From adef1185caa1f372420d6dd71d4968115ae0e3bf Mon Sep 17 00:00:00 2001 From: Mike Frysinger Date: Fri, 13 Feb 2015 22:34:50 -0500 Subject: make nullok into a build time option --- Makefile | 4 ++++ basic-conf | 6 ++++++ system-auth.in | 4 ++-- 3 files changed, 12 insertions(+), 2 deletions(-) diff --git a/Makefile b/Makefile index 339de62..a459fd0 100644 --- a/Makefile +++ b/Makefile @@ -56,6 +56,10 @@ ifeq "$(KRB5)" "yes" PAMFLAGS += -DHAVE_KRB5=1 endif +ifeq "$(NULLOK)" "yes" +PAMFLAGS += -DWANT_NULLOK=1 +endif + ifeq "$(SHA512)" "yes" PAMFLAGS += -DWANT_SHA512=1 endif diff --git a/basic-conf b/basic-conf index eaa1cb0..5ab72c0 100644 --- a/basic-conf +++ b/basic-conf @@ -29,6 +29,12 @@ #define LIKEAUTH #endif +#if WANT_NULLOK +#define NULLOK nullok +#else +#define NULLOK +#endif + #define KRB5_PARAMS DEBUG ignore_root try_first_pass /* By using the extended Linux-PAM syntax for this, it is possible to diff --git a/system-auth.in b/system-auth.in index 43df701..1f7ffbd 100644 --- a/system-auth.in +++ b/system-auth.in @@ -7,7 +7,7 @@ auth sufficient pam_ssh.so #if HAVE_KRB5 auth KRB5_CONTROL pam_krb5.so KRB5_PARAMS #endif -auth required pam_unix.so try_first_pass LIKEAUTH nullok DEBUG +auth required pam_unix.so try_first_pass LIKEAUTH NULLOK DEBUG /* This is needed to make sure that the Kerberos skip-on-success won't cause a bad jump. */ auth optional pam_permit.so @@ -27,7 +27,7 @@ password required pam_passwdqc.so min=8,8,8,8,8 retry=3 #if HAVE_KRB5 password KRB5_CONTROL pam_krb5.so KRB5_PARAMS #endif -password required pam_unix.so try_first_pass UNIX_AUTHTOK nullok UNIX_EXTENDED_ENCRYPTION DEBUG +password required pam_unix.so try_first_pass UNIX_AUTHTOK NULLOK UNIX_EXTENDED_ENCRYPTION DEBUG /* This is needed to make sure that the Kerberos skip-on-success won't cause a bad jump. */ password optional pam_permit.so -- cgit v1.2.3-65-gdbad