From df900ff1bf2e196e61f0a5578348b1d64b1b4797 Mon Sep 17 00:00:00 2001 From: Pascal Rigaux Date: Tue, 11 May 2004 12:00:38 +0000 Subject: fix winbind configuration and do the same for LDAP and NIS (modifs proposed and checked by Vincent Guardiola) --- perl-install/authentication.pm | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/perl-install/authentication.pm b/perl-install/authentication.pm index 0c86777aa..767ddd7cb 100644 --- a/perl-install/authentication.pm +++ b/perl-install/authentication.pm @@ -121,7 +121,7 @@ sub pam_module_from_path { $_[0] && $_[0] =~ m|(/lib/security/)?(pam_.*)\.so| && $2; } sub pam_module_to_path { - "/lib/security/$_[0].so"; + "$_[0].so"; } sub pam_format_line { my ($type, $control, $module, @para) = @_; @@ -146,8 +146,8 @@ sub set_raw_pam_authentication { my $added_pre_line = ''; if ($module = pam_module_from_path($module)) { if ($module eq 'pam_unix' && member($type, 'auth', 'account')) { - #- ensure use_first_pass option is there - $_ = pam_format_line($type, 'sufficient', $module, uniq(@para, 'use_first_pass')); + #- remove likeauth, nullok and use_first_pass + $_ = pam_format_line($type, 'sufficient', $module, grep { !member($_, qw(likeauth nullok use_first_pass)) } @para); if ($control eq 'required') { #- ensure a pam_deny line is there ($control, $module, @para) = ('required', 'pam_deny'); @@ -189,8 +189,8 @@ sub set_pam_authentication { my $before_first = {}; foreach (@authentication_kinds) { my $module = 'pam_' . $_; - $before_deny->{auth}{$module} = []; - $before_deny->{account}{$module} = []; + $before_deny->{auth}{$module} = [ 'likeauth', 'nullok', 'use_first_pass' ]; + $before_deny->{account}{$module} = [ 'use_first_pass' ]; $before_deny->{password}{$module} = [] if $_ eq 'ldap'; $before_first->{session}{pam_mkhomedir} = [ 'skel=/etc/skel/', 'umask=0022' ] if $_ eq 'winbind'; } -- cgit v1.2.1