diff options
author | Christian Breunig <christian@breunig.cc> | 2023-10-03 09:23:20 +0200 |
---|---|---|
committer | Christian Breunig <christian@breunig.cc> | 2023-10-03 09:31:48 +0200 |
commit | 9fa024bdbaa861a6066a1e58afb7a7c6a977820c (patch) | |
tree | 4a2918912923bd78549670d5b0ccbda5f16be0a9 /src/init/vyos-router | |
parent | baa12ccf0f6eb092099a9e17444e9efd86a59fcc (diff) | |
download | vyos-1x-9fa024bdbaa861a6066a1e58afb7a7c6a977820c.tar.gz vyos-1x-9fa024bdbaa861a6066a1e58afb7a7c6a977820c.zip |
init: T5577: clear mandatory and optional RADIUS/TACACS PAM settings
This complements commit 5181ab60bb ("RADIUS: T5577: Added 'mandatory' and
'optional' modes for RADIUS") and commit 1c804685d0 ("TACACS: T5577: Added
'mandatory' and 'optional' modes for TACACS+"). As those new services
should also be cleaned during system boot.
Diffstat (limited to 'src/init/vyos-router')
-rwxr-xr-x | src/init/vyos-router | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/src/init/vyos-router b/src/init/vyos-router index dd07d2e4b..fbb89a77c 100755 --- a/src/init/vyos-router +++ b/src/init/vyos-router @@ -229,9 +229,9 @@ cleanup_post_commit_hooks () { security_reset () { # restore PAM back to virgin state (no radius/tacacs services) - pam-auth-update --package --remove radius + pam-auth-update --disable radius-mandatory radius-optional rm -f /etc/pam_radius_auth.conf - pam-auth-update --package --remove tacplus + pam-auth-update --disable tacplus-mandatory tacplus-optional rm -f /etc/tacplus_nss.conf /etc/tacplus_servers # Certain configuration files are re-generated by the configuration |