Commit Graph

384 Commits

Author SHA1 Message Date
Tomas Mraz
a9ef7f8676 Multiple fixes and enhancements
pam_namespace: Support noexec, nosuid and nodev flags for tmpfs mounts
Drop tallylog and pam_tally documentation
pam_faillock: Support local_users_only option
pam_lastlog: Do not display failed attempts with PAM_SILENT flag
pam_lastlog: Support unlimited option to override fsize limit
pam_unix: Log if user authenticated without password
pam_tty_audit: Improve manual page
Optimize closing fds when spawning helpers
Fix duplicate password verification in pam_authtok_verify()
2019-10-16 16:35:57 +02:00
Tomas Mraz
b0eec480a1 pam_faillock: Support configuration file /etc/security/faillock.conf 2019-09-09 12:39:07 +02:00
Fedora Release Engineering
daf508b4d6 - Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
2019-07-25 23:56:12 +00:00
Fedora Release Engineering
0232ca3078 - Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
2019-02-01 17:51:32 +00:00
Igor Gnatenko
a24e70398f Remove obsolete Group tag
References: https://fedoraproject.org/wiki/Changes/Remove_Group_Tag
2019-01-28 20:24:24 +01:00
Björn Esser
1a0a3edc23
Rebuilt for libcrypt.so.2 (#1666033) 2019-01-14 18:51:46 +01:00
Tomas Mraz
0686daa3fa Add the motd.d directories (empty)
- to silence warnings and to provide
  proper ownership for them (#1660935)
2018-12-20 14:21:49 +01:00
Tomas Mraz
40b927d103 Update Red Hat PAM modules to version 1.0.0 which includes pam_faillock
Drop also pam_tally2 which was obsoleted and deprecated long time ago
2018-12-04 09:15:56 +01:00
Björn Esser
94c0a4fee4
Backport upstream commit fixing syslog for disabled or invalid hashes 2018-12-02 20:17:59 +01:00
Björn Esser
f3b728d2c9
Backport upstream commit reporting disabled or invalid hashes to syslog 2018-12-02 20:17:06 +01:00
rfairley
8bab4e7fac Backport upstream commit for pam_motd multiple motd paths 2018-11-28 12:35:18 -05:00
Tomas Mraz
eb01a2d4d8 Completely drop the check of invalid or disabled salt via crypt_checksalt 2018-11-26 12:58:54 +01:00
Björn Esser
d82342266e
Fix passphraseless sudo with crypt_checksalt (#1653023)
Upstream commit 4da9feb introduced a regression that made
passphraseless sudo fail when it was invoked from a user with
a locked passphrase.  Thus we should check for such a scenario
when evaluating the return value of crypt_checksalt(3).
2018-11-25 07:36:29 +01:00
Björn Esser
ae8e396328
Update the no-MD5-fallback patch for alignment 2018-11-23 17:49:20 +01:00
Björn Esser
2842b2a1ee
Backport upstream commit adding support for (gost-)yescrypt 2018-11-23 17:49:20 +01:00
Björn Esser
65c004f604
Backport upstream commit using crypt_checksalt for password aging 2018-11-23 10:17:17 +01:00
Björn Esser
a0fce7ff9b
Backport upstream commit preferring gensalt with autoentropy 2018-11-23 10:14:03 +01:00
Björn Esser
6eff6819b8
Backport upstream commit preferring bcrypt_b ($2b$) for blowfish 2018-11-23 10:11:51 +01:00
Björn Esser
da68a05bc8
Backport upstream commit removing an obsolete prototype 2018-11-23 10:07:51 +01:00
Björn Esser
239b1317eb
Prefer %%global over %%define 2018-11-16 11:28:35 +01:00
Björn Esser
80eff59d99
Drop Requires(post), not needed anymore 2018-11-16 11:27:00 +01:00
Björn Esser
19dc42903b
Use %%ldconfig_scriptlets 2018-11-16 11:26:11 +01:00
Björn Esser
11e9d6fdf2
Add BuildRequires: libxcrypt >= 4.3.3-2
When building against libxcrypt >= 4.3.3-2, we can
avoid the explicit dependency on libxcrypt >= 4.3.3-1.
2018-11-13 14:34:17 +01:00
Björn Esser
da5343b789
Add explicit (Build)Requires for libxcrypt >= 4.3.3-1
This is needed to ensure working updates from previous builds.

It should have been in my previous commit, but I overlooked to
add it then.
2018-11-12 11:38:23 +01:00
Björn Esser
47165fb66c
Rebuilt against libxcrypt-4.3.3 to enable the use of crypt_gensalt_r
PAM preferes the crypt_gensalt_r function over its internal
crypt_make_salt function, when this function is provided by
the system's crypt library.

libxcrypt now ships (and used to ship it until v3.1.1) such an
alias for its crypt_gensalt_rn function, which features the
same semantics and the same prototype as the crypt_gensalt_r
function existing on some systems.
2018-11-12 11:07:09 +01:00
Tomas Mraz
fd5858157e Make it build 2018-09-10 16:24:16 +02:00
Tomas Mraz
786ce63f9d Coverity fixes, pam_umask added to postlogin
add pam_umask to postlogin PAM configuration file
fix some issues found by Coverity scan
2018-09-10 14:25:15 +02:00
Colin Walters
dc7f2be86b Convert tallylog to tmpfiles.d
This will make it compatible with the rpm-ostree model, which
has `/var` start out empty (or supports doing so).

More information in https://bugzilla.redhat.com/show_bug.cgi?id=1352154
2018-07-27 14:30:59 -04:00
Fedora Release Engineering
48595acee5 - Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
2018-07-13 15:25:36 +00:00
Jason Tibbitts
db03b40e8b Remove needless use of %defattr 2018-07-10 02:15:00 -05:00
Tomas Mraz
ae699035e9 use /run instead of /var/run in pamtmp.conf (#1588612) 2018-06-08 10:24:42 +02:00
Tomas Mraz
48538add1f new upstream release 1.3.1 with multiple improvements 2018-05-18 15:43:48 +02:00
Fedora Release Engineering
eebe54598c - Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
2018-02-08 18:11:21 +00:00
Tomas Mraz
8f94d6252d and the NIS support now also requires libnsl2 2018-01-30 16:55:42 +01:00
Björn Esser
95ff4ad1c4
Rebuilt for switch to libxcrypt 2018-01-20 23:07:26 +01:00
Tomas Mraz
13115d331d the NIS support now requires libtirpc 2018-01-11 14:25:59 +01:00
Serhii Turivny
4dc6ede4b5 Add CI tests using the standard test interface
Adds tests according to the CI wiki [0] specifically the standard test interface in the spec [1].

[0] https://fedoraproject.org/wiki/CI
[1] https://fedoraproject.org/wiki/Changes/InvokingTests
2017-10-04 17:57:38 +03:00
Tomas Mraz
64bde25a45 add admin_group option to pam_faillock (#1285550) 2017-08-21 16:47:47 +02:00
Fedora Release Engineering
a6e4462d0d - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild 2017-08-03 04:46:07 +00:00
Fedora Release Engineering
8f2c8f16a3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild 2017-07-27 02:06:32 +00:00
Petr Písař
cc34b72802 perl dependency renamed to perl-interpreter <https://fedoraproject.org/wiki/Changes/perl_Package_to_Install_Core_Modules> 2017-07-12 14:35:54 +02:00
Tomas Mraz
629a67bec4 drop superfluous 'Changing password' message from pam_unix (#658289) 2017-04-20 16:55:25 +02:00
Fedora Release Engineering
d6023f89c8 - Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild 2017-02-11 01:11:40 +00:00
Tomas Mraz
96b935efa5 Make install of tallylog non-fatal. 2017-01-03 10:17:58 +01:00
Tomas Mraz
26153ac92d new upstream release with multiple improvements 2016-05-06 15:28:27 +02:00
Tomas Mraz
be55e6d98b pam_faillock: Add more documentation about unlock_time=never option. 2016-04-28 17:10:18 +02:00
Tomas Mraz
e1caf9a021 make cracklib-dicts dependency weak (#1323172) 2016-04-11 13:27:13 +02:00
Tomas Mraz
492bcabc07 do not drop PAM_OLDAUTHTOK if mismatched - can be used by further modules 2016-04-06 14:37:35 +02:00
Tomas Mraz
ef5646f9ed pam_unix: use pam_get_authtok() and improve prompting 2016-04-04 18:54:12 +02:00
Tomas Mraz
89812cadd9 fix console device name in console.handlers (#1270224) 2016-02-05 17:50:26 +01:00