Bugfix: 3572

In the postinstall step, change the PAM configuration for login so that the user is prompted for password even if the username entered is invalid. This prevents people from easily determining whether a username exists or not.
author: Bob Gilligan <gilligan@vyatta.com> 2008-10-01 16:18:14 -0700
committer: Bob Gilligan <gilligan@vyatta.com> 2008-10-01 16:18:14 -0700
commit: bae23e34cfbf5cfb28e7077239ca16b795f4e9a3 (patch)
tree: 435592e78249c36a48bcc7f186ba59248e1220e6 /debian/vyatta-cfg-system.postinst.in
parent: 4ecc05bc5ac7d5a8661306ec8d85b763d02976ba (diff)
download: vyatta-cfg-system-bae23e34cfbf5cfb28e7077239ca16b795f4e9a3.tar.gz
vyatta-cfg-system-bae23e34cfbf5cfb28e7077239ca16b795f4e9a3.zip
1 files changed, 5 insertions, 0 deletions
diff --git a/debian/vyatta-cfg-system.postinst.in b/debian/vyatta-cfg-system.postinst.in
index 2cb0643c..925edcb5 100644
--- a/debian/vyatta-cfg-system.postinst.in
+++ b/debian/vyatta-cfg-system.postinst.in
@@ -87,6 +87,11 @@ fi
 
 sed -i 's/^set /builtin set /' /etc/bash_completion
 
+# Fix up PAM configuration for login so that invalid users are prompted
+# for password
+sed -i 's/requisite[ \t][ \t]*pam_securetty.so/required pam_securetty.so/' $rootfsdir/etc/pam.d/login
+
+
 # Local Variables:
 # mode: shell-script
 # sh-indentation: 4
author	Bob Gilligan <gilligan@vyatta.com>	2008-10-01 16:18:14 -0700
committer	Bob Gilligan <gilligan@vyatta.com>	2008-10-01 16:18:14 -0700
commit	bae23e34cfbf5cfb28e7077239ca16b795f4e9a3 (patch)
tree	435592e78249c36a48bcc7f186ba59248e1220e6 /debian/vyatta-cfg-system.postinst.in
parent	4ecc05bc5ac7d5a8661306ec8d85b763d02976ba (diff)
download	vyatta-cfg-system-bae23e34cfbf5cfb28e7077239ca16b795f4e9a3.tar.gz vyatta-cfg-system-bae23e34cfbf5cfb28e7077239ca16b795f4e9a3.zip