aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--Makefile4
-rw-r--r--basic-conf6
-rw-r--r--system-auth.in4
3 files changed, 12 insertions, 2 deletions
diff --git a/Makefile b/Makefile
index 339de62..a459fd0 100644
--- a/Makefile
+++ b/Makefile
@@ -56,6 +56,10 @@ ifeq "$(KRB5)" "yes"
PAMFLAGS += -DHAVE_KRB5=1
endif
+ifeq "$(NULLOK)" "yes"
+PAMFLAGS += -DWANT_NULLOK=1
+endif
+
ifeq "$(SHA512)" "yes"
PAMFLAGS += -DWANT_SHA512=1
endif
diff --git a/basic-conf b/basic-conf
index eaa1cb0..5ab72c0 100644
--- a/basic-conf
+++ b/basic-conf
@@ -29,6 +29,12 @@
#define LIKEAUTH
#endif
+#if WANT_NULLOK
+#define NULLOK nullok
+#else
+#define NULLOK
+#endif
+
#define KRB5_PARAMS DEBUG ignore_root try_first_pass
/* By using the extended Linux-PAM syntax for this, it is possible to
diff --git a/system-auth.in b/system-auth.in
index 43df701..1f7ffbd 100644
--- a/system-auth.in
+++ b/system-auth.in
@@ -7,7 +7,7 @@ auth sufficient pam_ssh.so
#if HAVE_KRB5
auth KRB5_CONTROL pam_krb5.so KRB5_PARAMS
#endif
-auth required pam_unix.so try_first_pass LIKEAUTH nullok DEBUG
+auth required pam_unix.so try_first_pass LIKEAUTH NULLOK DEBUG
/* This is needed to make sure that the Kerberos skip-on-success won't cause a bad jump. */
auth optional pam_permit.so
@@ -27,7 +27,7 @@ password required pam_passwdqc.so min=8,8,8,8,8 retry=3
#if HAVE_KRB5
password KRB5_CONTROL pam_krb5.so KRB5_PARAMS
#endif
-password required pam_unix.so try_first_pass UNIX_AUTHTOK nullok UNIX_EXTENDED_ENCRYPTION DEBUG
+password required pam_unix.so try_first_pass UNIX_AUTHTOK NULLOK UNIX_EXTENDED_ENCRYPTION DEBUG
/* This is needed to make sure that the Kerberos skip-on-success won't cause a bad jump. */
password optional pam_permit.so