commit: 7348fa57c7ada42820773f8c8b6f06f7181169ee
Author: Mikle Kolyada <zlogene <AT> gentoo <DOT> org>
AuthorDate: Wed Jun 10 11:32:46 2020 +0000
Commit: Mikle Kolyada <zlogene <AT> gentoo <DOT> org>
CommitDate: Wed Jun 10 11:32:46 2020 +0000
URL: https://gitweb.gentoo.org/proj/pambase.git/commit/?id=7348fa57
New release
- disable cracklib in favor of passwdqc
- disable tally{,2} in favor of faillock
Signed-off-by: Mikle Kolyada <zlogene <AT> gentoo.org>
Makefile | 4 ----
basic-conf | 4 ++--
linux-pam-conf | 7 +------
system-auth.in | 3 ---
system-login.in | 8 ++++----
5 files changed, 7 insertions(+), 19 deletions(-)
diff --git a/Makefile b/Makefile
index 9afc842..f7e7653 100644
--- a/Makefile
+++ b/Makefile
@@ -11,10 +11,6 @@ GIT=git
PAMFLAGS = -include linux-pam-conf -include basic-conf
-DLINUX_PAM_VERSION=$(LINUX_PAM_VERSION)
-ifeq "$(CRACKLIB)" "yes"
-PAMFLAGS += -DHAVE_CRACKLIB=1
-endif
-
ifeq "$(PASSWDQC)" "yes"
PAMFLAGS += -DHAVE_PASSWDQC=1
endif
diff --git a/basic-conf b/basic-conf
index 5ab72c0..7b1bf00 100644
--- a/basic-conf
+++ b/basic-conf
@@ -1,8 +1,8 @@
-// Only use_authtok (authentication token) when using cracklib or some other
module
+// Only use_authtok (authentication token) when using passwdqc or some other
module
// that checks for passwords, or pam_krb5
#define AUTHTOK use_authtok
-#if HAVE_CRACKLIB || HAVE_PASSWDQC
+#if HAVE_PASSWDQC
# define PASSWORD_STRENGTH 1
#endif
diff --git a/linux-pam-conf b/linux-pam-conf
index ecd5697..962b2eb 100644
--- a/linux-pam-conf
+++ b/linux-pam-conf
@@ -12,12 +12,7 @@
# define HAVE_MOTD 1
# define HAVE_MAIL 1
# define HAVE_LASTLOG 1
-
-# if LINUX_PAM_VERSION > 0x010100 /* 1.1.0 */
-# define TALLY_MODULE pam_tally2.so
-# else
-# define TALLY_MODULE pam_tally.so
-# endif
+# define HAVE_FAILLOCK 1
#endif
diff --git a/system-auth.in b/system-auth.in
index e65e4c2..dbb6971 100644
--- a/system-auth.in
+++ b/system-auth.in
@@ -18,9 +18,6 @@ account required pam_unix.so DEBUG
/* This is needed to make sure that the Kerberos skip-on-success won't cause a
bad jump. */
account optional pam_permit.so
-#if HAVE_CRACKLIB
-password required pam_cracklib.so difok=2 minlen=8 dcredit=2
ocredit=2 retry=3 DEBUG
-#endif
#if HAVE_PASSWDQC
password required pam_passwdqc.so min=8,8,8,8,8 retry=3
#endif
diff --git a/system-login.in b/system-login.in
index f159f10..d93d926 100644
--- a/system-login.in
+++ b/system-login.in
@@ -1,5 +1,5 @@
-#if defined(TALLY_MODULE)
-auth required TALLY_MODULE onerr=succeed
+#if HAVE_FAILLOCK
+auth required pam_faillock.so dir=/var/log deny=3
#endif
#if HAVE_SHELLS
auth required pam_shells.so DEBUG
@@ -19,8 +19,8 @@ account required pam_login_access.so
account required pam_nologin.so DEBUG_NOLOGIN
#endif
account include system-auth
-#if defined(TALLY_MODULE)
-account required TALLY_MODULE onerr=succeed DEBUG
+#if HAVE_FAILLOCK
+account required pam_faillock.so dir=/var/log deny=3
#endif
password include system-auth
