fix winbind configuration and do the same for LDAP and NIS (modifs proposed and checked by Vincent Guardiola)

1 files changed, 5 insertions, 5 deletions

diff --git a/perl-install/authentication.pm b/perl-install/authentication.pm
index 0c86777aa..767ddd7cb 100644
--- a/perl-install/authentication.pm
+++ b/perl-install/authentication.pm
@@ -121,7 +121,7 @@ sub pam_module_from_path {
     $_[0] && $_[0] =~ m|(/lib/security/)?(pam_.*)\.so| && $2;
 }
 sub pam_module_to_path { 
-    "/lib/security/$_[0].so";
+    "$_[0].so";
 }
 sub pam_format_line {
     my ($type, $control, $module, @para) = @_;
@@ -146,8 +146,8 @@ sub set_raw_pam_authentication {
 	my $added_pre_line = '';
 	if ($module = pam_module_from_path($module)) {
 	    if ($module eq 'pam_unix' && member($type, 'auth', 'account')) {
-		#- ensure use_first_pass option is there
-		$_ = pam_format_line($type, 'sufficient', $module, uniq(@para, 'use_first_pass'));
+		#- remove likeauth, nullok and use_first_pass
+		$_ = pam_format_line($type, 'sufficient', $module, grep { !member($_, qw(likeauth nullok use_first_pass)) } @para);
 		if ($control eq 'required') {
 		    #- ensure a pam_deny line is there
 		    ($control, $module, @para) = ('required', 'pam_deny');
@@ -189,8 +189,8 @@ sub set_pam_authentication {
     my $before_first = {};
     foreach (@authentication_kinds) {
 	my $module = 'pam_' . $_;
-	$before_deny->{auth}{$module} = [];
-	$before_deny->{account}{$module} = [];
+	$before_deny->{auth}{$module} = [ 'likeauth', 'nullok', 'use_first_pass' ];
+	$before_deny->{account}{$module} = [ 'use_first_pass' ];
 	$before_deny->{password}{$module} = [] if $_ eq 'ldap';
 	$before_first->{session}{pam_mkhomedir} = [ 'skel=/etc/skel/', 'umask=0022' ] if $_ eq 'winbind';
     }