60 lines
2.9 KiB
Diff
60 lines
2.9 KiB
Diff
|
From 9f3ec1c3a6aa0670479668355c11fd9e7cb4bb7d Mon Sep 17 00:00:00 2001
|
||
|
From: =?UTF-8?q?Pavel=20B=C5=99ezina?= <pbrezina@redhat.com>
|
||
|
Date: Thu, 13 Sep 2018 14:37:57 +0200
|
||
|
Subject: [PATCH 12/16] nis: with-nispwquality will enable pwquality for nis
|
||
|
users
|
||
|
|
||
|
Resolves:
|
||
|
https://github.com/pbrezina/authselect/issues/88
|
||
|
---
|
||
|
profiles/nis/README | 5 +++++
|
||
|
profiles/nis/password-auth | 2 +-
|
||
|
profiles/nis/system-auth | 2 +-
|
||
|
3 files changed, 7 insertions(+), 2 deletions(-)
|
||
|
|
||
|
diff --git a/profiles/nis/README b/profiles/nis/README
|
||
|
index 6335fcfb051f01b7acdd4fde689de0d77c0d43a1..b4ffb8b56d8f9930ee5b70f34d0ba7a2dc35dae0 100644
|
||
|
--- a/profiles/nis/README
|
||
|
+++ b/profiles/nis/README
|
||
|
@@ -33,6 +33,11 @@ with-silent-lastlog::
|
||
|
with-pamaccess::
|
||
|
Check access.conf during account authorization.
|
||
|
|
||
|
+with-nispwquality::
|
||
|
+ If this option is set pam_pwquality module will check password quality
|
||
|
+ for NIS users as well as local users during password change. Without this
|
||
|
+ option only local users passwords are checked.
|
||
|
+
|
||
|
EXAMPLES
|
||
|
--------
|
||
|
* Enable NIS with no additional modules
|
||
|
diff --git a/profiles/nis/password-auth b/profiles/nis/password-auth
|
||
|
index 78028e19bbad3965f5232c6b6177d8780d7e1c04..159da35740cfdf1396a8bc8a97c397919f056797 100644
|
||
|
--- a/profiles/nis/password-auth
|
||
|
+++ b/profiles/nis/password-auth
|
||
|
@@ -13,7 +13,7 @@ account sufficient pam_localuser.so
|
||
|
account sufficient pam_succeed_if.so uid < 1000 quiet
|
||
|
account required pam_permit.so
|
||
|
|
||
|
-password requisite pam_pwquality.so try_first_pass local_users_only
|
||
|
+password requisite pam_pwquality.so try_first_pass {if not "with-nispwquality":local_users_only}
|
||
|
password sufficient pam_unix.so sha512 shadow nullok try_first_pass use_authtok nis
|
||
|
password required pam_deny.so
|
||
|
|
||
|
diff --git a/profiles/nis/system-auth b/profiles/nis/system-auth
|
||
|
index 2909a546a49f991128c48285fa90a1937fa03513..5f941f264b6adf2ca5cdc67685ed227ecc180ac7 100644
|
||
|
--- a/profiles/nis/system-auth
|
||
|
+++ b/profiles/nis/system-auth
|
||
|
@@ -14,7 +14,7 @@ account sufficient pam_localuser.so
|
||
|
account sufficient pam_succeed_if.so uid < 1000 quiet
|
||
|
account required pam_permit.so
|
||
|
|
||
|
-password requisite pam_pwquality.so try_first_pass local_users_only
|
||
|
+password requisite pam_pwquality.so try_first_pass {if not "with-nispwquality":local_users_only}
|
||
|
password sufficient pam_unix.so sha512 shadow nullok try_first_pass use_authtok nis
|
||
|
password required pam_deny.so
|
||
|
|
||
|
--
|
||
|
2.17.1
|
||
|
|