aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMikle Kolyada <zlogene@gentoo.org>2020-06-10 14:32:46 +0300
committerMikle Kolyada <zlogene@gentoo.org>2020-06-10 14:32:46 +0300
commit7348fa57c7ada42820773f8c8b6f06f7181169ee (patch)
tree51e168efc9bcbdffbae4145aef5d52c82cc77f26
parentallow clang-cpp (diff)
downloadpambase-7348fa57c7ada42820773f8c8b6f06f7181169ee.tar.gz
pambase-7348fa57c7ada42820773f8c8b6f06f7181169ee.tar.bz2
pambase-7348fa57c7ada42820773f8c8b6f06f7181169ee.zip
New release
- disable cracklib in favor of passwdqc - disable tally{,2} in favor of faillock Signed-off-by: Mikle Kolyada <zlogene@gentoo.org>
-rw-r--r--Makefile4
-rw-r--r--basic-conf4
-rw-r--r--linux-pam-conf7
-rw-r--r--system-auth.in3
-rw-r--r--system-login.in8
5 files changed, 7 insertions, 19 deletions
diff --git a/Makefile b/Makefile
index 9afc842..f7e7653 100644
--- a/Makefile
+++ b/Makefile
@@ -11,10 +11,6 @@ GIT=git
PAMFLAGS = -include linux-pam-conf -include basic-conf -DLINUX_PAM_VERSION=$(LINUX_PAM_VERSION)
-ifeq "$(CRACKLIB)" "yes"
-PAMFLAGS += -DHAVE_CRACKLIB=1
-endif
-
ifeq "$(PASSWDQC)" "yes"
PAMFLAGS += -DHAVE_PASSWDQC=1
endif
diff --git a/basic-conf b/basic-conf
index 5ab72c0..7b1bf00 100644
--- a/basic-conf
+++ b/basic-conf
@@ -1,8 +1,8 @@
-// Only use_authtok (authentication token) when using cracklib or some other module
+// Only use_authtok (authentication token) when using passwdqc or some other module
// that checks for passwords, or pam_krb5
#define AUTHTOK use_authtok
-#if HAVE_CRACKLIB || HAVE_PASSWDQC
+#if HAVE_PASSWDQC
# define PASSWORD_STRENGTH 1
#endif
diff --git a/linux-pam-conf b/linux-pam-conf
index ecd5697..962b2eb 100644
--- a/linux-pam-conf
+++ b/linux-pam-conf
@@ -12,12 +12,7 @@
# define HAVE_MOTD 1
# define HAVE_MAIL 1
# define HAVE_LASTLOG 1
-
-# if LINUX_PAM_VERSION > 0x010100 /* 1.1.0 */
-# define TALLY_MODULE pam_tally2.so
-# else
-# define TALLY_MODULE pam_tally.so
-# endif
+# define HAVE_FAILLOCK 1
#endif
diff --git a/system-auth.in b/system-auth.in
index e65e4c2..dbb6971 100644
--- a/system-auth.in
+++ b/system-auth.in
@@ -18,9 +18,6 @@ account required pam_unix.so DEBUG
/* This is needed to make sure that the Kerberos skip-on-success won't cause a bad jump. */
account optional pam_permit.so
-#if HAVE_CRACKLIB
-password required pam_cracklib.so difok=2 minlen=8 dcredit=2 ocredit=2 retry=3 DEBUG
-#endif
#if HAVE_PASSWDQC
password required pam_passwdqc.so min=8,8,8,8,8 retry=3
#endif
diff --git a/system-login.in b/system-login.in
index f159f10..d93d926 100644
--- a/system-login.in
+++ b/system-login.in
@@ -1,5 +1,5 @@
-#if defined(TALLY_MODULE)
-auth required TALLY_MODULE onerr=succeed
+#if HAVE_FAILLOCK
+auth required pam_faillock.so dir=/var/log deny=3
#endif
#if HAVE_SHELLS
auth required pam_shells.so DEBUG
@@ -19,8 +19,8 @@ account required pam_login_access.so
account required pam_nologin.so DEBUG_NOLOGIN
#endif
account include system-auth
-#if defined(TALLY_MODULE)
-account required TALLY_MODULE onerr=succeed DEBUG
+#if HAVE_FAILLOCK
+account required pam_faillock.so dir=/var/log deny=3
#endif
password include system-auth