam_unix. - -# Explanation of pam_unix options: -# -# The "sha512" option enables salted SHA512 passwords. Without this option, -# the default is Unix crypt. Prior releases used the option "md5". -# -# The "obscure" option replaces the old `OBSCURE_CHECKS_ENAB' option in -# login.defs. -# -# See the pam_unix manpage for other options. - -# here are the per-package modules (the "Primary" block) -password [success=ok default=die] pam_cracklib.so debug enforce_for_root reject_username minlen=9 difok=0 lcredit=-1 ocredit=-1 dcredit=-1 ucredit=-1 maxrepeat=3 -password [success=ok default=die] pam_ipmicheck.so spec_grp_name=ipmi use_authtok -password [success=ok ignore=ignore default=die] pam_pwhistory.so debug enforce_for_root remember=0 use_authtok -password [success=ok default=die] pam_unix.so sha512 use_authtok -password [success=1 default=die] pam_ipmisave.so spec_grp_name=ipmi spec_pass_file=/etc/ipmi_pass key_file=/etc/key_file -# here's the fallback if no module succeeds -password requisite pam_deny.so -# prime the stack with a positive return value if there isn't one already; -# this avoids us returning an error just because nothing sets a success code -# since the modules above will each just jump around -password required pam_permit.so -# and here are more per-package modules (the "Additional" block) diff --git a/meta-ampere/meta-common/recipes-extended/pam/libpam_%.bbappend b/meta-ampere/meta-common/recipes-extended/pam/libpam_%.bbappend index ad820d162f..1aa78d3390 100644 --- a/meta-ampere/meta-common/recipes-extended/pam/libpam_%.bbappend +++ b/meta-ampere/meta-common/recipes-extended/pam/libpam_%.bbappend @@ -1,5 +1,4 @@ FILESEXTRAPATHS:prepend := "${THISDIR}/${PN}:" -SRC_URI += " file://pam.d/common-password \ - file://pam.d/common-auth \ +SRC_URI += " file://faillock.conf \ " |