Fix openscap security violation in pam-config rpm
Removed all "nullok" occurrences in "system-auth.pamd" file to fix "Prevent Login to Accounts With Empty Password" security violation found using openscap scan. Story: 2008037 Task: 40694 Change-Id: I84fd31dd262dcd3075b14acfcc03b43fb33181f0 Signed-off-by: Carmen Rata <carmen.rata@windriver.com>
This commit is contained in:
parent
a27003df46
commit
6d128bbcea
|
@ -1,6 +1,6 @@
|
|||
#%PAM-1.0
|
||||
auth required pam_env.so
|
||||
auth sufficient pam_unix.so nullok try_first_pass
|
||||
auth sufficient pam_unix.so try_first_pass
|
||||
auth requisite pam_succeed_if.so uid >= 1000 quiet_success
|
||||
auth required pam_deny.so
|
||||
|
||||
|
@ -21,7 +21,7 @@ account required pam_permit.so
|
|||
password requisite pam_pwquality.so try_first_pass retry=3 authtok_type= difok=3 minlen=7 lcredit=-1 ucredit=-1 ocredit=-1 dcredit=-1 enforce_for_root debug
|
||||
password requisite pam_pwhistory.so use_authtok enforce_for_root remember=2
|
||||
|
||||
password [success=2 default=ignore] pam_unix.so sha512 shadow nullok try_first_pass use_authtok
|
||||
password [success=2 default=ignore] pam_unix.so sha512 shadow try_first_pass use_authtok
|
||||
password [success=1 default=ignore] pam_ldap.so use_authtok
|
||||
|
||||
session optional pam_keyinit.so revoke
|
||||
|
|
Loading…
Reference in New Issue