summaryrefslogtreecommitdiff
path: root/src/init/vyos-router
diff options
context:
space:
mode:
authorChristian Breunig <christian@breunig.cc>2023-10-03 09:23:20 +0200
committerChristian Breunig <christian@breunig.cc>2023-10-03 09:31:48 +0200
commit9fa024bdbaa861a6066a1e58afb7a7c6a977820c (patch)
tree4a2918912923bd78549670d5b0ccbda5f16be0a9 /src/init/vyos-router
parentbaa12ccf0f6eb092099a9e17444e9efd86a59fcc (diff)
downloadvyos-1x-9fa024bdbaa861a6066a1e58afb7a7c6a977820c.tar.gz
vyos-1x-9fa024bdbaa861a6066a1e58afb7a7c6a977820c.zip
init: T5577: clear mandatory and optional RADIUS/TACACS PAM settings
This complements commit 5181ab60bb ("RADIUS: T5577: Added 'mandatory' and 'optional' modes for RADIUS") and commit 1c804685d0 ("TACACS: T5577: Added 'mandatory' and 'optional' modes for TACACS+"). As those new services should also be cleaned during system boot.
Diffstat (limited to 'src/init/vyos-router')
-rwxr-xr-xsrc/init/vyos-router4
1 files changed, 2 insertions, 2 deletions
diff --git a/src/init/vyos-router b/src/init/vyos-router
index dd07d2e4b..fbb89a77c 100755
--- a/src/init/vyos-router
+++ b/src/init/vyos-router
@@ -229,9 +229,9 @@ cleanup_post_commit_hooks () {
security_reset ()
{
# restore PAM back to virgin state (no radius/tacacs services)
- pam-auth-update --package --remove radius
+ pam-auth-update --disable radius-mandatory radius-optional
rm -f /etc/pam_radius_auth.conf
- pam-auth-update --package --remove tacplus
+ pam-auth-update --disable tacplus-mandatory tacplus-optional
rm -f /etc/tacplus_nss.conf /etc/tacplus_servers
# Certain configuration files are re-generated by the configuration