Changeset 78b5501 for postlfs/security/shadow.xml

Timestamp:

06/01/2015 05:55:07 PM (9 years ago)

Author:

Bruce Dubbs <bdubbs@…>

Branches:

10.0, 10.1, 11.0, 11.1, 11.2, 11.3, 12.0, 12.1, 7.10, 7.8, 7.9, 8.0, 8.1, 8.2, 8.3, 8.4, 9.0, 9.1, basic, bdubbs/svn, elogind, kea, ken/TL2024, ken/inkscape-core-mods, ken/tuningfonts, lazarus, lxqt, nosym, perl-modules, plabs/newcss, plabs/python-mods, python3.11, qt5new, rahul/power-profiles-daemon, renodr/vulkan-addition, trunk, upgradedb, xry111/intltool, xry111/llvm18, xry111/soup3, xry111/test-20220226, xry111/xf86-video-removal

Children:

74f20a1

Parents:

0d12bbe

Message:

Move generic PAM configuration from shadow to the PAM section

git-svn-id: svn://svn.linuxfromscratch.org/BLFS/trunk/BOOK@16058 af4574ff-66df-0310-9fd7-8a98e5e911e0

File:

• postlfs/security/shadow.xml (modified) (1 diff)

postlfs/security/shadow.xml

@@ -337 +337 @@
 
       <sect4>
-        <title>'system-account'</title>
-
-<screen role="root"><userinput>cat &gt; /etc/pam.d/system-account &lt;&lt; "EOF"
-<literal># Begin /etc/pam.d/system-account
-
-account   required    pam_unix.so
-
-# End /etc/pam.d/system-account</literal>
-EOF</userinput></screen>
-      </sect4>
-
-      <sect4>
-        <title>'system-auth'</title>
-
-<screen role="root"><userinput>cat &gt; /etc/pam.d/system-auth &lt;&lt; "EOF"
-<literal># Begin /etc/pam.d/system-auth
-
-auth      required    pam_unix.so
-
-# End /etc/pam.d/system-auth</literal>
-EOF</userinput></screen>
-      </sect4>
-
-      <sect4>
-        <title>'system-passwd' (with cracklib)</title>
-
-<screen role="root"><userinput>cat &gt; /etc/pam.d/system-password &lt;&lt; "EOF"
-<literal># Begin /etc/pam.d/system-password
-
-# check new passwords for strength (man pam_cracklib)
-password  required    pam_cracklib.so   type=Linux retry=3 difok=5 \
-                                        difignore=23 minlen=9 dcredit=1 \
-                                        ucredit=1 lcredit=1 ocredit=1 \
-                                        dictpath=/lib/cracklib/pw_dict
-# use sha512 hash for encryption, use shadow, and use the
-# authentication token (chosen password) set by pam_cracklib
-# above (or any previous modules)
-password  required    pam_unix.so       sha512 shadow use_authtok
-
-# End /etc/pam.d/system-password</literal>
-EOF</userinput></screen>
-
-        <note>
-          <para>
-            In its default configuration, owing to credits, pam_cracklib will
-            allow multiple case passwords as short as 6 characters, even with
-            the <parameter>minlen</parameter> value set to 11. You should review
-            the pam_cracklib(8) man page and determine if these default values
-            are acceptable for the security of your system.
-          </para>
-        </note>
-      </sect4>
-
-      <sect4>
-        <title>'system-passwd' (without cracklib)</title>
-
-<screen role="root"><userinput>cat &gt; /etc/pam.d/system-password &lt;&lt; "EOF"
-<literal># Begin /etc/pam.d/system-password
-
-# use sha512 hash for encryption, use shadow, and try to use any previously
-# defined authentication token (chosen password) set by any prior module
-password  required    pam_unix.so       sha512 shadow try_first_pass
-
-# End /etc/pam.d/system-password</literal>
-EOF</userinput></screen>
-      </sect4>
-
-      <sect4>
-        <title>'system-session'</title>
-
-<screen role="root"><userinput>cat &gt; /etc/pam.d/system-session &lt;&lt; "EOF"
-<literal># Begin /etc/pam.d/system-session
-
-session   required    pam_unix.so
-
-# End /etc/pam.d/system-session</literal>
-EOF</userinput></screen>
-      </sect4>
-
-      <sect4>
         <title>'login'</title>