Message ID | 1344911089-31197-2-git-send-email-golubovsky@gmail.com |
---|---|
State | Superseded |
Headers | show |
Le Mon, 13 Aug 2012 22:24:49 -0400, Dmitry <golubovsky@gmail.com> a écrit : > The default PAM configuration file requires valid user accounts with > non-blank passwords. > > The PAM configuration file for busybox login allows local authentication > with blank passwords thus emulating the non-PAM login configuration. > > Signed-off-by: Dmitry <golubovsky@gmail.com> Thanks! I'm not sure we want these in the default fs skeleton. Shouldn't the linux-pam package install these instead? Best regards, Thomas
Hi, On Tue, Aug 14, 2012 at 9:41 AM, Thomas Petazzoni <thomas.petazzoni@free-electrons.com> wrote: >> The PAM configuration file for busybox login allows local authentication >> with blank passwords thus emulating the non-PAM login configuration. > > I'm not sure we want these in the default fs skeleton. Shouldn't the > linux-pam package install these instead? > Well, I thought that such files (just like /etc/passwd) could be made static. I can change this to make them installed by linux-pam itself. Thanks.
Hi, On Tue, Aug 14, 2012 at 9:41 AM, Thomas Petazzoni <thomas.petazzoni@free-electrons.com> wrote: > > I'm not sure we want these in the default fs skeleton. Shouldn't the > linux-pam package install these instead? > I have resent the patch: now these PAM config files are part of the linux-pam package files. The reason why they are copied in a post-patch hook: $(RAWNAME) does not seem to be available inside post-install hooks. Hope this is an acceptable way to distribute non-patch files along with package itself, or is there a better way? Thanks.
diff --git a/fs/skeleton/etc/pam.d/default b/fs/skeleton/etc/pam.d/default new file mode 100644 index 0000000..0bd5ba0 --- /dev/null +++ b/fs/skeleton/etc/pam.d/default @@ -0,0 +1,8 @@ +# +# default; standard UN*X access +# +auth required pam_unix.so +account required pam_unix.so +password required pam_unix.so +session required pam_unix.so + diff --git a/fs/skeleton/etc/pam.d/login b/fs/skeleton/etc/pam.d/login new file mode 100644 index 0000000..d65a9d4 --- /dev/null +++ b/fs/skeleton/etc/pam.d/login @@ -0,0 +1,9 @@ +# +# login: allow local logins to users with entries in /etc/passwd and +# /etc/shadow even with null password +# +auth required pam_unix.so nullok +account required pam_unix.so nullok +password required pam_unix.so nullok +session required pam_unix.so nullok +
The default PAM configuration file requires valid user accounts with non-blank passwords. The PAM configuration file for busybox login allows local authentication with blank passwords thus emulating the non-PAM login configuration. Signed-off-by: Dmitry <golubovsky@gmail.com> --- fs/skeleton/etc/pam.d/default | 8 ++++++++ fs/skeleton/etc/pam.d/login | 9 +++++++++ 2 files changed, 17 insertions(+), 0 deletions(-) create mode 100644 fs/skeleton/etc/pam.d/default create mode 100644 fs/skeleton/etc/pam.d/login