Iker Pedrosa
d335a7441d
Fix issues detected by covscan tool
2021-07-09 12:13:54 +02:00
Björn Esser
9ba9b6c09d
Change the default password hash method to yescrypt
2021-06-10 21:23:06 +02:00
Björn Esser
3b25774300
Add a patch to not use crypt_checksalt for password expiration
...
Resolves : #1965345 , #1967150
2021-06-10 21:11:26 +02:00
Benjamin Berg
1d8ac5d19c
Add script to avoid fingerprint-auth issues for long term Fedora users
...
Resolves : #1942443
2021-04-16 15:56:47 +02:00
Iker Pedrosa
ea80571848
Clean auto-generated message from pam stack files
2021-04-12 13:08:18 +02:00
Benjamin Berg
dff39dc42d
Return PAM_AUTHINFO_UNAVAIL from pam_fprintd.so
...
GDM/gnome-shell expects being able to tell apart various failure modes
from the pam_fprintd.so. However, using "sufficient" means that the
generic error code from pam_deny.so will be returned.
Use default=bad, to ensure that the failing error code from
pam_fprintd.so is correctly exposed to GDM.
2021-04-09 17:00:15 +02:00
Fedora Release Engineering
ada898394e
- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
...
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
2021-01-26 22:52:14 +00:00
ipedrosa
a880e5be1e
Add BuildRequires: make ( #1902520 )
2020-11-30 16:05:15 +01:00
ipedrosa
15ec0223ed
- Rebase to release 1.5.1
...
- fix CVE-2020-27780: authentication bypass when the user doesn't exist
and root password is blank (#1901173 )
2020-11-26 10:02:41 +01:00
ipedrosa
bcd73c678e
- Rebase to release 1.5.0
...
- Rebase to pam-redhat-1.1.4
- Remove pam_cracklib, pam_tally and pam_tally2
- spec file cleanup
2020-11-11 15:18:15 +01:00
ipedrosa
f35e0f9f10
libpam: fix memory leak in pam_start ( #1894630 )
2020-11-06 09:21:10 +01:00
ipedrosa
75940340ad
- pam_unix: fix missing initialization of daysleft ( #1887077 )
...
- pam_motd: change privilege message prompt to default (#1861640 )
2020-10-26 11:03:08 +01:00
ipedrosa
767f761a2d
- pam_motd: read motd files with target user credentials skipping unreadable ones ( #1861640 )
...
- Clarify upstreamed patches
2020-10-14 15:01:34 +02:00
Tom Stellard
8f7e444c74
Add BuildRequires: gcc
...
https://docs.fedoraproject.org/en-US/packaging-guidelines/C_and_C++/#_packaging
2020-08-04 04:26:20 +00:00
Fedora Release Engineering
96f5e6908b
- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
...
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
2020-07-28 13:05:10 +00:00
ipedrosa
6989bc7495
Added new pam-redhat tarball to lookaside cache
2020-07-02 12:46:54 +02:00
ipedrosa
e739be9b4c
Enable layered configuration with distribution configs in /usr/share/pam.d
2020-07-02 10:59:55 +02:00
ipedrosa
aad6db4b92
Rebased to release 1.4.0
...
Rebased to pam-redhat-1.1.3
Removed pam_cracklib as it has been deprecated
2020-06-25 13:07:15 +02:00
ipedrosa
aea1c2fa66
pam_faillock: change /run/faillock/$USER permissions to 0660
2020-06-22 10:14:08 +02:00
ipedrosa
7d1e156168
pam_unix and pam_usertype: avoid determining if user exists
2020-06-17 16:04:16 +02:00
ipedrosa
9d21ac175c
pam_tty_audit: if kernel audit is disabled return PAM_IGNORE
...
pam_modutil_sanitize_helper_fds: fix SIGPIPE effect of PAM_MODUTIL_PIPE_FD
2020-05-14 13:17:06 +02:00
ipedrosa
403090086b
docs: splitted documentation in subpackage -docs
2020-04-23 11:50:24 +02:00
ikerexxe
055b81078c
pam_selinux: check unknown object classes or permissions in current policy
2020-03-11 16:42:15 +01:00
Pavel Březina
a346ac13e2
add pam_usertype
2020-02-06 13:13:13 +01:00
Fedora Release Engineering
966d010ebd
- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
...
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
2020-01-29 20:46:33 +00:00
Tomas Mraz
a41ddb867b
Fix date in changelog
2019-12-18 14:09:17 +01:00
Tomas Mraz
4957e6ce68
pam_faillock: Fix regression in admin_group support
2019-12-18 13:36:44 +01:00
Tomas Mraz
a9ef7f8676
Multiple fixes and enhancements
...
pam_namespace: Support noexec, nosuid and nodev flags for tmpfs mounts
Drop tallylog and pam_tally documentation
pam_faillock: Support local_users_only option
pam_lastlog: Do not display failed attempts with PAM_SILENT flag
pam_lastlog: Support unlimited option to override fsize limit
pam_unix: Log if user authenticated without password
pam_tty_audit: Improve manual page
Optimize closing fds when spawning helpers
Fix duplicate password verification in pam_authtok_verify()
2019-10-16 16:35:57 +02:00
Tomas Mraz
b0eec480a1
pam_faillock: Support configuration file /etc/security/faillock.conf
2019-09-09 12:39:07 +02:00
Fedora Release Engineering
daf508b4d6
- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
...
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
2019-07-25 23:56:12 +00:00
Fedora Release Engineering
0232ca3078
- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
...
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
2019-02-01 17:51:32 +00:00
Igor Gnatenko
a24e70398f
Remove obsolete Group tag
...
References: https://fedoraproject.org/wiki/Changes/Remove_Group_Tag
2019-01-28 20:24:24 +01:00
Björn Esser
1a0a3edc23
Rebuilt for libcrypt.so.2 ( #1666033 )
2019-01-14 18:51:46 +01:00
Tomas Mraz
0686daa3fa
Add the motd.d directories (empty)
...
- to silence warnings and to provide
proper ownership for them (#1660935 )
2018-12-20 14:21:49 +01:00
Tomas Mraz
40b927d103
Update Red Hat PAM modules to version 1.0.0 which includes pam_faillock
...
Drop also pam_tally2 which was obsoleted and deprecated long time ago
2018-12-04 09:15:56 +01:00
Björn Esser
94c0a4fee4
Backport upstream commit fixing syslog for disabled or invalid hashes
2018-12-02 20:17:59 +01:00
Björn Esser
f3b728d2c9
Backport upstream commit reporting disabled or invalid hashes to syslog
2018-12-02 20:17:06 +01:00
rfairley
8bab4e7fac
Backport upstream commit for pam_motd multiple motd paths
2018-11-28 12:35:18 -05:00
Tomas Mraz
eb01a2d4d8
Completely drop the check of invalid or disabled salt via crypt_checksalt
2018-11-26 12:58:54 +01:00
Björn Esser
d82342266e
Fix passphraseless sudo with crypt_checksalt ( #1653023 )
...
Upstream commit 4da9feb introduced a regression that made
passphraseless sudo fail when it was invoked from a user with
a locked passphrase. Thus we should check for such a scenario
when evaluating the return value of crypt_checksalt(3).
2018-11-25 07:36:29 +01:00
Björn Esser
ae8e396328
Update the no-MD5-fallback patch for alignment
2018-11-23 17:49:20 +01:00
Björn Esser
2842b2a1ee
Backport upstream commit adding support for (gost-)yescrypt
2018-11-23 17:49:20 +01:00
Björn Esser
65c004f604
Backport upstream commit using crypt_checksalt for password aging
2018-11-23 10:17:17 +01:00
Björn Esser
a0fce7ff9b
Backport upstream commit preferring gensalt with autoentropy
2018-11-23 10:14:03 +01:00
Björn Esser
6eff6819b8
Backport upstream commit preferring bcrypt_b ($2b$) for blowfish
2018-11-23 10:11:51 +01:00
Björn Esser
da68a05bc8
Backport upstream commit removing an obsolete prototype
2018-11-23 10:07:51 +01:00
Björn Esser
239b1317eb
Prefer %%global over %%define
2018-11-16 11:28:35 +01:00
Björn Esser
80eff59d99
Drop Requires(post), not needed anymore
2018-11-16 11:27:00 +01:00
Björn Esser
19dc42903b
Use %%ldconfig_scriptlets
2018-11-16 11:26:11 +01:00
Björn Esser
11e9d6fdf2
Add BuildRequires: libxcrypt >= 4.3.3-2
...
When building against libxcrypt >= 4.3.3-2, we can
avoid the explicit dependency on libxcrypt >= 4.3.3-1.
2018-11-13 14:34:17 +01:00