From 6acc39bde86bc7ed7bd95d70bfabcc86ff01ce91 Mon Sep 17 00:00:00 2001 From: =?utf8?q?Jan=20R=C4=99korajski?= Date: Tue, 27 Mar 2007 15:43:42 +0000 Subject: [PATCH] - uniformized configs to use system-auth where possible - sanitized - uniform blacklist for pop3, imap and smtp services Changed files: chage.pamd -> 1.6 chfn.pamd -> 1.8 chsh.pamd -> 1.8 passwd.pamd -> 1.6 useradd.pamd -> 1.5 userdb.pamd -> 1.5 --- chage.pamd | 3 ++- chfn.pamd | 9 +++------ chsh.pamd | 9 +++------ passwd.pamd | 10 +++------- useradd.pamd | 3 ++- userdb.pamd | 2 ++ 6 files changed, 15 insertions(+), 21 deletions(-) diff --git a/chage.pamd b/chage.pamd index 21174fe..2e1633a 100644 --- a/chage.pamd +++ b/chage.pamd @@ -1,5 +1,6 @@ #%PAM-1.0 auth sufficient pam_rootok.so -auth required pam_unix.so +auth required pam_deny.so account required pam_permit.so password required pam_exec.so failok seteuid /usr/bin/make -C /var/db +# password required pam_exec.so failok seteuid /usr/bin/make -C /var/yp diff --git a/chfn.pamd b/chfn.pamd index 64167a2..0aa09c4 100644 --- a/chfn.pamd +++ b/chfn.pamd @@ -1,9 +1,6 @@ #%PAM-1.0 auth sufficient pam_rootok.so auth required pam_listfile.so item=user sense=allow file=/etc/security/chfn.allow onerr=fail -auth required pam_unix.so -account required pam_unix.so -password required pam_cracklib.so difok=2 minlen=8 dcredit=2 ocredit=2 retry=3 -password required pam_unix.so md5 shadow use_authtok -password required pam_exec.so failok seteuid /usr/bin/make -C /var/db -session required pam_unix.so +auth include system-auth +account include system-auth +password include system-auth diff --git a/chsh.pamd b/chsh.pamd index 3f9afbb..ac578e1 100644 --- a/chsh.pamd +++ b/chsh.pamd @@ -1,9 +1,6 @@ #%PAM-1.0 auth sufficient pam_rootok.so auth required pam_listfile.so item=user sense=allow file=/etc/security/chsh.allow onerr=fail -auth required pam_unix.so -account required pam_unix.so -password required pam_cracklib.so difok=2 minlen=8 dcredit=2 ocredit=2 retry=3 -password required pam_unix.so md5 shadow use_authtok -password required pam_exec.so failok seteuid /usr/bin/make -C /var/db -session required pam_unix.so +auth include system-auth +account include system-auth +password include system-auth diff --git a/passwd.pamd b/passwd.pamd index 4ec1f37..6a4fd03 100644 --- a/passwd.pamd +++ b/passwd.pamd @@ -1,9 +1,5 @@ #%PAM-1.0 -auth required pam_listfile.so item=user sense=deny file=/etc/security/blacklist onerr=succeed auth required pam_listfile.so item=user sense=deny file=/etc/security/blacklist.passwd onerr=succeed -auth required pam_unix.so -account required pam_unix.so -# password [success=1 ignore=reset abort=die default=bad] pam_pwgen.so upper=1 digit=1 -password required pam_cracklib.so difok=2 minlen=8 dcredit=2 ocredit=2 retry=3 -password required pam_unix.so md5 shadow use_authtok -password required pam_exec.so failok seteuid /usr/bin/make -C /var/db +auth include system-auth +account include system-auth +password include system-auth diff --git a/useradd.pamd b/useradd.pamd index f8267fd..6a97ba0 100644 --- a/useradd.pamd +++ b/useradd.pamd @@ -1,5 +1,6 @@ #%PAM-1.0 auth sufficient pam_rootok.so -auth required pam_unix.so +auth required pam_deny.so account required pam_permit.so password required pam_exec.so failok seteuid /usr/bin/make -C /var/db +# password required pam_exec.so failok seteuid /usr/bin/make -C /var/yp diff --git a/userdb.pamd b/userdb.pamd index ee25848..2e1633a 100644 --- a/userdb.pamd +++ b/userdb.pamd @@ -1,4 +1,6 @@ #%PAM-1.0 auth sufficient pam_rootok.so +auth required pam_deny.so account required pam_permit.so password required pam_exec.so failok seteuid /usr/bin/make -C /var/db +# password required pam_exec.so failok seteuid /usr/bin/make -C /var/yp -- 2.44.0