From: Jan Rękorajski <baggins@pld-linux.org>
Date: Tue, 27 Mar 2007 15:43:42 +0000 (+0000)
Subject: - uniformized configs to use system-auth where possible
X-Git-Tag: auto/th/shadow-4.6-1~32
X-Git-Url: http://git.pld-linux.org/gitweb.cgi?p=packages%2Fshadow.git;a=commitdiff_plain;h=eb00d7278833bb43b9671520caf05b5d6b2de936

- uniformized configs to use system-auth where possible
- sanitized
- uniform blacklist for pop3, imap and smtp services

Changed files:
    chage.pamd -> 1.6
    chfn.pamd -> 1.8
    chsh.pamd -> 1.8
    passwd.pamd -> 1.6
    useradd.pamd -> 1.5
    userdb.pamd -> 1.5
---

diff --git a/chage.pamd b/chage.pamd
index 21174fe..2e1633a 100644
--- a/chage.pamd
+++ b/chage.pamd
@@ -1,5 +1,6 @@
 #%PAM-1.0
 auth		sufficient	pam_rootok.so
-auth		required	pam_unix.so
+auth		required	pam_deny.so
 account		required	pam_permit.so
 password	required	pam_exec.so failok seteuid /usr/bin/make -C /var/db
+# password	required	pam_exec.so failok seteuid /usr/bin/make -C /var/yp
diff --git a/chfn.pamd b/chfn.pamd
index 64167a2..0aa09c4 100644
--- a/chfn.pamd
+++ b/chfn.pamd
@@ -1,9 +1,6 @@
 #%PAM-1.0
 auth		sufficient	pam_rootok.so
 auth		required	pam_listfile.so item=user sense=allow file=/etc/security/chfn.allow onerr=fail
-auth		required	pam_unix.so
-account		required	pam_unix.so
-password	required	pam_cracklib.so difok=2 minlen=8 dcredit=2 ocredit=2 retry=3
-password	required	pam_unix.so md5 shadow use_authtok
-password	required	pam_exec.so failok seteuid /usr/bin/make -C /var/db
-session		required	pam_unix.so
+auth		include		system-auth
+account		include		system-auth
+password	include		system-auth
diff --git a/chsh.pamd b/chsh.pamd
index 3f9afbb..ac578e1 100644
--- a/chsh.pamd
+++ b/chsh.pamd
@@ -1,9 +1,6 @@
 #%PAM-1.0
 auth		sufficient	pam_rootok.so
 auth		required	pam_listfile.so item=user sense=allow file=/etc/security/chsh.allow onerr=fail
-auth		required	pam_unix.so
-account		required	pam_unix.so
-password	required	pam_cracklib.so difok=2 minlen=8 dcredit=2 ocredit=2 retry=3
-password	required	pam_unix.so md5 shadow use_authtok
-password	required	pam_exec.so failok seteuid /usr/bin/make -C /var/db
-session		required	pam_unix.so
+auth		include		system-auth
+account		include		system-auth
+password	include		system-auth
diff --git a/passwd.pamd b/passwd.pamd
index 4ec1f37..6a4fd03 100644
--- a/passwd.pamd
+++ b/passwd.pamd
@@ -1,9 +1,5 @@
 #%PAM-1.0
-auth		required	pam_listfile.so item=user sense=deny file=/etc/security/blacklist onerr=succeed
 auth		required	pam_listfile.so item=user sense=deny file=/etc/security/blacklist.passwd onerr=succeed
-auth		required	pam_unix.so
-account		required	pam_unix.so
-# password      [success=1 ignore=reset abort=die default=bad] pam_pwgen.so upper=1 digit=1
-password	required	pam_cracklib.so difok=2 minlen=8 dcredit=2 ocredit=2 retry=3
-password	required	pam_unix.so md5 shadow use_authtok
-password	required	pam_exec.so failok seteuid /usr/bin/make -C /var/db
+auth		include		system-auth
+account		include		system-auth
+password	include		system-auth
diff --git a/useradd.pamd b/useradd.pamd
index f8267fd..6a97ba0 100644
--- a/useradd.pamd
+++ b/useradd.pamd
@@ -1,5 +1,6 @@
 #%PAM-1.0 
 auth		sufficient	pam_rootok.so
-auth		required	pam_unix.so
+auth		required	pam_deny.so
 account		required	pam_permit.so
 password	required	pam_exec.so failok seteuid /usr/bin/make -C /var/db
+# password	required	pam_exec.so failok seteuid /usr/bin/make -C /var/yp
diff --git a/userdb.pamd b/userdb.pamd
index ee25848..2e1633a 100644
--- a/userdb.pamd
+++ b/userdb.pamd
@@ -1,4 +1,6 @@
 #%PAM-1.0
 auth		sufficient	pam_rootok.so
+auth		required	pam_deny.so
 account		required	pam_permit.so
 password	required	pam_exec.so failok seteuid /usr/bin/make -C /var/db
+# password	required	pam_exec.so failok seteuid /usr/bin/make -C /var/yp