starlingx/config-files
Code Issues Proposed changes
config-files/pam-config/source-debian/system-auth.pamd
Yan Kabuki 07e5e43489 Migrate pam-config package to Debian 
Modified pam-config package to add support to Debian packaging.

Test Plan:

PASS: Package installed and ISO built sucessfully
PASS: Package files were copied with right permissions

Story: 2009256
Task: 43544

Signed-off-by: Yan Kabuki <Yan.HiroakiKabuki@windriver.com>
Change-Id: I1bc1704f795a9ca477aee479c83074bbbdf10a42
2021-11-25 09:35:09 -03:00

32 lines
1.6 KiB
Plaintext
Executable File
Raw Blame History

#%PAM-1.0
auth required pam_env.so
auth sufficient pam_unix.so try_first_pass
auth requisite pam_succeed_if.so uid >= 1000 quiet_success
auth required pam_deny.so
account required pam_unix.so
account sufficient pam_localuser.so
account sufficient pam_succeed_if.so uid < 1000 quiet
account required pam_permit.so
################# StarlingX Cloud Password Rules #######################
# Enforce a password containing atleast 1 lower case, 1 upper case, #
# 1 digit and 1 special character. Such a password will have a #
# minimum length of 7 characters. A user may not re-use the last most #
# recent password and every password must differ from its previous #
# one by atleast 3 characters #
# - Added enforce_for_root for pam_pwquality.so #
#######################################################################
password requisite pam_pwquality.so try_first_pass retry=3 authtok_type= difok=3 minlen=7 lcredit=-1 ucredit=-1 ocredit=-1 dcredit=-1 enforce_for_root debug
password requisite pam_pwhistory.so use_authtok enforce_for_root remember=2
password [success=2 default=ignore] pam_unix.so sha512 shadow try_first_pass use_authtok
password [success=1 default=ignore] pam_ldap.so use_authtok
session optional pam_keyinit.so revoke
session required pam_limits.so
-session optional pam_systemd.so
session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid
session required pam_unix.so
View Git Blame Copy Permalink