diff options
-rw-r--r-- | Makefile | 4 | ||||
-rw-r--r-- | basic-conf | 6 | ||||
-rw-r--r-- | system-auth.in | 4 |
3 files changed, 12 insertions, 2 deletions
@@ -56,6 +56,10 @@ ifeq "$(KRB5)" "yes" PAMFLAGS += -DHAVE_KRB5=1 endif +ifeq "$(NULLOK)" "yes" +PAMFLAGS += -DWANT_NULLOK=1 +endif + ifeq "$(SHA512)" "yes" PAMFLAGS += -DWANT_SHA512=1 endif @@ -29,6 +29,12 @@ #define LIKEAUTH #endif +#if WANT_NULLOK +#define NULLOK nullok +#else +#define NULLOK +#endif + #define KRB5_PARAMS DEBUG ignore_root try_first_pass /* By using the extended Linux-PAM syntax for this, it is possible to diff --git a/system-auth.in b/system-auth.in index 43df701..1f7ffbd 100644 --- a/system-auth.in +++ b/system-auth.in @@ -7,7 +7,7 @@ auth sufficient pam_ssh.so #if HAVE_KRB5 auth KRB5_CONTROL pam_krb5.so KRB5_PARAMS #endif -auth required pam_unix.so try_first_pass LIKEAUTH nullok DEBUG +auth required pam_unix.so try_first_pass LIKEAUTH NULLOK DEBUG /* This is needed to make sure that the Kerberos skip-on-success won't cause a bad jump. */ auth optional pam_permit.so @@ -27,7 +27,7 @@ password required pam_passwdqc.so min=8,8,8,8,8 retry=3 #if HAVE_KRB5 password KRB5_CONTROL pam_krb5.so KRB5_PARAMS #endif -password required pam_unix.so try_first_pass UNIX_AUTHTOK nullok UNIX_EXTENDED_ENCRYPTION DEBUG +password required pam_unix.so try_first_pass UNIX_AUTHTOK NULLOK UNIX_EXTENDED_ENCRYPTION DEBUG /* This is needed to make sure that the Kerberos skip-on-success won't cause a bad jump. */ password optional pam_permit.so |