From bae23e34cfbf5cfb28e7077239ca16b795f4e9a3 Mon Sep 17 00:00:00 2001
From: Bob Gilligan <gilligan@vyatta.com>
Date: Wed, 1 Oct 2008 16:18:14 -0700
Subject: Bugfix: 3572 In the postinstall step, change the PAM configuration
 for login so that the user is prompted for password even if the username
 entered is invalid.  This prevents people from easily determining whether a
 username exists or not.

---
 debian/vyatta-cfg-system.postinst.in | 5 +++++
 1 file changed, 5 insertions(+)

(limited to 'debian')

diff --git a/debian/vyatta-cfg-system.postinst.in b/debian/vyatta-cfg-system.postinst.in
index 2cb0643c..925edcb5 100644
--- a/debian/vyatta-cfg-system.postinst.in
+++ b/debian/vyatta-cfg-system.postinst.in
@@ -87,6 +87,11 @@ fi
 
 sed -i 's/^set /builtin set /' /etc/bash_completion
 
+# Fix up PAM configuration for login so that invalid users are prompted
+# for password
+sed -i 's/requisite[ \t][ \t]*pam_securetty.so/required pam_securetty.so/' $rootfsdir/etc/pam.d/login
+
+
 # Local Variables:
 # mode: shell-script
 # sh-indentation: 4
-- 
cgit v1.2.3