Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

nilrt-snac configure: create required file, opasswd #35

Merged
merged 1 commit into from
Oct 29, 2024
Merged

nilrt-snac configure: create required file, opasswd #35

merged 1 commit into from
Oct 29, 2024

Conversation

AlexHearnNI
Copy link
Collaborator

The remember option of pam_unix requires the existence of an opasswd file to store the previous passwords.

Summary of Changes

Create the file, /etc/security/opasswd.

Justification

Without this change, users (other than root) cannot change their password.

Testing

I ran nilrt-snac configure and then was able to log in as a different user and change the user's password.

Procedure

@AlexHearnNI
nilrt-snac configure: create required file, opasswd
3ac8efd 
The 'remember' option of pam_unix requires the existence of an opasswd
file to store the previous passwords. If the opasswd file doesn't exist,
then non-root users are unable to change their passwords.

Signed-off-by: Alex Hearn <[email protected]>
@AlexHearnNI AlexHearnNI requested a review from a team October 24, 2024 17:50
@amstewart
Copy link
Collaborator

Is this a deficiency in the upstream pwquality recipe? Should it be generating the file?

@AlexHearnNI
Copy link
Collaborator Author

Is this a deficiency in the upstream pwquality recipe? Should it be generating the file?

_pwquality_config.py is configuring two things, password quality and password history. We're using pam_unix to implement password history. I don't know whether or not the pam-plugin-unix package ought to proactively create the opasswd file; I can think of arguments for either way. I would defer to your judgment.

@amstewart
Copy link
Collaborator

Nah. I don't feel like forcing us to spend the time to try and fix it upstream, it isn't clear.

@amstewart amstewart merged commit ff6ccd6 into ni:master Oct 29, 2024
2 checks passed
@AlexHearnNI AlexHearnNI deleted the passwd branch October 29, 2024 22:32
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@amstewart amstewart amstewart approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@AlexHearnNI @amstewart