summaryrefslogtreecommitdiff
path: root/src/init
diff options
context:
space:
mode:
authorChristian Breunig <christian@breunig.cc>2023-10-03 09:23:20 +0200
committerzsdc <taras@vyos.io>2023-11-20 18:57:20 +0200
commite1bf5516bbb00de5689a1091a6e21b1fc45a7340 (patch)
treed21b061fdbb978b5e0ab6897bbe7fe6736b51eb1 /src/init
parentc5dbc2049fd4fb2da6a0173611970978b11ec362 (diff)
downloadvyos-1x-e1bf5516bbb00de5689a1091a6e21b1fc45a7340.tar.gz
vyos-1x-e1bf5516bbb00de5689a1091a6e21b1fc45a7340.zip
init: T5577: clear mandatory and optional RADIUS/TACACS PAM settings
This complements commit 5181ab60bb ("RADIUS: T5577: Added 'mandatory' and 'optional' modes for RADIUS") and commit 1c804685d0 ("TACACS: T5577: Added 'mandatory' and 'optional' modes for TACACS+"). As those new services should also be cleaned during system boot.
Diffstat (limited to 'src/init')
-rwxr-xr-xsrc/init/vyos-router4
1 files changed, 2 insertions, 2 deletions
diff --git a/src/init/vyos-router b/src/init/vyos-router
index 3db06b368..3445da2cf 100755
--- a/src/init/vyos-router
+++ b/src/init/vyos-router
@@ -256,9 +256,9 @@ netgroup: nis
EOF
# restore PAM back to virgin state (no radius/tacacs services)
- pam-auth-update --package --remove radius
+ pam-auth-update --disable radius-mandatory radius-optional
rm -f /etc/pam_radius_auth.conf
- pam-auth-update --package --remove tacplus
+ pam-auth-update --disable tacplus-mandatory tacplus-optional
rm -f /etc/tacplus_nss.conf /etc/tacplus_servers
# Certain configuration files are re-generated by the configuration