diff options
author | mboelen <michael@cisofy.com> | 2015-10-23 15:37:48 +0300 |
---|---|---|
committer | mboelen <michael@cisofy.com> | 2015-10-23 15:37:48 +0300 |
commit | e2b8b9b18a38d3c2d99538eb7dbdfa88970e455d (patch) | |
tree | f3ba38e7c4be2fd9afe5f545241639e8dd060ea5 /plugins | |
parent | a98f377f4d098d45f766c63f7b439772c779024c (diff) |
Enabled status of pwhistory module if remember option is used
Diffstat (limited to 'plugins')
-rw-r--r-- | plugins/plugin_pam_phase1 | 7 |
1 files changed, 4 insertions, 3 deletions
diff --git a/plugins/plugin_pam_phase1 b/plugins/plugin_pam_phase1 index 4e1609ca..c2a4c1de 100644 --- a/plugins/plugin_pam_phase1 +++ b/plugins/plugin_pam_phase1 @@ -150,12 +150,12 @@ pam_mail | pam_mkhomedir | pam_motd) ;; pam_namespace | pam_nologin) ;; pam_permit) ;; + # Password history - Can be configured via pam_unix or pam_pwhistory pam_pwhistory) logtext "Result: found ${PAM_MODULE} module (password history)" # set default for having pam_pwhistory enabled if [ "${PAM_PASSWORD_PWHISTORY_AMOUNT}" = "" ]; then PAM_PASSWORD_PWHISTORY_AMOUNT=10; fi - if [ "${PAM_PASSWORD_PWHISTORY_ENABLED}" = "" ]; then PAM_PASSWORD_PWHISTORY_ENABLED=1; fi if [ ! "${PAM_MODULE_OPTIONS}" = "" ]; then for I in ${PAM_MODULE_OPTIONS}; do OPTION=`echo ${I} | awk -F= '{ print $1 }'` @@ -166,6 +166,7 @@ logtext "Result: password history (remember) configured for pam_pwhistory" DigitsOnly ${VALUE} PAM_PASSWORD_PWHISTORY_AMOUNT=${VALUE} + PAM_PASSWORD_PWHISTORY_ENABLED=1 Debug "Found password history enabled with module ${PAM_MODULE_NAME} and password amount ${PAM_PASSWORD_PWHISTORY_AMOUNT}" ;; esac @@ -348,12 +349,12 @@ logtext "[PAM] Password strength testing enabled: ${PAM_PASSWORD_STRENGTH_TESTED if [ ${PAM_PASSWORD_STRENGTH_TESTED} -eq 1 ]; then report "password_strength_tested=1" - if [ ${CREDITS_D_PASSWORD} -ge 1 && ${CREDITS_L_PASSWORD} -ge 1 && ${CREDITS_O_PASSWORD} -ge 1 && ${CREDITS_U_PASSWORD} -ge 1 ]; then + if [ ${CREDITS_D_PASSWORD} -ge 1 -a ${CREDITS_L_PASSWORD} -ge 1 -a ${CREDITS_O_PASSWORD} -ge 1 -a ${CREDITS_U_PASSWORD} -ge 1 ]; then # Show how many password class are required out of 4 logtext "[PAM] Minimum password class out of 4: ${MIN_PASSWORD_CLASS}" report "min_password_class=${MIN_PASSWORD_CLASS}" else - logtext "[PAM] Minimum password class setting of ${MIN_PASSWORD_CLASS} out of 4 is ignored since at least 1 class are forced " + logtext "[PAM] Minimum password class setting of ${MIN_PASSWORD_CLASS} out of 4 is ignored since at least 1 class are forced" report "min_password_class=ignored" fi |