-
Notifications
You must be signed in to change notification settings - Fork 684
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Backport and fix remediation for smartcard_pam_enabled
The line `auth [success=2 default=ignore] pam_pkcs11.so` is incorrectly inserted at the top of the pam file. This breaks the functionality if other rules insert modules between this line and pam_unix.so (looking at you faillock preauth). One option would be to add another position argument to the function, e.g. "above_pam_unix", and place the line accordingly. However, this would require modifying the analogous macro upstream, which is not ideal. To make things worse, the upstream macro does not have the position functionality implemented. To avoid messing with the function, a better option is to switch to using another macro which was recently backported from upstream, which supports appending lines after a specific match.
- Loading branch information
1 parent
eec4d10
commit 68cb5d6
Showing
4 changed files
with
4 additions
and
4 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters