VesperOS/shadow
6
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
1,052 Commits 10 Branches 149 Tags
41662e422bb7cd948c729aea4675fb9dbbd2425f
Commit Graph

25 Commits

Author SHA1 Message Date
Serge Hallyn 3d71c62ab1 Drop lastlog (zeha@debian.org) 
Signed-off-by: Serge Hallyn <serge@hallyn.com>
 2024-05-30 11:17:38 -05:00
Balint Reczey d7ce68863e debian/login.pam: Drop reference to Debian Etch 
Closes: #1040064
 2023-07-02 20:59:28 +02:00
Laurent Bigonville 4d8a10d86c Move the call to pam_motd before pam_selinux open 
pam_selinux calls setexeccon() with the context of the user, that means
that the first execve() after the call to "pam_selinux open" will be
executed in the user's context.

As pam_motd in debian calls system() to run run-parts to generate the
motd dynamically we need to be sure that this is done before that so it
runs in the context of the login executable.
 2019-09-03 17:00:06 +02:00
Balint Reczey f1f3ef5674 Stop shipping and honoring /etc/securetty 
Closes: #731656, #830255, #879903, #920764, #771675, #917893, #607073
 2019-06-23 15:48:00 +02:00
Balint Reczey 40146019e6 Sync motd handling with sshd 
Using patch from Ubuntu

Closes: #757148
 2017-01-20 20:41:49 +01:00
Balint Reczey 70c472f91d Add call to pam_keyinit for login pam service 
This module is linux-any only, so copy what openssh has already done and
remove the call at build time for other architectures.

The call to this module is needed to have proper per-session kernel
keyring.

Closes: #734671
 2017-01-19 16:14:42 +01:00
Christian Perrier a975974d2c Fix typos in login.pam (thanks to Jakub Wilk for reporting) 
Closes: #747115
 2017-01-18 18:17:55 +01:00
Laurent Bigonville 60d4dc5ae0 Move pam_selinux open call higher in the session stack 
Closes: #747313
 2017-01-18 17:05:36 +01:00
Serge Hallyn 5a6e0c0ebd Merge upstream 4.3 2016-07-30 23:29:49 -05:00
Laurent Bigonville a154eb5401 Move pam_selinux open call higher in the session stack 2014-05-08 08:46:37 +02:00
Christian Perrier 4a2fadfa21 Fix typos in login.pam (thanks to Jakub Wilk for reporting) Closes: #747115 2014-05-06 07:39:52 +02:00
Christian Perrier 60c9571605 use the new pam_exec functionality from pam 1.1.8-1 to implement the dynamic motd, rather than using /run/motd.dynamic from initscripts. This will allow initscripts to drop /etc/init.d/motd. Closes: #741129 2014-04-30 22:23:26 +02:00
Christian Perrier 22d833f38e Use Laurent's patch 2013-07-28 18:51:01 +02:00
Christian Perrier 08807ee3fc Add pam_loginuid to login PAM sattings. Closes: #677441 2013-07-28 18:49:00 +02:00
bubulle 62c424ce33 Another change suggested by Roger 2012-05-22 18:43:16 +00:00
bubulle ac43a9a2d5 Separation of static and dynamic motd components in login PAM module 
Closes: #669698
 2012-04-21 12:06:55 +00:00
bubulle 801dc30dc9 Fix typo in /etc/pam.d/login comments. Thanks to Ferenc Wagner. 
Closes: #598717
 2010-10-02 11:30:52 +00:00
nekral-guest 3a91912281 Apply patch already described in the curent changelog: 
* debian/login.pam: return back to mostly "requisite" for the pam_securetty
    PAM module, but ignore PAM_USER_UNKNOWN. This will avoid root from
    entering a password, and will also avoid user enumeration attacks.
    Mis-typed root login are not protected, only root can be blamed for
    mis-typing and entering a password on an insecure line. Users willing to
    protect against mis-typed root login can use "requisite", but will be
    vulnerable to user enumeration attacks on insecure lines, and should use
    pam 1.1.0-4 at least. Closes: #574082, #531341
 2010-03-20 10:57:44 +00:00
bubulle f5e0895b3a Revert pam_securetty to "requisite" 2010-03-16 06:59:46 +00:00
nekral-guest 1a58cb2346 * debian/login.pam: pam_securetty included as a required module instead of 
requisite to avoid leak of user name information. Closes: #531341
 2009-07-23 20:56:32 +00:00
nekral-guest a97b3a382b * The "Banonet" release. 
* debian/login.pam: Really ignore pam_selinux.so failures when the module do
    not exist. Closes: #528673
 2009-05-16 10:15:38 +00:00
nekral-guest 6ff5ab6af4 * debian/login.pam: Ignore pam_selinux.so failures when the module do not 
exist. A required pam_selinux.so makes login fail when the module does not
    exist (e.g. on architecture without SE Linux support). Closes: #528673
 2009-05-14 19:11:38 +00:00
nekral-guest e5aa1773d3 * debian/login.pam: Updated support for SELinux. Closes: #527106 2009-05-09 21:34:55 +00:00
nekral-guest 2d5f7a20d7 Merge changes from the lenny branch: 
svn merge svn://svn.debian.org/svn/pkg-shadow/debian/branches/lenny@2000 svn//svn.debian.org/svn/pkg-shadow/debian/branches/lenny@2271 svn://svn.debian.org/svn/pkg-shadow/debian/trunk
Previous changes moved to 4.1.2-1 (experimental).
 2008-08-31 19:16:54 +00:00
nekral-guest 39beb1da3a 105_zn_CN was just applied to upstream repository. 
Tag 104_man-sv, 101_ja, and 103_man-de as going to be fixed in 4.0.18.2.
 2007-10-27 12:51:13 +00:00