Skip to content

Commit

Permalink
fix credit disabled, by setting 0 instead to be clear
Browse files Browse the repository at this point in the history
  • Loading branch information
davidpil2002 committed Mar 28, 2022
1 parent a4d452b commit 93072bd
Show file tree
Hide file tree
Showing 3 changed files with 5 additions and 5 deletions.
4 changes: 2 additions & 2 deletions src/sonic-host-services-data/templates/common-password.j2
Original file line number Diff line number Diff line change
Expand Up @@ -26,9 +26,9 @@

{% if passw_policies %}
{% if passw_policies['state'] == 'enabled' %}
password requisite pam_cracklib.so retry=3 maxrepeat=0 {% if passw_policies['len_min'] %}minlen={{passw_policies['len_min']}}{% endif %} {% if passw_policies['upper_class'] %}ucredit=-1{% endif %} {% if passw_policies['lower_class'] %}lcredit=-1{% endif %} {% if passw_policies['digits_class'] %}dcredit=-1{% endif %} {% if passw_policies['special_class'] %}ocredit=-1{% endif %} {% if passw_policies['reject_user_passw_match'] %}reject_username{% endif %} enforce_for_root
password requisite pam_cracklib.so retry=3 maxrepeat=0 {% if passw_policies['len_min'] %}minlen={{passw_policies['len_min']}}{% endif %} {% if passw_policies['upper_class'] %}ucredit=-1{% else %}ucredit=0{% endif %} {% if passw_policies['lower_class'] %}lcredit=-1{% else %}lcredit=0{% endif %} {% if passw_policies['digits_class'] %}dcredit=-1{% else %}dcredit=0{% endif %} {% if passw_policies['special_class'] %}ocredit=-1{% else %}ocredit=0{% endif %} {% if passw_policies['reject_user_passw_match'] %}reject_username{% endif %} enforce_for_root

password required pam_pwhistory.so {% if passw_policies['history_cnt'] %}remember={{passw_policies['history_cnt']}}{% endif %} use_authtok
password required pam_pwhistory.so {% if passw_policies['history_cnt'] %}remember={{passw_policies['history_cnt']}}{% endif %} use_authtok enforce_for_root
{% endif %}
{% endif %}

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -24,9 +24,9 @@

# here are the per-package modules (the "Primary" block)

password requisite pam_cracklib.so retry=3 maxrepeat=0 minlen=8 dcredit=-1 enforce_for_root
password requisite pam_cracklib.so retry=3 maxrepeat=0 minlen=8 ucredit=0 lcredit=0 dcredit=-1 ocredit=0 enforce_for_root

password required pam_pwhistory.so remember=0 use_authtok
password required pam_pwhistory.so remember=0 use_authtok enforce_for_root

password [success=1 default=ignore] pam_unix.so obscure yescrypt
# here's the fallback if no module succeeds
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -26,7 +26,7 @@

password requisite pam_cracklib.so retry=3 maxrepeat=0 minlen=8 ucredit=-1 lcredit=-1 dcredit=-1 ocredit=-1 reject_username enforce_for_root

password required pam_pwhistory.so remember=10 use_authtok
password required pam_pwhistory.so remember=10 use_authtok enforce_for_root

password [success=1 default=ignore] pam_unix.so obscure yescrypt
# here's the fallback if no module succeeds
Expand Down

0 comments on commit 93072bd

Please sign in to comment.