Patchwork [2/2] Provide PAM configuration files in the fs skeleton

login
register
mail settings
Submitter Dimitry Golubovsky
Date Aug. 14, 2012, 2:24 a.m.
Message ID <1344911089-31197-2-git-send-email-golubovsky@gmail.com>
Download mbox | patch
Permalink /patch/177152/
State Superseded
Headers show

Comments

Dimitry Golubovsky - Aug. 14, 2012, 2:24 a.m.
The default PAM configuration file requires valid user accounts with
non-blank passwords.

The PAM configuration file for busybox login allows local authentication
with blank passwords thus emulating the non-PAM login configuration.

Signed-off-by: Dmitry <golubovsky@gmail.com>
---
 fs/skeleton/etc/pam.d/default |    8 ++++++++
 fs/skeleton/etc/pam.d/login   |    9 +++++++++
 2 files changed, 17 insertions(+), 0 deletions(-)
 create mode 100644 fs/skeleton/etc/pam.d/default
 create mode 100644 fs/skeleton/etc/pam.d/login
Thomas Petazzoni - Aug. 14, 2012, 1:41 p.m.
Le Mon, 13 Aug 2012 22:24:49 -0400,
Dmitry <golubovsky@gmail.com> a écrit :

> The default PAM configuration file requires valid user accounts with
> non-blank passwords.
> 
> The PAM configuration file for busybox login allows local authentication
> with blank passwords thus emulating the non-PAM login configuration.
> 
> Signed-off-by: Dmitry <golubovsky@gmail.com>

Thanks!

I'm not sure we want these in the default fs skeleton. Shouldn't the
linux-pam package install these instead?

Best regards,

Thomas
Dimitry Golubovsky - Aug. 14, 2012, 1:50 p.m.
Hi,

On Tue, Aug 14, 2012 at 9:41 AM, Thomas Petazzoni
<thomas.petazzoni@free-electrons.com> wrote:

>> The PAM configuration file for busybox login allows local authentication
>> with blank passwords thus emulating the non-PAM login configuration.

>
> I'm not sure we want these in the default fs skeleton. Shouldn't the
> linux-pam package install these instead?
>

Well, I thought that such files (just like /etc/passwd) could be made static.

I can change this to make them installed by linux-pam itself.

Thanks.
Dimitry Golubovsky - Aug. 15, 2012, 3:39 a.m.
Hi,

On Tue, Aug 14, 2012 at 9:41 AM, Thomas Petazzoni
<thomas.petazzoni@free-electrons.com> wrote:
>
> I'm not sure we want these in the default fs skeleton. Shouldn't the
> linux-pam package install these instead?
>

I have resent the patch: now these PAM config files are part of the
linux-pam package files. The reason why they are copied in a
post-patch hook: $(RAWNAME) does not seem to be available inside
post-install hooks.

Hope this is an acceptable way to distribute non-patch files along
with package itself, or is there a better way?

Thanks.

Patch

diff --git a/fs/skeleton/etc/pam.d/default b/fs/skeleton/etc/pam.d/default
new file mode 100644
index 0000000..0bd5ba0
--- /dev/null
+++ b/fs/skeleton/etc/pam.d/default
@@ -0,0 +1,8 @@ 
+#
+# default; standard UN*X access
+#
+auth     required       pam_unix.so
+account  required       pam_unix.so
+password required       pam_unix.so
+session  required       pam_unix.so
+
diff --git a/fs/skeleton/etc/pam.d/login b/fs/skeleton/etc/pam.d/login
new file mode 100644
index 0000000..d65a9d4
--- /dev/null
+++ b/fs/skeleton/etc/pam.d/login
@@ -0,0 +1,9 @@ 
+#
+# login: allow local logins to users with entries in /etc/passwd and
+# /etc/shadow even with null password
+#
+auth      required       pam_unix.so nullok
+account   required       pam_unix.so nullok
+password  required       pam_unix.so nullok
+session   required       pam_unix.so nullok
+