Fix openscap security violation in pam-config rpm

Removed all "nullok" occurrences in "system-auth.pamd" file to fix "Prevent Login to Accounts With Empty Password" security violation found using openscap scan. Story: 2008037 Task: 40694 Change-Id: I84fd31dd262dcd3075b14acfcc03b43fb33181f0 Signed-off-by: Carmen Rata <carmen.rata@windriver.com>
2020-08-25 16:03:36 -04:00 · 2020-08-25 16:03:36 -04:00 · 6d128bbcea
parent a27003df46
commit 6d128bbcea
1 changed files with 2 additions and 2 deletions
--- a/pam-config/files/system-auth.pamd
+++ b/pam-config/files/system-auth.pamd
@ -1,6 +1,6 @@
 #%PAM-1.0
 auth        required      pam_env.so
-auth        sufficient    pam_unix.so nullok try_first_pass
+auth        sufficient    pam_unix.so try_first_pass
 auth        requisite     pam_succeed_if.so uid >= 1000 quiet_success
 auth        required      pam_deny.so

@ -21,7 +21,7 @@ account     required      pam_permit.so
 password    requisite     pam_pwquality.so try_first_pass retry=3 authtok_type= difok=3 minlen=7 lcredit=-1 ucredit=-1 ocredit=-1 dcredit=-1 enforce_for_root debug
 password    requisite     pam_pwhistory.so use_authtok enforce_for_root remember=2

-password    [success=2 default=ignore]      pam_unix.so sha512 shadow nullok try_first_pass use_authtok
+password    [success=2 default=ignore]      pam_unix.so sha512 shadow try_first_pass use_authtok
 password    [success=1 default=ignore]      pam_ldap.so use_authtok

 session     optional      pam_keyinit.so revoke