From e2b8b9b18a38d3c2d99538eb7dbdfa88970e455d Mon Sep 17 00:00:00 2001
From: mboelen <michael@cisofy.com>
Date: Fri, 23 Oct 2015 14:37:48 +0200
Subject: Enabled status of pwhistory module if remember option is used

---
 plugins/plugin_pam_phase1 | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

(limited to 'plugins')

diff --git a/plugins/plugin_pam_phase1 b/plugins/plugin_pam_phase1
index 4e1609ca..c2a4c1de 100644
--- a/plugins/plugin_pam_phase1
+++ b/plugins/plugin_pam_phase1
@@ -150,12 +150,12 @@
                                     pam_mail | pam_mkhomedir | pam_motd) ;;
                                     pam_namespace | pam_nologin) ;;
                                     pam_permit) ;;
+
                                     # Password history - Can be configured via pam_unix or pam_pwhistory
                                     pam_pwhistory)
                                         logtext "Result: found ${PAM_MODULE} module (password history)"
                                         # set default for having pam_pwhistory enabled
                                         if [ "${PAM_PASSWORD_PWHISTORY_AMOUNT}" = "" ]; then PAM_PASSWORD_PWHISTORY_AMOUNT=10; fi
-                                        if [ "${PAM_PASSWORD_PWHISTORY_ENABLED}" = "" ]; then PAM_PASSWORD_PWHISTORY_ENABLED=1; fi
                                         if [ ! "${PAM_MODULE_OPTIONS}" = "" ]; then
                                             for I in ${PAM_MODULE_OPTIONS}; do
                                                 OPTION=`echo ${I} | awk -F= '{ print $1 }'`
@@ -166,6 +166,7 @@
                                                         logtext "Result: password history (remember) configured for pam_pwhistory"
                                                         DigitsOnly ${VALUE}
                                                         PAM_PASSWORD_PWHISTORY_AMOUNT=${VALUE}
+                                                        PAM_PASSWORD_PWHISTORY_ENABLED=1
                                                         Debug "Found password history enabled with module ${PAM_MODULE_NAME} and password amount ${PAM_PASSWORD_PWHISTORY_AMOUNT}"
                                                     ;;
                                                 esac
@@ -348,12 +349,12 @@ logtext "[PAM] Password strength testing enabled: ${PAM_PASSWORD_STRENGTH_TESTED
 if [ ${PAM_PASSWORD_STRENGTH_TESTED} -eq 1 ]; then
     report "password_strength_tested=1"
 
-        if [ ${CREDITS_D_PASSWORD} -ge 1 && ${CREDITS_L_PASSWORD} -ge 1 && ${CREDITS_O_PASSWORD} -ge 1 && ${CREDITS_U_PASSWORD} -ge 1 ]; then
+        if [ ${CREDITS_D_PASSWORD} -ge 1 -a ${CREDITS_L_PASSWORD} -ge 1 -a ${CREDITS_O_PASSWORD} -ge 1 -a ${CREDITS_U_PASSWORD} -ge 1 ]; then
                 # Show how many password class are required out of 4
                 logtext "[PAM] Minimum password class out of 4: ${MIN_PASSWORD_CLASS}"
                 report "min_password_class=${MIN_PASSWORD_CLASS}"
         else
-                logtext "[PAM] Minimum password class setting of ${MIN_PASSWORD_CLASS} out of 4 is ignored since at least 1 class are forced "
+                logtext "[PAM] Minimum password class setting of ${MIN_PASSWORD_CLASS} out of 4 is ignored since at least 1 class are forced"
                 report "min_password_class=ignored"
         fi
 
-- 
cgit v1.2.3