cd929cb3b7
Wed Oct 24 2001 Nalin Dahyabhai <nalin@redhat.com> 0.75-16 - pam_xauth: always return PAM_SUCCESS or PAM_SESSION_ERR instead of PAM_IGNORE, matching the previous behavior (libpam treats PAM_IGNORE from a single module in a stack as a session error, leading to false error messages if we just return PAM_IGNORE for all cases) Mon Oct 22 2001 Nalin Dahyabhai <nalin@redhat.com> 0.75-15 - reorder patches so that the reentrancy patch is applied last -- we never came to a consensus on how to guard against the bugs in calling applications which this sort of change addresses, and having them last allows for dropping in a better strategy for addressing this later on Mon Oct 15 2001 Nalin Dahyabhai <nalin@redhat.com> - pam_rhosts: allow "+hostname" as a synonym for "hostname" to jive better with the hosts.equiv(5) man page - use the automake install-sh instead of the autoconf install-sh, which disappeared somewhere between 2.50 and now Mon Oct 08 2001 Nalin Dahyabhai <nalin@redhat.com> - add pwdb as a buildprereq Fri Oct 05 2001 Nalin Dahyabhai <nalin@redhat.com> - pam_tally: don't try to read past the end of faillog -- it probably contains garbage, which if written into the file later on will confuse /usr/bin/faillog Thu Oct 04 2001 Nalin Dahyabhai <nalin@redhat.com> - pam_limits: don't just return if the user is root -- we'll want to set the priority (it could be negative to elevate root's sessions) - pam_issue: fix off-by-one error allocating space for the prompt string Wed Oct 03 2001 Nalin Dahyabhai <nalin@redhat.com> - pam_mkhomedir: recurse into subdirectories properly - pam_mkhomedir: handle symlinks - pam_mkhomedir: skip over special items in the skeleton directory Tue Oct 02 2001 Nalin Dahyabhai <nalin@redhat.com> - add cracklib as a buildprereq - pam_wheel: don't ignore out if the user is attempting to switch to a unprivileged user (this lets pam_wheel do its thing when users attempt to get to system accounts or accounts of other unprivileged users) Fri Sep 28 2001 Nalin Dahyabhai <nalin@redhat.com> - pam_xauth: close a possible DoS due to use of dotlock-style locking in world-writable directories by relocating the temporary file to the target user's home directory - general: include headers local to this tree using relative paths so that system headers for PAM won't be pulled in, in case include paths don't take care of it Thu Sep 27 2001 Nalin Dahyabhai <nalin@redhat.com> - pam_xauth: rewrite to skip refcounting and just use a temporary file created using mkstemp() in /tmp Tue Sep 25 2001 Nalin Dahyabhai <nalin@redhat.com> - pam_userdb: fix the key_only flag so that the null-terminator of the user-password string isn't expected to be part of the key in the db file, matching the behavior of db_load 3.2.9
16 lines
637 B
Plaintext
16 lines
637 B
Plaintext
#%PAM-1.0
|
|
# This file is auto-generated.
|
|
# User changes will be destroyed the next time authconfig is run.
|
|
auth required /lib/security/pam_env.so
|
|
auth sufficient /lib/security/pam_unix.so likeauth nullok
|
|
auth required /lib/security/pam_deny.so
|
|
|
|
account required /lib/security/pam_unix.so
|
|
|
|
password required /lib/security/pam_cracklib.so retry=3
|
|
password sufficient /lib/security/pam_unix.so nullok use_authtok md5 shadow
|
|
password required /lib/security/pam_deny.so
|
|
|
|
session required /lib/security/pam_limits.so
|
|
session required /lib/security/pam_unix.so
|