summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--perl-install/authentication.pm10
1 files changed, 5 insertions, 5 deletions
diff --git a/perl-install/authentication.pm b/perl-install/authentication.pm
index 0c86777aa..767ddd7cb 100644
--- a/perl-install/authentication.pm
+++ b/perl-install/authentication.pm
@@ -121,7 +121,7 @@ sub pam_module_from_path {
$_[0] && $_[0] =~ m|(/lib/security/)?(pam_.*)\.so| && $2;
}
sub pam_module_to_path {
- "/lib/security/$_[0].so";
+ "$_[0].so";
}
sub pam_format_line {
my ($type, $control, $module, @para) = @_;
@@ -146,8 +146,8 @@ sub set_raw_pam_authentication {
my $added_pre_line = '';
if ($module = pam_module_from_path($module)) {
if ($module eq 'pam_unix' && member($type, 'auth', 'account')) {
- #- ensure use_first_pass option is there
- $_ = pam_format_line($type, 'sufficient', $module, uniq(@para, 'use_first_pass'));
+ #- remove likeauth, nullok and use_first_pass
+ $_ = pam_format_line($type, 'sufficient', $module, grep { !member($_, qw(likeauth nullok use_first_pass)) } @para);
if ($control eq 'required') {
#- ensure a pam_deny line is there
($control, $module, @para) = ('required', 'pam_deny');
@@ -189,8 +189,8 @@ sub set_pam_authentication {
my $before_first = {};
foreach (@authentication_kinds) {
my $module = 'pam_' . $_;
- $before_deny->{auth}{$module} = [];
- $before_deny->{account}{$module} = [];
+ $before_deny->{auth}{$module} = [ 'likeauth', 'nullok', 'use_first_pass' ];
+ $before_deny->{account}{$module} = [ 'use_first_pass' ];
$before_deny->{password}{$module} = [] if $_ eq 'ldap';
$before_first->{session}{pam_mkhomedir} = [ 'skel=/etc/skel/', 'umask=0022' ] if $_ eq 'winbind';
}