import authselect-1.2.5-1.el8
This commit is contained in:
parent
7e52fa4b6e
commit
306a4a4836
@ -1 +1 @@
|
|||||||
7409561c3379931675241b7858ab27fee13bd2ed SOURCES/authselect-1.2.2.tar.gz
|
4eb7fbb53b31d92f0fae17d6fd5e5da46bc8b434 SOURCES/authselect-1.2.5.tar.gz
|
||||||
|
2
.gitignore
vendored
2
.gitignore
vendored
@ -1 +1 @@
|
|||||||
SOURCES/authselect-1.2.2.tar.gz
|
SOURCES/authselect-1.2.5.tar.gz
|
||||||
|
@ -1,246 +0,0 @@
|
|||||||
From a8def58508ab4cc137700555a74e71de88ccb6bf Mon Sep 17 00:00:00 2001
|
|
||||||
From: =?UTF-8?q?Pavel=20B=C5=99ezina?= <pbrezina@redhat.com>
|
|
||||||
Date: Thu, 13 May 2021 10:42:13 +0200
|
|
||||||
Subject: [PATCH] profiles: try_first_pass has no effect on pam_unix and
|
|
||||||
pam_pwquality
|
|
||||||
|
|
||||||
Resolves:
|
|
||||||
https://github.com/authselect/authselect/issues/247
|
|
||||||
---
|
|
||||||
profiles/minimal/password-auth | 6 +++---
|
|
||||||
profiles/minimal/system-auth | 6 +++---
|
|
||||||
profiles/nis/password-auth | 6 +++---
|
|
||||||
profiles/nis/system-auth | 6 +++---
|
|
||||||
profiles/sssd/password-auth | 6 +++---
|
|
||||||
profiles/sssd/system-auth | 6 +++---
|
|
||||||
profiles/winbind/password-auth | 6 +++---
|
|
||||||
profiles/winbind/system-auth | 6 +++---
|
|
||||||
src/man/authselect-profiles.5.adoc | 6 +++---
|
|
||||||
9 files changed, 27 insertions(+), 27 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/profiles/minimal/password-auth b/profiles/minimal/password-auth
|
|
||||||
index c27f07303aa18d2a8a7425eb6c4fbbf4fc5d5209..823cc7d2dc49b529c922877b1d5a4ae355e9672b 100644
|
|
||||||
--- a/profiles/minimal/password-auth
|
|
||||||
+++ b/profiles/minimal/password-auth
|
|
||||||
@@ -1,7 +1,7 @@
|
|
||||||
auth required pam_env.so
|
|
||||||
auth required pam_faildelay.so delay=2000000
|
|
||||||
auth required pam_faillock.so preauth silent {include if "with-faillock"}
|
|
||||||
-auth sufficient pam_unix.so {if not "without-nullok":nullok} try_first_pass
|
|
||||||
+auth sufficient pam_unix.so {if not "without-nullok":nullok}
|
|
||||||
auth required pam_faillock.so authfail {include if "with-faillock"}
|
|
||||||
auth required pam_deny.so
|
|
||||||
|
|
||||||
@@ -9,8 +9,8 @@ account required pam_access.so
|
|
||||||
account required pam_faillock.so {include if "with-faillock"}
|
|
||||||
account required pam_unix.so
|
|
||||||
|
|
||||||
-password requisite pam_pwquality.so try_first_pass
|
|
||||||
-password sufficient pam_unix.so sha512 shadow {if not "without-nullok":nullok} try_first_pass use_authtok
|
|
||||||
+password requisite pam_pwquality.so
|
|
||||||
+password sufficient pam_unix.so sha512 shadow {if not "without-nullok":nullok} use_authtok
|
|
||||||
password required pam_deny.so
|
|
||||||
|
|
||||||
session optional pam_keyinit.so revoke
|
|
||||||
diff --git a/profiles/minimal/system-auth b/profiles/minimal/system-auth
|
|
||||||
index c27f07303aa18d2a8a7425eb6c4fbbf4fc5d5209..823cc7d2dc49b529c922877b1d5a4ae355e9672b 100644
|
|
||||||
--- a/profiles/minimal/system-auth
|
|
||||||
+++ b/profiles/minimal/system-auth
|
|
||||||
@@ -1,7 +1,7 @@
|
|
||||||
auth required pam_env.so
|
|
||||||
auth required pam_faildelay.so delay=2000000
|
|
||||||
auth required pam_faillock.so preauth silent {include if "with-faillock"}
|
|
||||||
-auth sufficient pam_unix.so {if not "without-nullok":nullok} try_first_pass
|
|
||||||
+auth sufficient pam_unix.so {if not "without-nullok":nullok}
|
|
||||||
auth required pam_faillock.so authfail {include if "with-faillock"}
|
|
||||||
auth required pam_deny.so
|
|
||||||
|
|
||||||
@@ -9,8 +9,8 @@ account required pam_access.so
|
|
||||||
account required pam_faillock.so {include if "with-faillock"}
|
|
||||||
account required pam_unix.so
|
|
||||||
|
|
||||||
-password requisite pam_pwquality.so try_first_pass
|
|
||||||
-password sufficient pam_unix.so sha512 shadow {if not "without-nullok":nullok} try_first_pass use_authtok
|
|
||||||
+password requisite pam_pwquality.so
|
|
||||||
+password sufficient pam_unix.so sha512 shadow {if not "without-nullok":nullok} use_authtok
|
|
||||||
password required pam_deny.so
|
|
||||||
|
|
||||||
session optional pam_keyinit.so revoke
|
|
||||||
diff --git a/profiles/nis/password-auth b/profiles/nis/password-auth
|
|
||||||
index 7997ea8de61ad6392ed01c39727f70253b5cc0ca..fca075b3e8a289aef2055cc8bb8551540957e70f 100644
|
|
||||||
--- a/profiles/nis/password-auth
|
|
||||||
+++ b/profiles/nis/password-auth
|
|
||||||
@@ -3,7 +3,7 @@ auth required pam_faildelay.so delay=
|
|
||||||
auth required pam_faillock.so preauth silent {include if "with-faillock"}
|
|
||||||
auth sufficient pam_u2f.so cue {include if "with-pam-u2f"}
|
|
||||||
auth required pam_u2f.so cue {if not "without-pam-u2f-nouserok":nouserok} {include if "with-pam-u2f-2fa"}
|
|
||||||
-auth sufficient pam_unix.so {if not "without-nullok":nullok} try_first_pass
|
|
||||||
+auth sufficient pam_unix.so {if not "without-nullok":nullok}
|
|
||||||
auth required pam_faillock.so authfail {include if "with-faillock"}
|
|
||||||
auth required pam_deny.so
|
|
||||||
|
|
||||||
@@ -11,8 +11,8 @@ account required pam_access.so
|
|
||||||
account required pam_faillock.so {include if "with-faillock"}
|
|
||||||
account required pam_unix.so broken_shadow
|
|
||||||
|
|
||||||
-password requisite pam_pwquality.so try_first_pass {if not "with-nispwquality":local_users_only}
|
|
||||||
-password sufficient pam_unix.so sha512 shadow {if not "without-nullok":nullok} try_first_pass use_authtok nis
|
|
||||||
+password requisite pam_pwquality.so {if not "with-nispwquality":local_users_only}
|
|
||||||
+password sufficient pam_unix.so sha512 shadow {if not "without-nullok":nullok} use_authtok nis
|
|
||||||
password required pam_deny.so
|
|
||||||
|
|
||||||
session optional pam_keyinit.so revoke
|
|
||||||
diff --git a/profiles/nis/system-auth b/profiles/nis/system-auth
|
|
||||||
index 057b31e074f29c46b492fa310a954e281631800e..c4a74b857f8759082973936bd7d4e5b8718680c4 100644
|
|
||||||
--- a/profiles/nis/system-auth
|
|
||||||
+++ b/profiles/nis/system-auth
|
|
||||||
@@ -4,7 +4,7 @@ auth required pam_faillock.so preauth
|
|
||||||
auth sufficient pam_fprintd.so {include if "with-fingerprint"}
|
|
||||||
auth sufficient pam_u2f.so cue {include if "with-pam-u2f"}
|
|
||||||
auth required pam_u2f.so cue {if not "without-pam-u2f-nouserok":nouserok} {include if "with-pam-u2f-2fa"}
|
|
||||||
-auth sufficient pam_unix.so {if not "without-nullok":nullok} try_first_pass
|
|
||||||
+auth sufficient pam_unix.so {if not "without-nullok":nullok}
|
|
||||||
auth required pam_faillock.so authfail {include if "with-faillock"}
|
|
||||||
auth required pam_deny.so
|
|
||||||
|
|
||||||
@@ -12,8 +12,8 @@ account required pam_access.so
|
|
||||||
account required pam_faillock.so {include if "with-faillock"}
|
|
||||||
account required pam_unix.so broken_shadow
|
|
||||||
|
|
||||||
-password requisite pam_pwquality.so try_first_pass {if not "with-nispwquality":local_users_only}
|
|
||||||
-password sufficient pam_unix.so sha512 shadow {if not "without-nullok":nullok} try_first_pass use_authtok nis
|
|
||||||
+password requisite pam_pwquality.so {if not "with-nispwquality":local_users_only}
|
|
||||||
+password sufficient pam_unix.so sha512 shadow {if not "without-nullok":nullok} use_authtok nis
|
|
||||||
password required pam_deny.so
|
|
||||||
|
|
||||||
session optional pam_keyinit.so revoke
|
|
||||||
diff --git a/profiles/sssd/password-auth b/profiles/sssd/password-auth
|
|
||||||
index d6953428cca7d6518f63c3fdbaabc4746c35f91b..b75926205f233d65553caa5d33f1d06c1c77a32e 100644
|
|
||||||
--- a/profiles/sssd/password-auth
|
|
||||||
+++ b/profiles/sssd/password-auth
|
|
||||||
@@ -6,7 +6,7 @@ auth sufficient pam_u2f.so cue
|
|
||||||
auth required pam_u2f.so cue {if not "without-pam-u2f-nouserok":nouserok} {include if "with-pam-u2f-2fa"}
|
|
||||||
auth [default=1 ignore=ignore success=ok] pam_usertype.so isregular
|
|
||||||
auth [default=1 ignore=ignore success=ok] pam_localuser.so
|
|
||||||
-auth sufficient pam_unix.so {if not "without-nullok":nullok} try_first_pass
|
|
||||||
+auth sufficient pam_unix.so {if not "without-nullok":nullok}
|
|
||||||
auth [default=1 ignore=ignore success=ok] pam_usertype.so isregular
|
|
||||||
auth sufficient pam_sss.so forward_pass
|
|
||||||
auth required pam_faillock.so authfail {include if "with-faillock"}
|
|
||||||
@@ -20,8 +20,8 @@ account sufficient pam_usertype.so issyste
|
|
||||||
account [default=bad success=ok user_unknown=ignore] pam_sss.so
|
|
||||||
account required pam_permit.so
|
|
||||||
|
|
||||||
-password requisite pam_pwquality.so try_first_pass local_users_only
|
|
||||||
-password sufficient pam_unix.so sha512 shadow {if not "without-nullok":nullok} try_first_pass use_authtok
|
|
||||||
+password requisite pam_pwquality.so local_users_only
|
|
||||||
+password sufficient pam_unix.so sha512 shadow {if not "without-nullok":nullok} use_authtok
|
|
||||||
password sufficient pam_sss.so use_authtok
|
|
||||||
password required pam_deny.so
|
|
||||||
|
|
||||||
diff --git a/profiles/sssd/system-auth b/profiles/sssd/system-auth
|
|
||||||
index 58d51067feb36850fb11bbba73067495f88c0b9e..e4bdb2b40255c056257ba5569a0b5b21ebaeb261 100644
|
|
||||||
--- a/profiles/sssd/system-auth
|
|
||||||
+++ b/profiles/sssd/system-auth
|
|
||||||
@@ -11,7 +11,7 @@ auth [default=1 ignore=ignore success=ok] pam_usertype.so isregul
|
|
||||||
auth [default=1 ignore=ignore success=ok] pam_localuser.so {exclude if "with-smartcard"}
|
|
||||||
auth [default=2 ignore=ignore success=ok] pam_localuser.so {include if "with-smartcard"}
|
|
||||||
auth [success=done authinfo_unavail=ignore ignore=ignore default=die] pam_sss.so try_cert_auth {include if "with-smartcard"}
|
|
||||||
-auth sufficient pam_unix.so {if not "without-nullok":nullok} try_first_pass
|
|
||||||
+auth sufficient pam_unix.so {if not "without-nullok":nullok}
|
|
||||||
auth [default=1 ignore=ignore success=ok] pam_usertype.so isregular
|
|
||||||
auth sufficient pam_sss.so forward_pass
|
|
||||||
auth required pam_faillock.so authfail {include if "with-faillock"}
|
|
||||||
@@ -25,8 +25,8 @@ account sufficient pam_usertype.so issyste
|
|
||||||
account [default=bad success=ok user_unknown=ignore] pam_sss.so
|
|
||||||
account required pam_permit.so
|
|
||||||
|
|
||||||
-password requisite pam_pwquality.so try_first_pass local_users_only
|
|
||||||
-password sufficient pam_unix.so sha512 shadow {if not "without-nullok":nullok} try_first_pass use_authtok
|
|
||||||
+password requisite pam_pwquality.so local_users_only
|
|
||||||
+password sufficient pam_unix.so sha512 shadow {if not "without-nullok":nullok} use_authtok
|
|
||||||
password sufficient pam_sss.so use_authtok
|
|
||||||
password required pam_deny.so
|
|
||||||
|
|
||||||
diff --git a/profiles/winbind/password-auth b/profiles/winbind/password-auth
|
|
||||||
index bbeca057d49102889e3eeee040ea256dbd751eef..75e1e529944afa68fd06e4dd189d722fd80d9336 100644
|
|
||||||
--- a/profiles/winbind/password-auth
|
|
||||||
+++ b/profiles/winbind/password-auth
|
|
||||||
@@ -3,7 +3,7 @@ auth required pam_faildelay.so delay=
|
|
||||||
auth required pam_faillock.so preauth silent {include if "with-faillock"}
|
|
||||||
auth sufficient pam_u2f.so cue {include if "with-pam-u2f"}
|
|
||||||
auth required pam_u2f.so cue {if not "without-pam-u2f-nouserok":nouserok} {include if "with-pam-u2f-2fa"}
|
|
||||||
-auth sufficient pam_unix.so {if not "without-nullok":nullok} try_first_pass
|
|
||||||
+auth sufficient pam_unix.so {if not "without-nullok":nullok}
|
|
||||||
auth [default=1 ignore=ignore success=ok] pam_usertype.so isregular
|
|
||||||
auth sufficient pam_winbind.so {if "with-krb5":krb5_auth} use_first_pass
|
|
||||||
auth required pam_faillock.so authfail {include if "with-faillock"}
|
|
||||||
@@ -17,8 +17,8 @@ account sufficient pam_usertype.so issyste
|
|
||||||
account [default=bad success=ok user_unknown=ignore] pam_winbind.so {if "with-krb5":krb5_auth}
|
|
||||||
account required pam_permit.so
|
|
||||||
|
|
||||||
-password requisite pam_pwquality.so try_first_pass local_users_only
|
|
||||||
-password sufficient pam_unix.so sha512 shadow {if not "without-nullok":nullok} try_first_pass use_authtok
|
|
||||||
+password requisite pam_pwquality.so local_users_only
|
|
||||||
+password sufficient pam_unix.so sha512 shadow {if not "without-nullok":nullok} use_authtok
|
|
||||||
password sufficient pam_winbind.so {if "with-krb5":krb5_auth} use_authtok
|
|
||||||
password required pam_deny.so
|
|
||||||
|
|
||||||
diff --git a/profiles/winbind/system-auth b/profiles/winbind/system-auth
|
|
||||||
index 8e6026b782f8bd7e64632a9acedf304bd95f29e1..ae5262f2bb8c9ee8848c66eb00b15ff3d1fb8230 100644
|
|
||||||
--- a/profiles/winbind/system-auth
|
|
||||||
+++ b/profiles/winbind/system-auth
|
|
||||||
@@ -4,7 +4,7 @@ auth required pam_faillock.so preauth
|
|
||||||
auth sufficient pam_fprintd.so {include if "with-fingerprint"}
|
|
||||||
auth sufficient pam_u2f.so cue {include if "with-pam-u2f"}
|
|
||||||
auth required pam_u2f.so cue {if not "without-pam-u2f-nouserok":nouserok} {include if "with-pam-u2f-2fa"}
|
|
||||||
-auth sufficient pam_unix.so {if not "without-nullok":nullok} try_first_pass
|
|
||||||
+auth sufficient pam_unix.so {if not "without-nullok":nullok}
|
|
||||||
auth [default=1 ignore=ignore success=ok] pam_usertype.so isregular
|
|
||||||
auth sufficient pam_winbind.so {if "with-krb5":krb5_auth} use_first_pass
|
|
||||||
auth required pam_faillock.so authfail {include if "with-faillock"}
|
|
||||||
@@ -18,8 +18,8 @@ account sufficient pam_usertype.so issyste
|
|
||||||
account [default=bad success=ok user_unknown=ignore] pam_winbind.so {if "with-krb5":krb5_auth}
|
|
||||||
account required pam_permit.so
|
|
||||||
|
|
||||||
-password requisite pam_pwquality.so try_first_pass local_users_only
|
|
||||||
-password sufficient pam_unix.so sha512 shadow {if not "without-nullok":nullok} try_first_pass use_authtok
|
|
||||||
+password requisite pam_pwquality.so local_users_only
|
|
||||||
+password sufficient pam_unix.so sha512 shadow {if not "without-nullok":nullok} use_authtok
|
|
||||||
password sufficient pam_winbind.so {if "with-krb5":krb5_auth} use_authtok
|
|
||||||
password required pam_deny.so
|
|
||||||
|
|
||||||
diff --git a/src/man/authselect-profiles.5.adoc b/src/man/authselect-profiles.5.adoc
|
|
||||||
index 0890b8b0acef811a639f6cd763b2d24f0c489881..4baa2800c766f59cf250cc5570c259f636a2305b 100644
|
|
||||||
--- a/src/man/authselect-profiles.5.adoc
|
|
||||||
+++ b/src/man/authselect-profiles.5.adoc
|
|
||||||
@@ -154,7 +154,7 @@ for pam_faillock.
|
|
||||||
auth required pam_faillock.so preauth silent deny=4 unlock_time=1200 {include if "with-faillock"}
|
|
||||||
auth [default=1 ignore=ignore success=ok] pam_succeed_if.so uid >= 1000 quiet
|
|
||||||
auth [default=1 ignore=ignore success=ok] pam_localuser.so
|
|
||||||
- auth sufficient pam_unix.so nullok try_first_pass
|
|
||||||
+ auth sufficient pam_unix.so nullok
|
|
||||||
auth requisite pam_succeed_if.so uid >= 1000 quiet_success
|
|
||||||
auth sufficient pam_sss.so forward_pass
|
|
||||||
auth required pam_faillock.so authfail deny=4 unlock_time=1200 {include if "with-faillock"}
|
|
||||||
@@ -172,7 +172,7 @@ to include both features but only "with-smartcard-required" is necessary.
|
|
||||||
auth required pam_faillock.so preauth silent deny=4 unlock_time=1200 {include if "with-faillock"}
|
|
||||||
auth [default=1 ignore=ignore success=ok] pam_succeed_if.so uid >= 1000 quiet
|
|
||||||
auth [default=1 ignore=ignore success=ok] pam_localuser.so
|
|
||||||
- auth sufficient pam_unix.so nullok try_first_pass
|
|
||||||
+ auth sufficient pam_unix.so nullok
|
|
||||||
auth requisite pam_succeed_if.so uid >= 1000 quiet_success
|
|
||||||
auth sufficient pam_sss.so forward_pass
|
|
||||||
auth required pam_faillock.so authfail deny=4 unlock_time=1200 {include if "with-faillock"}
|
|
||||||
@@ -193,7 +193,7 @@ previous example.
|
|
||||||
auth [default=1 ignore=ignore success=ok] pam_localuser.so {exclude if "with-smartcard"}
|
|
||||||
auth [default=2 ignore=ignore success=ok] pam_localuser.so {include if "with-smartcard"}
|
|
||||||
auth [success=done authinfo_unavail=ignore ignore=ignore default=die] pam_sss.so try_cert_auth {include if "with-smartcard"}
|
|
||||||
- auth sufficient pam_unix.so {if not "without-nullok":nullok} try_first_pass
|
|
||||||
+ auth sufficient pam_unix.so {if not "without-nullok":nullok}
|
|
||||||
auth requisite pam_succeed_if.so uid >= 1000 quiet_success
|
|
||||||
auth sufficient pam_sss.so forward_pass
|
|
||||||
auth required pam_deny.so
|
|
||||||
--
|
|
||||||
2.20.1
|
|
||||||
|
|
@ -1,40 +0,0 @@
|
|||||||
From 3a3d9380eafcf4c53d3733b39dbb45b67dc3a566 Mon Sep 17 00:00:00 2001
|
|
||||||
From: =?UTF-8?q?Pavel=20B=C5=99ezina?= <pbrezina@redhat.com>
|
|
||||||
Date: Tue, 29 Jun 2021 14:04:24 +0200
|
|
||||||
Subject: [PATCH] cli: use gettext on common options
|
|
||||||
|
|
||||||
Also make --debug description the same as in cli_tool_print_common_opts.
|
|
||||||
|
|
||||||
These options are printed when a wrong argument is given on the command line. E.g.
|
|
||||||
authselect select --invalid-arg
|
|
||||||
---
|
|
||||||
src/cli/cli_tool.c | 10 +++++++---
|
|
||||||
1 file changed, 7 insertions(+), 3 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/src/cli/cli_tool.c b/src/cli/cli_tool.c
|
|
||||||
index 3cc6b735eb45bc45afd21907a690b732f6844f3b..64807af3cb0c3aeb70ff652962dca62a3b99c431 100644
|
|
||||||
--- a/src/cli/cli_tool.c
|
|
||||||
+++ b/src/cli/cli_tool.c
|
|
||||||
@@ -87,12 +87,16 @@ static void cli_tool_print_common_opts(int min_len)
|
|
||||||
static struct poptOption *cli_tool_common_opts_table(void)
|
|
||||||
{
|
|
||||||
static struct poptOption options[] = {
|
|
||||||
- {"debug", '\0', POPT_ARG_NONE | POPT_ARGFLAG_STRIP, NULL, 'd', "Print more verbose debugging information", NULL },
|
|
||||||
- {"trace", '\0', POPT_ARG_NONE | POPT_ARGFLAG_STRIP, NULL, 't', "Print trace messages", NULL },
|
|
||||||
- {"warn", '\0', POPT_ARG_NONE | POPT_ARGFLAG_STRIP, NULL, 'w', "Print warning messages", NULL },
|
|
||||||
+ {"debug", '\0', POPT_ARG_NONE | POPT_ARGFLAG_STRIP, NULL, 'd', NULL, NULL },
|
|
||||||
+ {"trace", '\0', POPT_ARG_NONE | POPT_ARGFLAG_STRIP, NULL, 't', NULL, NULL },
|
|
||||||
+ {"warn", '\0', POPT_ARG_NONE | POPT_ARGFLAG_STRIP, NULL, 'w', NULL, NULL },
|
|
||||||
POPT_TABLEEND
|
|
||||||
};
|
|
||||||
|
|
||||||
+ options[0].descrip = _("Print error messages");
|
|
||||||
+ options[1].descrip = _("Print trace messages");
|
|
||||||
+ options[2].descrip = _("Print warning messages");
|
|
||||||
+
|
|
||||||
return options;
|
|
||||||
}
|
|
||||||
|
|
||||||
--
|
|
||||||
2.20.1
|
|
||||||
|
|
File diff suppressed because it is too large
Load Diff
@ -1,17 +1,18 @@
|
|||||||
From 009be0fc33866a590de8720cb0f3dab811e10059 Mon Sep 17 00:00:00 2001
|
From 2f1fea5ec3132f2ced05887ba24d03e134934930 Mon Sep 17 00:00:00 2001
|
||||||
From: =?UTF-8?q?Pavel=20B=C5=99ezina?= <pbrezina@redhat.com>
|
From: =?UTF-8?q?Pavel=20B=C5=99ezina?= <pbrezina@redhat.com>
|
||||||
Date: Tue, 30 Oct 2018 14:08:12 +0100
|
Date: Tue, 30 Oct 2018 14:08:12 +0100
|
||||||
Subject: [PATCH] rhel8: remove mention of Fedora Change page in compat tool
|
Subject: [PATCH 1/3] rhel8: remove mention of Fedora Change page in compat
|
||||||
|
tool
|
||||||
|
|
||||||
---
|
---
|
||||||
src/compat/authcompat.py.in.in | 1 -
|
src/compat/authcompat.py.in.in | 1 -
|
||||||
1 file changed, 1 deletion(-)
|
1 file changed, 1 deletion(-)
|
||||||
|
|
||||||
diff --git a/src/compat/authcompat.py.in.in b/src/compat/authcompat.py.in.in
|
diff --git a/src/compat/authcompat.py.in.in b/src/compat/authcompat.py.in.in
|
||||||
index 0be644222a44185cb08ff696afad5adf05995093..42cc6f3c0e38d8e14d62bd5acdc171176a6cb51f 100755
|
index 1a68d95c71b51beabe80e9b07c084ea9c2f3580d..8334293911d1d4c2d98a6d233b91fc348cf06575 100755
|
||||||
--- a/src/compat/authcompat.py.in.in
|
--- a/src/compat/authcompat.py.in.in
|
||||||
+++ b/src/compat/authcompat.py.in.in
|
+++ b/src/compat/authcompat.py.in.in
|
||||||
@@ -469,7 +469,6 @@ class AuthCompat:
|
@@ -471,7 +471,6 @@ class AuthCompat:
|
||||||
"It does not provide all capabilities of authconfig.\n"))
|
"It does not provide all capabilities of authconfig.\n"))
|
||||||
print(_("IMPORTANT: authconfig is replaced by authselect, "
|
print(_("IMPORTANT: authconfig is replaced by authselect, "
|
||||||
"please update your scripts."))
|
"please update your scripts."))
|
||||||
@ -20,5 +21,5 @@ index 0be644222a44185cb08ff696afad5adf05995093..42cc6f3c0e38d8e14d62bd5acdc17117
|
|||||||
|
|
||||||
options = self.options.getSetButUnsupported()
|
options = self.options.getSetButUnsupported()
|
||||||
--
|
--
|
||||||
2.17.2
|
2.34.1
|
||||||
|
|
||||||
|
@ -1,7 +1,7 @@
|
|||||||
From 8f39d5ebcf18b9d987af5ad851fe1637ce1fce22 Mon Sep 17 00:00:00 2001
|
From bfa639947df40c7d601a459af5f0995c89a67200 Mon Sep 17 00:00:00 2001
|
||||||
From: =?UTF-8?q?Pavel=20B=C5=99ezina?= <pbrezina@redhat.com>
|
From: =?UTF-8?q?Pavel=20B=C5=99ezina?= <pbrezina@redhat.com>
|
||||||
Date: Mon, 10 Jun 2019 10:53:15 +0200
|
Date: Mon, 10 Jun 2019 10:53:15 +0200
|
||||||
Subject: [PATCH] rhel8: remove ecryptfs support
|
Subject: [PATCH 2/3] rhel8: remove ecryptfs support
|
||||||
|
|
||||||
---
|
---
|
||||||
profiles/nis/README | 3 ---
|
profiles/nis/README | 3 ---
|
||||||
@ -26,7 +26,7 @@ Subject: [PATCH] rhel8: remove ecryptfs support
|
|||||||
19 files changed, 3 insertions(+), 36 deletions(-)
|
19 files changed, 3 insertions(+), 36 deletions(-)
|
||||||
|
|
||||||
diff --git a/profiles/nis/README b/profiles/nis/README
|
diff --git a/profiles/nis/README b/profiles/nis/README
|
||||||
index b8453bd357a1cec0d3c1981257271170f029fe8c..8b2cc1baa8a3429039f5bbeb0778113238ef6633 100644
|
index 895e8fa8650c04d41bf8bc8d6e3cda18db9bf814..71e23d61a8c1ea773c98524256a5eaad5a75d197 100644
|
||||||
--- a/profiles/nis/README
|
--- a/profiles/nis/README
|
||||||
+++ b/profiles/nis/README
|
+++ b/profiles/nis/README
|
||||||
@@ -21,9 +21,6 @@ with-mkhomedir::
|
@@ -21,9 +21,6 @@ with-mkhomedir::
|
||||||
@ -40,28 +40,28 @@ index b8453bd357a1cec0d3c1981257271170f029fe8c..8b2cc1baa8a3429039f5bbeb07781132
|
|||||||
Enable authentication with fingerprint reader through *pam_fprintd*.
|
Enable authentication with fingerprint reader through *pam_fprintd*.
|
||||||
|
|
||||||
diff --git a/profiles/nis/fingerprint-auth b/profiles/nis/fingerprint-auth
|
diff --git a/profiles/nis/fingerprint-auth b/profiles/nis/fingerprint-auth
|
||||||
index 278487b2a0f9ce103afebb0809ffffa2cfbbba7e..8d6bc3fe8ada7305280503bfa350cd78723c988a 100644
|
index 3a2609df4ca29cdfcbff84b37576bb7b840d72b2..0b2f583a2fcf164647f7de387e9be2982bdf36cb 100644
|
||||||
--- a/profiles/nis/fingerprint-auth
|
--- a/profiles/nis/fingerprint-auth
|
||||||
+++ b/profiles/nis/fingerprint-auth
|
+++ b/profiles/nis/fingerprint-auth
|
||||||
@@ -16,7 +16,6 @@ password required pam_deny.so
|
@@ -15,7 +15,6 @@ password required pam_deny.so
|
||||||
|
|
||||||
session optional pam_keyinit.so revoke
|
session optional pam_keyinit.so revoke
|
||||||
session required pam_limits.so
|
session required pam_limits.so
|
||||||
-session optional pam_ecryptfs.so unwrap {include if "with-ecryptfs"}
|
-session optional pam_ecryptfs.so unwrap {include if "with-ecryptfs"}
|
||||||
-session optional pam_systemd.so
|
-session optional pam_systemd.so
|
||||||
session optional pam_oddjob_mkhomedir.so umask=0077 {include if "with-mkhomedir"}
|
session optional pam_oddjob_mkhomedir.so {include if "with-mkhomedir"}
|
||||||
session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid
|
session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid
|
||||||
diff --git a/profiles/nis/password-auth b/profiles/nis/password-auth
|
diff --git a/profiles/nis/password-auth b/profiles/nis/password-auth
|
||||||
index 2ce77fded674684987849b027debe2b17a7bac94..46786cc8c2c90a2be98d71684b9286c37ff5b678 100644
|
index f181a58ab7792c7e1a4234e677cbb7e3d0a6548d..79fb521eb5dff4978203166491b185887d1ec744 100644
|
||||||
--- a/profiles/nis/password-auth
|
--- a/profiles/nis/password-auth
|
||||||
+++ b/profiles/nis/password-auth
|
+++ b/profiles/nis/password-auth
|
||||||
@@ -21,7 +21,6 @@ password required pam_deny.so
|
@@ -18,7 +18,6 @@ password required pam_deny.so
|
||||||
|
|
||||||
session optional pam_keyinit.so revoke
|
session optional pam_keyinit.so revoke
|
||||||
session required pam_limits.so
|
session required pam_limits.so
|
||||||
-session optional pam_ecryptfs.so unwrap {include if "with-ecryptfs"}
|
-session optional pam_ecryptfs.so unwrap {include if "with-ecryptfs"}
|
||||||
-session optional pam_systemd.so
|
-session optional pam_systemd.so
|
||||||
session optional pam_oddjob_mkhomedir.so umask=0077 {include if "with-mkhomedir"}
|
session optional pam_oddjob_mkhomedir.so {include if "with-mkhomedir"}
|
||||||
session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid
|
session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid
|
||||||
diff --git a/profiles/nis/postlogin b/profiles/nis/postlogin
|
diff --git a/profiles/nis/postlogin b/profiles/nis/postlogin
|
||||||
index 137cd00dc65ee9ea83123f1d3a6f7ba04f0aea04..04a11f049bc1e220c9064fba7b46eb243ddd4996 100644
|
index 137cd00dc65ee9ea83123f1d3a6f7ba04f0aea04..04a11f049bc1e220c9064fba7b46eb243ddd4996 100644
|
||||||
@ -76,19 +76,19 @@ index 137cd00dc65ee9ea83123f1d3a6f7ba04f0aea04..04a11f049bc1e220c9064fba7b46eb24
|
|||||||
session [success=1 default=ignore] pam_succeed_if.so service !~ gdm* service !~ su* quiet
|
session [success=1 default=ignore] pam_succeed_if.so service !~ gdm* service !~ su* quiet
|
||||||
session [default=1] pam_lastlog.so nowtmp {if "with-silent-lastlog":silent|showfailed}
|
session [default=1] pam_lastlog.so nowtmp {if "with-silent-lastlog":silent|showfailed}
|
||||||
diff --git a/profiles/nis/system-auth b/profiles/nis/system-auth
|
diff --git a/profiles/nis/system-auth b/profiles/nis/system-auth
|
||||||
index d1f270a9e6f0ded1ff2d9c24fcd78c31e7a6debe..25148b060ecd0b52868386abf14ca5a9fd8fdfc3 100644
|
index bc3f402435aafb5294dbae94096b184af51cf914..38c10c1afcf936c1d24d8edef941ae849d1186fc 100644
|
||||||
--- a/profiles/nis/system-auth
|
--- a/profiles/nis/system-auth
|
||||||
+++ b/profiles/nis/system-auth
|
+++ b/profiles/nis/system-auth
|
||||||
@@ -22,7 +22,6 @@ password required pam_deny.so
|
@@ -19,7 +19,6 @@ password required pam_deny.so
|
||||||
|
|
||||||
session optional pam_keyinit.so revoke
|
session optional pam_keyinit.so revoke
|
||||||
session required pam_limits.so
|
session required pam_limits.so
|
||||||
-session optional pam_ecryptfs.so unwrap {include if "with-ecryptfs"}
|
-session optional pam_ecryptfs.so unwrap {include if "with-ecryptfs"}
|
||||||
-session optional pam_systemd.so
|
-session optional pam_systemd.so
|
||||||
session optional pam_oddjob_mkhomedir.so umask=0077 {include if "with-mkhomedir"}
|
session optional pam_oddjob_mkhomedir.so {include if "with-mkhomedir"}
|
||||||
session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid
|
session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid
|
||||||
diff --git a/profiles/sssd/README b/profiles/sssd/README
|
diff --git a/profiles/sssd/README b/profiles/sssd/README
|
||||||
index a2b52b7d4178bfaca260d31267dac396b514e656..b007621a4abd6423605507af5b03131c58a44f29 100644
|
index 61d5aedf65b2351cf23cea0a6b6b0932e32f0e48..ab9af237442089ded86b63942dd856397108ccf0 100644
|
||||||
--- a/profiles/sssd/README
|
--- a/profiles/sssd/README
|
||||||
+++ b/profiles/sssd/README
|
+++ b/profiles/sssd/README
|
||||||
@@ -40,9 +40,6 @@ with-mkhomedir::
|
@@ -40,9 +40,6 @@ with-mkhomedir::
|
||||||
@ -102,28 +102,28 @@ index a2b52b7d4178bfaca260d31267dac396b514e656..b007621a4abd6423605507af5b03131c
|
|||||||
Enable authentication with smartcards through SSSD. Please note that
|
Enable authentication with smartcards through SSSD. Please note that
|
||||||
smartcard support must be also explicitly enabled within
|
smartcard support must be also explicitly enabled within
|
||||||
diff --git a/profiles/sssd/fingerprint-auth b/profiles/sssd/fingerprint-auth
|
diff --git a/profiles/sssd/fingerprint-auth b/profiles/sssd/fingerprint-auth
|
||||||
index 01b70f3533149d00700859f3e0a1c3f2abb33a8a..b9bbc63d96e1d982a54b537402fed5e2201ce533 100644
|
index 20ad3613e66ec85c7d2462d0449854e522383b3a..dc7befe7a4839a1ae5a4d21f4e5232126df55564 100644
|
||||||
--- a/profiles/sssd/fingerprint-auth
|
--- a/profiles/sssd/fingerprint-auth
|
||||||
+++ b/profiles/sssd/fingerprint-auth
|
+++ b/profiles/sssd/fingerprint-auth
|
||||||
@@ -18,7 +18,6 @@ password required pam_deny.so
|
@@ -20,7 +20,6 @@ password required pam_deny.so
|
||||||
|
|
||||||
session optional pam_keyinit.so revoke
|
session optional pam_keyinit.so revoke
|
||||||
session required pam_limits.so
|
session required pam_limits.so
|
||||||
-session optional pam_ecryptfs.so unwrap {include if "with-ecryptfs"}
|
-session optional pam_ecryptfs.so unwrap {include if "with-ecryptfs"}
|
||||||
-session optional pam_systemd.so
|
-session optional pam_systemd.so
|
||||||
session optional pam_oddjob_mkhomedir.so umask=0077 {include if "with-mkhomedir"}
|
session optional pam_oddjob_mkhomedir.so {include if "with-mkhomedir"}
|
||||||
session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid
|
session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid
|
||||||
diff --git a/profiles/sssd/password-auth b/profiles/sssd/password-auth
|
diff --git a/profiles/sssd/password-auth b/profiles/sssd/password-auth
|
||||||
index c61630d5a71772c61cbdcce00bb5b64a83e87d8e..fe2e3a4bf68fb53e46af56577c9d67c7eabf2fff 100644
|
index 3e33dcc09f68055f2f87709e638005929bd577b3..858c6db357d07dc554806f4807f9b0858a649f44 100644
|
||||||
--- a/profiles/sssd/password-auth
|
--- a/profiles/sssd/password-auth
|
||||||
+++ b/profiles/sssd/password-auth
|
+++ b/profiles/sssd/password-auth
|
||||||
@@ -27,7 +27,6 @@ password required pam_deny.so
|
@@ -28,7 +28,6 @@ password required pam_deny.so
|
||||||
|
|
||||||
session optional pam_keyinit.so revoke
|
session optional pam_keyinit.so revoke
|
||||||
session required pam_limits.so
|
session required pam_limits.so
|
||||||
-session optional pam_ecryptfs.so unwrap {include if "with-ecryptfs"}
|
-session optional pam_ecryptfs.so unwrap {include if "with-ecryptfs"}
|
||||||
-session optional pam_systemd.so
|
-session optional pam_systemd.so
|
||||||
session optional pam_oddjob_mkhomedir.so umask=0077 {include if "with-mkhomedir"}
|
session optional pam_oddjob_mkhomedir.so {include if "with-mkhomedir"}
|
||||||
session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid
|
session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid
|
||||||
diff --git a/profiles/sssd/postlogin b/profiles/sssd/postlogin
|
diff --git a/profiles/sssd/postlogin b/profiles/sssd/postlogin
|
||||||
index 137cd00dc65ee9ea83123f1d3a6f7ba04f0aea04..04a11f049bc1e220c9064fba7b46eb243ddd4996 100644
|
index 137cd00dc65ee9ea83123f1d3a6f7ba04f0aea04..04a11f049bc1e220c9064fba7b46eb243ddd4996 100644
|
||||||
@ -138,31 +138,31 @@ index 137cd00dc65ee9ea83123f1d3a6f7ba04f0aea04..04a11f049bc1e220c9064fba7b46eb24
|
|||||||
session [success=1 default=ignore] pam_succeed_if.so service !~ gdm* service !~ su* quiet
|
session [success=1 default=ignore] pam_succeed_if.so service !~ gdm* service !~ su* quiet
|
||||||
session [default=1] pam_lastlog.so nowtmp {if "with-silent-lastlog":silent|showfailed}
|
session [default=1] pam_lastlog.so nowtmp {if "with-silent-lastlog":silent|showfailed}
|
||||||
diff --git a/profiles/sssd/smartcard-auth b/profiles/sssd/smartcard-auth
|
diff --git a/profiles/sssd/smartcard-auth b/profiles/sssd/smartcard-auth
|
||||||
index a47f44389d89797b2404ce44a78c2bc8a936225d..a15a033f58b766074ccc6a271f146341ff62f2e4 100644
|
index 0d8bcab250633b09bce0232a5747f3a7e740d5d7..754847f2d8885ff35cbc57ec2364d82b963caa3b 100644
|
||||||
--- a/profiles/sssd/smartcard-auth
|
--- a/profiles/sssd/smartcard-auth
|
||||||
+++ b/profiles/sssd/smartcard-auth
|
+++ b/profiles/sssd/smartcard-auth
|
||||||
@@ -16,7 +16,6 @@ account required pam_permit.so
|
@@ -18,7 +18,6 @@ account required pam_permit.so
|
||||||
|
|
||||||
session optional pam_keyinit.so revoke
|
session optional pam_keyinit.so revoke
|
||||||
session required pam_limits.so
|
session required pam_limits.so
|
||||||
-session optional pam_ecryptfs.so unwrap {include if "with-ecryptfs"}
|
-session optional pam_ecryptfs.so unwrap {include if "with-ecryptfs"}
|
||||||
-session optional pam_systemd.so
|
-session optional pam_systemd.so
|
||||||
session optional pam_oddjob_mkhomedir.so umask=0077 {include if "with-mkhomedir"}
|
session optional pam_oddjob_mkhomedir.so {include if "with-mkhomedir"}
|
||||||
session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid
|
session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid
|
||||||
diff --git a/profiles/sssd/system-auth b/profiles/sssd/system-auth
|
diff --git a/profiles/sssd/system-auth b/profiles/sssd/system-auth
|
||||||
index 0c53fc0c326a6ab9b9720c3c0de4f7377431f689..788c92ba27f9b0febdbe00f265bc75e754aca8df 100644
|
index a43341120f55bad3fb07dfea1c04453d0a278329..88c49e2dd5b60847d1d19154622a8614a21e5e1f 100644
|
||||||
--- a/profiles/sssd/system-auth
|
--- a/profiles/sssd/system-auth
|
||||||
+++ b/profiles/sssd/system-auth
|
+++ b/profiles/sssd/system-auth
|
||||||
@@ -32,7 +32,6 @@ password required pam_deny.so
|
@@ -35,7 +35,6 @@ password required pam_deny.so
|
||||||
|
|
||||||
session optional pam_keyinit.so revoke
|
session optional pam_keyinit.so revoke
|
||||||
session required pam_limits.so
|
session required pam_limits.so
|
||||||
-session optional pam_ecryptfs.so unwrap {include if "with-ecryptfs"}
|
-session optional pam_ecryptfs.so unwrap {include if "with-ecryptfs"}
|
||||||
-session optional pam_systemd.so
|
-session optional pam_systemd.so
|
||||||
session optional pam_oddjob_mkhomedir.so umask=0077 {include if "with-mkhomedir"}
|
session optional pam_oddjob_mkhomedir.so {include if "with-mkhomedir"}
|
||||||
session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid
|
session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid
|
||||||
diff --git a/profiles/winbind/README b/profiles/winbind/README
|
diff --git a/profiles/winbind/README b/profiles/winbind/README
|
||||||
index e711b546c51fbe1ccf30b203cb854398d5e95caa..72f55e640c04bd539bef979da71d6d9ee0a2fd72 100644
|
index 0048c29256f5d4064edfb84a2f4b761fd09e90f6..6f7a7cab1efc768c4c82791d6a8f00def1771d37 100644
|
||||||
--- a/profiles/winbind/README
|
--- a/profiles/winbind/README
|
||||||
+++ b/profiles/winbind/README
|
+++ b/profiles/winbind/README
|
||||||
@@ -33,9 +33,6 @@ with-mkhomedir::
|
@@ -33,9 +33,6 @@ with-mkhomedir::
|
||||||
@ -176,28 +176,28 @@ index e711b546c51fbe1ccf30b203cb854398d5e95caa..72f55e640c04bd539bef979da71d6d9e
|
|||||||
Enable authentication with fingerprint reader through *pam_fprintd*.
|
Enable authentication with fingerprint reader through *pam_fprintd*.
|
||||||
|
|
||||||
diff --git a/profiles/winbind/fingerprint-auth b/profiles/winbind/fingerprint-auth
|
diff --git a/profiles/winbind/fingerprint-auth b/profiles/winbind/fingerprint-auth
|
||||||
index 0beff74eba83f12c4ad5a6147a6194608cd047e3..cdc61a1e9ff2ff8d58b58a076f001933092d0a90 100644
|
index e8997c6c78ce7305fa7068fb169c05c68167880d..c5485ab848989a252e4ff4b1376a41202d21fd67 100644
|
||||||
--- a/profiles/winbind/fingerprint-auth
|
--- a/profiles/winbind/fingerprint-auth
|
||||||
+++ b/profiles/winbind/fingerprint-auth
|
+++ b/profiles/winbind/fingerprint-auth
|
||||||
@@ -17,7 +17,6 @@ password required pam_deny.so
|
@@ -19,7 +19,6 @@ password required pam_deny.so
|
||||||
|
|
||||||
session optional pam_keyinit.so revoke
|
session optional pam_keyinit.so revoke
|
||||||
session required pam_limits.so
|
session required pam_limits.so
|
||||||
-session optional pam_ecryptfs.so unwrap {include if "with-ecryptfs"}
|
-session optional pam_ecryptfs.so unwrap {include if "with-ecryptfs"}
|
||||||
-session optional pam_systemd.so
|
-session optional pam_systemd.so
|
||||||
session optional pam_oddjob_mkhomedir.so umask=0077 {include if "with-mkhomedir"}
|
session optional pam_oddjob_mkhomedir.so {include if "with-mkhomedir"}
|
||||||
session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid
|
session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid
|
||||||
diff --git a/profiles/winbind/password-auth b/profiles/winbind/password-auth
|
diff --git a/profiles/winbind/password-auth b/profiles/winbind/password-auth
|
||||||
index 455add4c0c6aa2fecc850dc2b315998c6b4c4fb5..d60fb34c1c9a4f49f68b5c036a72127996bff9be 100644
|
index 58705f3b15165c8d8bd4938889e3fb4d89c1a528..e84e2fcbb2bad9af6156e6e6db23f089f2b5d210 100644
|
||||||
--- a/profiles/winbind/password-auth
|
--- a/profiles/winbind/password-auth
|
||||||
+++ b/profiles/winbind/password-auth
|
+++ b/profiles/winbind/password-auth
|
||||||
@@ -24,7 +24,6 @@ password required pam_deny.so
|
@@ -25,7 +25,6 @@ password required pam_deny.so
|
||||||
|
|
||||||
session optional pam_keyinit.so revoke
|
session optional pam_keyinit.so revoke
|
||||||
session required pam_limits.so
|
session required pam_limits.so
|
||||||
-session optional pam_ecryptfs.so unwrap {include if "with-ecryptfs"}
|
-session optional pam_ecryptfs.so unwrap {include if "with-ecryptfs"}
|
||||||
-session optional pam_systemd.so
|
-session optional pam_systemd.so
|
||||||
session optional pam_oddjob_mkhomedir.so umask=0077 {include if "with-mkhomedir"}
|
session optional pam_oddjob_mkhomedir.so {include if "with-mkhomedir"}
|
||||||
session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid
|
session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid
|
||||||
diff --git a/profiles/winbind/postlogin b/profiles/winbind/postlogin
|
diff --git a/profiles/winbind/postlogin b/profiles/winbind/postlogin
|
||||||
index 137cd00dc65ee9ea83123f1d3a6f7ba04f0aea04..04a11f049bc1e220c9064fba7b46eb243ddd4996 100644
|
index 137cd00dc65ee9ea83123f1d3a6f7ba04f0aea04..04a11f049bc1e220c9064fba7b46eb243ddd4996 100644
|
||||||
@ -212,51 +212,51 @@ index 137cd00dc65ee9ea83123f1d3a6f7ba04f0aea04..04a11f049bc1e220c9064fba7b46eb24
|
|||||||
session [success=1 default=ignore] pam_succeed_if.so service !~ gdm* service !~ su* quiet
|
session [success=1 default=ignore] pam_succeed_if.so service !~ gdm* service !~ su* quiet
|
||||||
session [default=1] pam_lastlog.so nowtmp {if "with-silent-lastlog":silent|showfailed}
|
session [default=1] pam_lastlog.so nowtmp {if "with-silent-lastlog":silent|showfailed}
|
||||||
diff --git a/profiles/winbind/system-auth b/profiles/winbind/system-auth
|
diff --git a/profiles/winbind/system-auth b/profiles/winbind/system-auth
|
||||||
index 5b383f70df6f03f59c6ab3b1dd5686382745b978..c169d7f3b75893ba61d60e085ef86bb658debf5b 100644
|
index 994c342441a0ed2738765a9fa7f6cc84f692d1d8..b5c5cfaa964a31b1cd8ac4cb62998c0a0a53a03e 100644
|
||||||
--- a/profiles/winbind/system-auth
|
--- a/profiles/winbind/system-auth
|
||||||
+++ b/profiles/winbind/system-auth
|
+++ b/profiles/winbind/system-auth
|
||||||
@@ -25,7 +25,6 @@ password required pam_deny.so
|
@@ -26,7 +26,6 @@ password required pam_deny.so
|
||||||
|
|
||||||
session optional pam_keyinit.so revoke
|
session optional pam_keyinit.so revoke
|
||||||
session required pam_limits.so
|
session required pam_limits.so
|
||||||
-session optional pam_ecryptfs.so unwrap {include if "with-ecryptfs"}
|
-session optional pam_ecryptfs.so unwrap {include if "with-ecryptfs"}
|
||||||
-session optional pam_systemd.so
|
-session optional pam_systemd.so
|
||||||
session optional pam_oddjob_mkhomedir.so umask=0077 {include if "with-mkhomedir"}
|
session optional pam_oddjob_mkhomedir.so {include if "with-mkhomedir"}
|
||||||
session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid
|
session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid
|
||||||
diff --git a/src/compat/authcompat.py.in.in b/src/compat/authcompat.py.in.in
|
diff --git a/src/compat/authcompat.py.in.in b/src/compat/authcompat.py.in.in
|
||||||
index e4b8c05c6a11a215529ba66f8b36b72a6ac18448..4e39b7ec66d0e2ba911c7280467ba78fd29c196c 100755
|
index 8334293911d1d4c2d98a6d233b91fc348cf06575..55e205bae2c0b1f7892f8b286c288dfeaa26a60d 100755
|
||||||
--- a/src/compat/authcompat.py.in.in
|
--- a/src/compat/authcompat.py.in.in
|
||||||
+++ b/src/compat/authcompat.py.in.in
|
+++ b/src/compat/authcompat.py.in.in
|
||||||
@@ -520,7 +520,6 @@ class AuthCompat:
|
@@ -523,7 +523,6 @@ class AuthCompat:
|
||||||
'smartcard' : 'with-smartcard',
|
'smartcard': 'with-smartcard',
|
||||||
'requiresmartcard' : 'with-smartcard-required',
|
'requiresmartcard': 'with-smartcard-required',
|
||||||
'fingerprint' : 'with-fingerprint',
|
'fingerprint': 'with-fingerprint',
|
||||||
- 'ecryptfs' : 'with-ecryptfs',
|
- 'ecryptfs': 'with-ecryptfs',
|
||||||
'mkhomedir' : 'with-mkhomedir',
|
'mkhomedir': 'with-mkhomedir',
|
||||||
'faillock' : 'with-faillock',
|
'faillock': 'with-faillock',
|
||||||
'pamaccess' : 'with-pamaccess',
|
'pamaccess': 'with-pamaccess',
|
||||||
diff --git a/src/compat/authcompat_Options.py b/src/compat/authcompat_Options.py
|
diff --git a/src/compat/authcompat_Options.py b/src/compat/authcompat_Options.py
|
||||||
index c8f52ab6773c4cd5371f32121dba8053f3443261..433a3340bac29739174e78928701214c08ec6f3c 100644
|
index d26dedabdfb9519861076b58cddd0dd0eb04b7cb..5c8b21b55014198d6d9dfc98bd807c3c922b06f4 100644
|
||||||
--- a/src/compat/authcompat_Options.py
|
--- a/src/compat/authcompat_Options.py
|
||||||
+++ b/src/compat/authcompat_Options.py
|
+++ b/src/compat/authcompat_Options.py
|
||||||
@@ -93,7 +93,6 @@ class Options:
|
@@ -93,7 +93,6 @@ class Options:
|
||||||
Option.Valued ("smartcardaction", _("<0=Lock|1=Ignore>"), _("action to be taken on smart card removal")),
|
Option.Valued("smartcardaction", _("<0=Lock|1=Ignore>"), _("action to be taken on smart card removal")),
|
||||||
Option.Feature("requiresmartcard",_("require smart card for authentication by default")),
|
Option.Feature("requiresmartcard", _("require smart card for authentication by default")),
|
||||||
Option.Feature("fingerprint", _("authentication with fingerprint readers by default")),
|
Option.Feature("fingerprint", _("authentication with fingerprint readers by default")),
|
||||||
- Option.Feature("ecryptfs", _("automatic per-user ecryptfs")),
|
- Option.Feature("ecryptfs", _("automatic per-user ecryptfs")),
|
||||||
Option.Feature("krb5", _("Kerberos authentication by default")),
|
Option.Feature("krb5", _("Kerberos authentication by default")),
|
||||||
Option.Valued ("krb5kdc", _("<server>"), _("default Kerberos KDC")),
|
Option.Valued("krb5kdc", _("<server>"), _("default Kerberos KDC")),
|
||||||
Option.Valued ("krb5adminserver", _("<server>"), _("default Kerberos admin server")),
|
Option.Valued("krb5adminserver", _("<server>"), _("default Kerberos admin server")),
|
||||||
@@ -141,6 +140,7 @@ class Options:
|
@@ -141,6 +140,7 @@ class Options:
|
||||||
# layers and will produce warning when used. They will not affect
|
# layers and will produce warning when used. They will not affect
|
||||||
# the system.
|
# the system.
|
||||||
Option.UnsupportedFeature("cache"),
|
Option.UnsupportedFeature("cache"),
|
||||||
+ Option.UnsupportedFeature("ecryptfs"),
|
+ Option.UnsupportedFeature("ecryptfs"),
|
||||||
Option.UnsupportedFeature("shadow"),
|
Option.UnsupportedFeature("shadow"),
|
||||||
Option.UnsupportedSwitch ("useshadow"),
|
Option.UnsupportedSwitch("useshadow"),
|
||||||
Option.UnsupportedFeature("md5"),
|
Option.UnsupportedFeature("md5"),
|
||||||
diff --git a/src/man/authselect-migration.7.adoc b/src/man/authselect-migration.7.adoc
|
diff --git a/src/man/authselect-migration.7.adoc b/src/man/authselect-migration.7.adoc
|
||||||
index 35ba484d576ab8a3d923a124f6b1577085deedd4..a27af036738274d8d392f7fe1f7d59c89e9c4ffb 100644
|
index 3513a7e7cd3d7cc0045167e8224248c5be90ab2c..888cd4e5a0750d4e1aa5898887f5f7fd42472741 100644
|
||||||
--- a/src/man/authselect-migration.7.adoc
|
--- a/src/man/authselect-migration.7.adoc
|
||||||
+++ b/src/man/authselect-migration.7.adoc
|
+++ b/src/man/authselect-migration.7.adoc
|
||||||
@@ -80,7 +80,6 @@ configuration file for required services.
|
@@ -80,7 +80,6 @@ configuration file for required services.
|
||||||
@ -267,7 +267,7 @@ index 35ba484d576ab8a3d923a124f6b1577085deedd4..a27af036738274d8d392f7fe1f7d59c8
|
|||||||
|--enablemkhomedir |with-mkhomedir
|
|--enablemkhomedir |with-mkhomedir
|
||||||
|--enablefaillock |with-faillock
|
|--enablefaillock |with-faillock
|
||||||
|--enablepamaccess |with-pamaccess
|
|--enablepamaccess |with-pamaccess
|
||||||
@@ -95,8 +94,8 @@ authselect select sssd with-faillock
|
@@ -103,8 +102,8 @@ authselect select sssd with-faillock
|
||||||
authconfig --enablesssd --enablesssdauth --enablesmartcard --smartcardmodule=sssd --updateall
|
authconfig --enablesssd --enablesssdauth --enablesmartcard --smartcardmodule=sssd --updateall
|
||||||
authselect select sssd with-smartcard
|
authselect select sssd with-smartcard
|
||||||
|
|
||||||
@ -279,5 +279,5 @@ index 35ba484d576ab8a3d923a124f6b1577085deedd4..a27af036738274d8d392f7fe1f7d59c8
|
|||||||
authconfig --enablewinbind --enablewinbindauth --winbindjoin=Administrator --updateall
|
authconfig --enablewinbind --enablewinbindauth --winbindjoin=Administrator --updateall
|
||||||
realm join -U Administrator --client-software=winbind WINBINDDOMAIN
|
realm join -U Administrator --client-software=winbind WINBINDDOMAIN
|
||||||
--
|
--
|
||||||
2.20.1
|
2.34.1
|
||||||
|
|
||||||
|
@ -1,7 +1,7 @@
|
|||||||
From f2eaf5548f32cb4db51aa5002ad964a975310d5e Mon Sep 17 00:00:00 2001
|
From 9009c94f3abf85954ffc04c354c6eaff715b4512 Mon Sep 17 00:00:00 2001
|
||||||
From: =?UTF-8?q?Pavel=20B=C5=99ezina?= <pbrezina@redhat.com>
|
From: =?UTF-8?q?Pavel=20B=C5=99ezina?= <pbrezina@redhat.com>
|
||||||
Date: Wed, 25 Nov 2020 14:05:00 +0100
|
Date: Wed, 25 Nov 2020 14:05:00 +0100
|
||||||
Subject: [PATCH] rhel8: Revert "profiles: add support for resolved"
|
Subject: [PATCH 3/3] rhel8: Revert "profiles: add support for resolved"
|
||||||
|
|
||||||
systemd-resolved should not be enabled by default on rhel8.
|
systemd-resolved should not be enabled by default on rhel8.
|
||||||
|
|
||||||
@ -38,5 +38,5 @@ index 50a3ffb7431a91b88b4bfef4c09df19310fac7e7..9bee7d839f84ff39d54cb6ead9dea38e
|
|||||||
netgroup: files nis {exclude if "with-custom-netgroup"}
|
netgroup: files nis {exclude if "with-custom-netgroup"}
|
||||||
networks: files nis {exclude if "with-custom-networks"}
|
networks: files nis {exclude if "with-custom-networks"}
|
||||||
--
|
--
|
||||||
2.25.4
|
2.34.1
|
||||||
|
|
||||||
|
@ -2,8 +2,8 @@
|
|||||||
%define _empty_manifest_terminate_build 0
|
%define _empty_manifest_terminate_build 0
|
||||||
|
|
||||||
Name: authselect
|
Name: authselect
|
||||||
Version: 1.2.2
|
Version: 1.2.5
|
||||||
Release: 3%{?dist}
|
Release: 1%{?dist}
|
||||||
Summary: Configures authentication and identity sources from supported profiles
|
Summary: Configures authentication and identity sources from supported profiles
|
||||||
URL: https://github.com/authselect/authselect
|
URL: https://github.com/authselect/authselect
|
||||||
|
|
||||||
@ -12,10 +12,6 @@ Source0: %{url}/archive/%{version}/%{name}-%{version}.tar.gz
|
|||||||
|
|
||||||
%global makedir %{_builddir}/%{name}-%{version}
|
%global makedir %{_builddir}/%{name}-%{version}
|
||||||
|
|
||||||
Patch0001: 0001-profiles-try_first_pass-has-no-effect-on-pam_unix-an.patch
|
|
||||||
Patch0002: 0002-cli-use-gettext-on-common-options.patch
|
|
||||||
Patch0003: 0003-po-update-translations.patch
|
|
||||||
|
|
||||||
# Downstream only
|
# Downstream only
|
||||||
Patch0901: 0901-rhel8-remove-mention-of-Fedora-Change-page-in-compat.patch
|
Patch0901: 0901-rhel8-remove-mention-of-Fedora-Change-page-in-compat.patch
|
||||||
Patch0902: 0902-rhel8-remove-ecryptfs-support.patch
|
Patch0902: 0902-rhel8-remove-ecryptfs-support.patch
|
||||||
@ -34,6 +30,7 @@ BuildRequires: po4a
|
|||||||
BuildRequires: %{_bindir}/a2x
|
BuildRequires: %{_bindir}/a2x
|
||||||
BuildRequires: libcmocka-devel >= 1.0.0
|
BuildRequires: libcmocka-devel >= 1.0.0
|
||||||
BuildRequires: libselinux-devel
|
BuildRequires: libselinux-devel
|
||||||
|
BuildRequires: python3-devel
|
||||||
Requires: authselect-libs%{?_isa} = %{version}-%{release}
|
Requires: authselect-libs%{?_isa} = %{version}-%{release}
|
||||||
Suggests: sssd
|
Suggests: sssd
|
||||||
Suggests: samba-winbind
|
Suggests: samba-winbind
|
||||||
@ -68,7 +65,6 @@ command line tool and any other potential front-ends.
|
|||||||
Summary: Tool to provide minimum backwards compatibility with authconfig
|
Summary: Tool to provide minimum backwards compatibility with authconfig
|
||||||
Obsoletes: authconfig < 7.0.1-6
|
Obsoletes: authconfig < 7.0.1-6
|
||||||
Provides: authconfig
|
Provides: authconfig
|
||||||
BuildRequires: python3-devel
|
|
||||||
Requires: authselect%{?_isa} = %{version}-%{release}
|
Requires: authselect%{?_isa} = %{version}-%{release}
|
||||||
Recommends: oddjob-mkhomedir
|
Recommends: oddjob-mkhomedir
|
||||||
Suggests: sssd
|
Suggests: sssd
|
||||||
@ -101,7 +97,7 @@ done
|
|||||||
|
|
||||||
%build
|
%build
|
||||||
autoreconf -if
|
autoreconf -if
|
||||||
%configure --with-pythonbin="%{__python3}"
|
%configure --with-pythonbin="%{__python3}" --with-compat
|
||||||
%make_build
|
%make_build
|
||||||
|
|
||||||
%check
|
%check
|
||||||
@ -156,11 +152,15 @@ find $RPM_BUILD_ROOT -name "*.a" -exec %__rm -f {} \;
|
|||||||
%dir %{_datadir}/authselect/default/nis/
|
%dir %{_datadir}/authselect/default/nis/
|
||||||
%dir %{_datadir}/authselect/default/sssd/
|
%dir %{_datadir}/authselect/default/sssd/
|
||||||
%dir %{_datadir}/authselect/default/winbind/
|
%dir %{_datadir}/authselect/default/winbind/
|
||||||
|
%{_datadir}/authselect/default/minimal/dconf-db
|
||||||
|
%{_datadir}/authselect/default/minimal/dconf-locks
|
||||||
|
%{_datadir}/authselect/default/minimal/fingerprint-auth
|
||||||
%{_datadir}/authselect/default/minimal/nsswitch.conf
|
%{_datadir}/authselect/default/minimal/nsswitch.conf
|
||||||
%{_datadir}/authselect/default/minimal/password-auth
|
%{_datadir}/authselect/default/minimal/password-auth
|
||||||
%{_datadir}/authselect/default/minimal/postlogin
|
%{_datadir}/authselect/default/minimal/postlogin
|
||||||
%{_datadir}/authselect/default/minimal/README
|
%{_datadir}/authselect/default/minimal/README
|
||||||
%{_datadir}/authselect/default/minimal/REQUIREMENTS
|
%{_datadir}/authselect/default/minimal/REQUIREMENTS
|
||||||
|
%{_datadir}/authselect/default/minimal/smartcard-auth
|
||||||
%{_datadir}/authselect/default/minimal/system-auth
|
%{_datadir}/authselect/default/minimal/system-auth
|
||||||
%{_datadir}/authselect/default/nis/dconf-db
|
%{_datadir}/authselect/default/nis/dconf-db
|
||||||
%{_datadir}/authselect/default/nis/dconf-locks
|
%{_datadir}/authselect/default/nis/dconf-locks
|
||||||
@ -170,6 +170,7 @@ find $RPM_BUILD_ROOT -name "*.a" -exec %__rm -f {} \;
|
|||||||
%{_datadir}/authselect/default/nis/postlogin
|
%{_datadir}/authselect/default/nis/postlogin
|
||||||
%{_datadir}/authselect/default/nis/README
|
%{_datadir}/authselect/default/nis/README
|
||||||
%{_datadir}/authselect/default/nis/REQUIREMENTS
|
%{_datadir}/authselect/default/nis/REQUIREMENTS
|
||||||
|
%{_datadir}/authselect/default/nis/smartcard-auth
|
||||||
%{_datadir}/authselect/default/nis/system-auth
|
%{_datadir}/authselect/default/nis/system-auth
|
||||||
%{_datadir}/authselect/default/sssd/dconf-db
|
%{_datadir}/authselect/default/sssd/dconf-db
|
||||||
%{_datadir}/authselect/default/sssd/dconf-locks
|
%{_datadir}/authselect/default/sssd/dconf-locks
|
||||||
@ -189,6 +190,7 @@ find $RPM_BUILD_ROOT -name "*.a" -exec %__rm -f {} \;
|
|||||||
%{_datadir}/authselect/default/winbind/postlogin
|
%{_datadir}/authselect/default/winbind/postlogin
|
||||||
%{_datadir}/authselect/default/winbind/README
|
%{_datadir}/authselect/default/winbind/README
|
||||||
%{_datadir}/authselect/default/winbind/REQUIREMENTS
|
%{_datadir}/authselect/default/winbind/REQUIREMENTS
|
||||||
|
%{_datadir}/authselect/default/winbind/smartcard-auth
|
||||||
%{_datadir}/authselect/default/winbind/system-auth
|
%{_datadir}/authselect/default/winbind/system-auth
|
||||||
%{_libdir}/libauthselect.so.*
|
%{_libdir}/libauthselect.so.*
|
||||||
%{_mandir}/man5/authselect-profiles.5*
|
%{_mandir}/man5/authselect-profiles.5*
|
||||||
@ -290,6 +292,12 @@ exit 0
|
|||||||
exit 0
|
exit 0
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Thu May 5 2022 Pavel Březina <pbrezina@redhat.com> - 1.2.5-1
|
||||||
|
- Rebase to 1.2.5 (RHBZ #2080238)
|
||||||
|
- sssd profile with-smartcard no longer prevents local users from accessing cron (RHBZ #2070325)
|
||||||
|
- backup-restore now works correctly (RHBZ #2066535)
|
||||||
|
- add with-subid to sssd profile (RHBZ #2063750)
|
||||||
|
|
||||||
* Wed Jul 14 2021 Pavel Březina <pbrezina@redhat.com> - 1.2.2-3
|
* Wed Jul 14 2021 Pavel Březina <pbrezina@redhat.com> - 1.2.2-3
|
||||||
- Update translations (RHBZ #1961625)
|
- Update translations (RHBZ #1961625)
|
||||||
|
|
||||||
@ -323,7 +331,7 @@ exit 0
|
|||||||
|
|
||||||
* Mon Feb 25 2019 Jakub Hrozek <jhrozek@redhat.com> - 1.0-13
|
* Mon Feb 25 2019 Jakub Hrozek <jhrozek@redhat.com> - 1.0-13
|
||||||
- Revert pam_systemd.so to be optional
|
- Revert pam_systemd.so to be optional
|
||||||
- Resolves: #rhbz1643928 - pam_systemd shouldn't be optional in system-auth
|
- Resolves: #rhbz1643928 - pam_systemd shouldn't be optional in system-auth
|
||||||
|
|
||||||
* Mon Feb 4 2019 Pavel Březina <pbrezina@redhat.com> - 1.0-12
|
* Mon Feb 4 2019 Pavel Březina <pbrezina@redhat.com> - 1.0-12
|
||||||
- make authselect work with selinux disabled (RHBZ #1668025)
|
- make authselect work with selinux disabled (RHBZ #1668025)
|
||||||
@ -368,7 +376,7 @@ exit 0
|
|||||||
- authselect profile nis enhancements (RHBZ #1628493)
|
- authselect profile nis enhancements (RHBZ #1628493)
|
||||||
- scriptlet can fail if coreutils is not installed (RHBZ #1630896)
|
- scriptlet can fail if coreutils is not installed (RHBZ #1630896)
|
||||||
- authconfig --update --enablenis stops ypserv (RHBZ #1632567)
|
- authconfig --update --enablenis stops ypserv (RHBZ #1632567)
|
||||||
- compat tool generates invalid pwquality configuration (RHBZ #1628491)
|
- compat tool generates invalid pwquality configuration (RHBZ #1628491)
|
||||||
|
|
||||||
* Mon Aug 13 2018 Pavel Březina <pbrezina@redhat.com> - 1.0-1
|
* Mon Aug 13 2018 Pavel Březina <pbrezina@redhat.com> - 1.0-1
|
||||||
- Rebase to 1.0 (RHBZ #1614235)
|
- Rebase to 1.0 (RHBZ #1614235)
|
||||||
@ -398,7 +406,7 @@ exit 0
|
|||||||
* Tue Feb 20 2018 Igor Gnatenko <ignatenkobrain@fedoraproject.org> - 0.3-2
|
* Tue Feb 20 2018 Igor Gnatenko <ignatenkobrain@fedoraproject.org> - 0.3-2
|
||||||
- Properly own all appropriate directories
|
- Properly own all appropriate directories
|
||||||
- Remove unneeded %%defattr
|
- Remove unneeded %%defattr
|
||||||
- Remove deprecated Group tag
|
- Remove deprecated Group tag
|
||||||
- Make Obsoletes versioned
|
- Make Obsoletes versioned
|
||||||
- Remove unneeded ldconfig scriptlets
|
- Remove unneeded ldconfig scriptlets
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user