forked from pool/shadow
2204667d89
- shadow-util-linux.patch: * Remove the section patching lib/getdef.c in favor of the upstream FOREIGNDEFS. * Add LOGIN_KEEP_USERNAME to login.defs. * Remove PREVENT_NO_AUTH from login.defs. Only used by the unpackaged login and su. - shadow-login_defs-unused-by-pam.patch: * Remove variables BCRYPT_MIN_ROUNDS, BCRYPT_MAX_ROUNDS, YESCRYPT_COST_FACTOR, not supported by the current configuratiton. - Update login_defs-support-for-pam symbol to version 1.5.2 (support for new variable HMAC_CRYPTO_ALGO). - Update login_defs-support-for-util-linux to version 2.37 (support for new variable LOGIN_KEEP_USERNAME). - Refresh shadow-login_defs-comments.patch and shadow-login_defs-suse.patch. - Improve shadow-login_defs-check.sh: * Add helper to import local new version in the parent dir. * Fix spec editing sed expression. * Add PREVENT_NO_AUTH to known unused variables. * Update pam sed expression to find HMAC_CRYPTO_ALGO. * Add more sanity checks. OBS-URL: https://build.opensuse.org/request/show/931937 OBS-URL: https://build.opensuse.org/package/show/Base:System/shadow?expand=0&rev=114
141 lines
3.9 KiB
Diff
141 lines
3.9 KiB
Diff
Add variables referred by util-linux login, runuser and su, but not by
|
|
shadow.
|
|
|
|
Delete variables used by shadow implementation of login, su and runuser
|
|
that has no use in util-linux implementation.
|
|
|
|
Index: etc/login.defs
|
|
===================================================================
|
|
--- etc/login.defs.orig
|
|
+++ etc/login.defs
|
|
@@ -1,5 +1,7 @@
|
|
#
|
|
# /etc/login.defs - Configuration control definitions for the shadow package.
|
|
+# Some variables are used by login(1), su(1) and runuser(1) from util-linux
|
|
+# package as well pam pam_unix(8) from pam package.
|
|
#
|
|
# $Id$
|
|
#
|
|
@@ -17,9 +19,8 @@ FAIL_DELAY 3
|
|
LOG_UNKFAIL_ENAB no
|
|
|
|
#
|
|
-# Enable logging of successful logins
|
|
+# Enable "syslog" logging of newgrp(1) and sg(1) activity.
|
|
#
|
|
-LOG_OK_LOGINS no
|
|
|
|
#
|
|
# Limit the highest user ID number for which the lastlog entries should
|
|
@@ -31,10 +32,9 @@ LOG_OK_LOGINS no
|
|
#LASTLOG_UID_MAX
|
|
|
|
#
|
|
-# Enable "syslog" logging of su(1) activity - in addition to sulog file logging.
|
|
-# SYSLOG_SG_ENAB does the same for newgrp(1) and sg(1).
|
|
+# Enable "syslog" logging of newgrp(1) and sg(1) activity - in addition
|
|
+# to sulog file logging.
|
|
#
|
|
-SYSLOG_SU_ENAB yes
|
|
SYSLOG_SG_ENAB yes
|
|
|
|
#
|
|
@@ -58,6 +58,12 @@ MOTD_FILE /etc/motd
|
|
#MOTD_FILE /etc/motd:/usr/lib/news/news-motd
|
|
|
|
#
|
|
+# If set to "yes", login stops display content specified by MOTD_FILE after
|
|
+# the first accessible item in the list.
|
|
+#
|
|
+#MOTD_FIRSTONLY no
|
|
+
|
|
+#
|
|
# If defined, file which maps tty line to TERM environment parameter.
|
|
# Each line of the file is in a format similar to "vt100 tty01".
|
|
#
|
|
@@ -72,12 +78,33 @@ MOTD_FILE /etc/motd
|
|
HUSHLOGIN_FILE .hushlogin
|
|
#HUSHLOGIN_FILE /etc/hushlogins
|
|
|
|
+# If this variable is set to "yes", hostname will be suppressed in the
|
|
+# login: prompt.
|
|
+#LOGIN_PLAIN_PROMPT no
|
|
+
|
|
#
|
|
# *REQUIRED* The default PATH settings, for superuser and normal users.
|
|
#
|
|
# (they are minimal, add the rest in the shell startup files)
|
|
-ENV_SUPATH PATH=/sbin:/bin:/usr/sbin:/usr/bin
|
|
-ENV_PATH PATH=/bin:/usr/bin
|
|
+#
|
|
+# ENV_PATH: The default PATH settings for non-root.
|
|
+#
|
|
+# ENV_ROOTPATH: The default PATH settings for root
|
|
+# (used by login, su and runuser).
|
|
+#
|
|
+# ENV_SUPATH is an ENV_ROOTPATH override for su and runuser
|
|
+# (and falback for login).
|
|
+#
|
|
+ENV_PATH /bin:/usr/bin
|
|
+ENV_ROOTPATH /sbin:/bin:/usr/sbin:/usr/bin
|
|
+#ENV_SUPATH /sbin:/bin:/usr/sbin:/usr/bin
|
|
+
|
|
+# If this variable is set to "yes", su will always set path. every su
|
|
+# call will overwrite the PATH variable.
|
|
+#
|
|
+# Per default, only "su -" will set a new PATH.
|
|
+#
|
|
+ALWAYS_SET_PATH no
|
|
|
|
#
|
|
# Terminal permissions
|
|
@@ -93,19 +120,6 @@ ENV_PATH PATH=/bin:/usr/bin
|
|
TTYGROUP tty
|
|
TTYPERM 0600
|
|
|
|
-#
|
|
-# Login configuration initializations:
|
|
-#
|
|
-# ERASECHAR Terminal ERASE character ('\010' = backspace).
|
|
-# KILLCHAR Terminal KILL character ('\025' = CTRL/U).
|
|
-#
|
|
-# The ERASECHAR and KILLCHAR are used only on System V machines.
|
|
-#
|
|
-# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
|
|
-#
|
|
-ERASECHAR 0177
|
|
-KILLCHAR 025
|
|
-
|
|
# Default initial "umask" value used by login(1) on non-PAM enabled systems.
|
|
# Default "umask" value for pam_umask(8) on PAM enabled systems.
|
|
# UMASK is also used by useradd(8) and newusers(8) to set the mode for new
|
|
@@ -163,6 +177,12 @@ SUB_GID_COUNT 65536
|
|
LOGIN_RETRIES 5
|
|
|
|
#
|
|
+# Tell login to only re-prompt for the password if authentication
|
|
+# failed, but the username is valid. The default value is no.
|
|
+#
|
|
+LOGIN_KEEP_USERNAME no
|
|
+
|
|
+#
|
|
# Max time in seconds for login(1)
|
|
#
|
|
LOGIN_TIMEOUT 60
|
|
@@ -315,15 +335,6 @@ CHARACTER_CLASS [ABCDEFGHIJKLMNO
|
|
#GRANT_AUX_GROUP_SUBIDS yes
|
|
|
|
#
|
|
-# Prevents an empty password field to be interpreted as "no authentication
|
|
-# required".
|
|
-# Set to "yes" to prevent for all accounts
|
|
-# Set to "superuser" to prevent for UID 0 / root (default)
|
|
-# Set to "no" to not prevent for any account (dangerous, historical default)
|
|
-
|
|
-PREVENT_NO_AUTH superuser
|
|
-
|
|
-#
|
|
# Select the HMAC cryptography algorithm.
|
|
# Used in pam_timestamp module to calculate the keyed-hash message
|
|
# authentication code.
|