Go to:
Gentoo Home
Documentation
Forums
Lists
Bugs
Planet
Store
Wiki
Get Gentoo!
Gentoo's Bugzilla – Attachment 668624 Details for
Bug 748405
Login via kerberos does not work with sys-auth/pambase-20201010 sys-libs/pam-1.4.0_p20200829
Home
|
New
–
[Ex]
|
Browse
|
Search
|
Privacy Policy
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
fix login with kerberos
faillock.patch (text/plain), 2.88 KB, created by
Manuel Mommertz
on 2020-10-26 13:31:59 UTC
(
hide
)
Description:
fix login with kerberos
Filename:
MIME Type:
Creator:
Manuel Mommertz
Created:
2020-10-26 13:31:59 UTC
Size:
2.88 KB
patch
obsolete
>diff -ru templates/system-auth.tpl templates/system-auth.tpl >--- templates/system-auth.tpl 2020-10-20 04:38:20.000000000 +0200 >+++ templates/system-auth.tpl 2020-10-26 08:57:36.772493157 +0100 >@@ -4,20 +4,31 @@ > {% endif %} > > {% if krb5 %} >-auth [success=1 default=ignore] pam_krb5.so {{ krb5_params }} >+auth [success=1 default=ignore] pam_krb5.so {{ krb5_params }} > {% endif %} > >+auth required pam_unix.so {{ nullok|default('', true) }} {{ debug|default('', true) }} try_first_pass >+{% if krb5 %} >+# This is needed to make sure that the Kerberos skip-on-success won't cause a bad jump. > auth optional pam_permit.so >-auth requisite pam_faillock.so preauth >-auth [success=1 default=ignore] pam_unix.so {{ nullok|default('', true) }} {{ debug|default('', true) }} try_first_pass >-auth [default=die] pam_faillock.so authfail >+{% endif %} >+{% if not minimal %} >+# Fail login if faillock-counter reached limit (typical 3). >+auth required pam_faillock.so preauth >+# Increase faillock-counter. Will be cleared again on successfull login or after timeout. >+auth [default=ignore] pam_faillock.so authfail >+{% endif %} > > {% if krb5 %} > account [success=1 default=ignore] pam_krb5.so {{ krb5_params }} > {% endif %} > account required pam_unix.so {{ debug|default('', true) }} >+{% if krb5 %} >+# This is needed to make sure that the Kerberos skip-on-success won't cause a bad jump. > account optional pam_permit.so >+{% endif %} > {% if not minimal %} >+# Clear faillock-counter on successfull login. > account required pam_faillock.so > {% endif %} > >@@ -38,7 +49,10 @@ > {% endif %} > > password required pam_unix.so try_first_pass {{ unix_authtok|default('', true) }} {{ nullok|default('', true) }} {{ unix_extended_encryption|default('', true) }} {{ debug|default('', true) }} >+{% if krb5 %} >+# This is needed to make sure that the Kerberos skip-on-success won't cause a bad jump. > password optional pam_permit.so >+{% endif %} > > {% if pam_ssh %} > session optional pam_ssh.so >diff -ru templates/system-login.tpl templates/system-login.tpl >--- templates/system-login.tpl 2020-10-20 04:38:20.000000000 +0200 >+++ templates/system-login.tpl 2020-10-26 08:38:20.386717718 +0100 >@@ -5,9 +5,6 @@ > account required pam_access.so {{ debug|default('', true) }} > account required pam_nologin.so > account include system-auth >-{% if not minimal %} >-account required pam_faillock.so >-{% endif %} > > password include system-auth > session optional pam_loginuid.so >diff -ru templates/system-session.tpl templates/system-session.tpl >--- templates/system-session.tpl 2020-10-20 04:38:20.000000000 +0200 >+++ templates/system-session.tpl 2020-10-26 08:39:57.830457191 +0100 >@@ -10,4 +10,7 @@ > > session required pam_unix.so {{ debug|default('', true) }} > >+{% if krb5 %} >+# This is needed to make sure that the Kerberos skip-on-success won't cause a bad jump. > session optional pam_permit.so >+{% endif %}
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=668624">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 748405
:
668624
|
669725
