diff options
| author |   Diego Elio 'Flameeyes' Pettenò <flameeyes@gmail.com> | 2010-08-19 12:28:44 +0200 |
|---|---|---|
| committer | Diego Elio 'Flameeyes' Pettenò <flameeyes@gmail.com> | 2010-08-19 12:41:45 +0200 |
| commit | ac9023eecfe3c13d212c548bb9d5d1b42a4e044b (patch) | |
| tree | 53566564785a9c7a60bb401167eaad17615f93a5 | |
| parent | Make sure that there is a space between password and session. (diff) | |
| download | pambase-ac9023eecfe3c13d212c548bb9d5d1b42a4e044b.tar.gz pambase-ac9023eecfe3c13d212c548bb9d5d1b42a4e044b.tar.bz2 pambase-ac9023eecfe3c13d212c548bb9d5d1b42a4e044b.zip | |
Also protect account and password from pam_krb5 bad jumps.pambase-20100819
Thanks to Simon Alman for reporting, in bug #333393
| -rw-r--r-- | system-auth.in | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/system-auth.in b/system-auth.in index 81c6542..a80d653 100644 --- a/system-auth.in +++ b/system-auth.in @@ -15,6 +15,8 @@ auth optional pam_permit.so account KRB5_CONTROL pam_krb5.so KRB5_PARAMS #endif account required pam_unix.so DEBUG +/* This is needed to make sure that the Kerberos skip-on-success won't cause a bad jump. */ +account optional pam_permit.so #if HAVE_CRACKLIB password required pam_cracklib.so difok=2 minlen=8 dcredit=2 ocredit=2 retry=3 DEBUG @@ -26,6 +28,8 @@ password required pam_passwdqc.so min=8,8,8,8,8 retry=3 password KRB5_CONTROL pam_krb5.so KRB5_PARAMS #endif password required pam_unix.so try_first_pass UNIX_AUTHTOK nullok UNIX_EXTENDED_ENCRYPTION DEBUG +/* This is needed to make sure that the Kerberos skip-on-success won't cause a bad jump. */ +password optional pam_permit.so #if HAVE_PAM_SSH session optional pam_ssh.so |