[OE-core] [V2 PATCH] shadow.inc: remove pam.d/chpasswd and pam.d/newusers
Hongxu Jia
hongxu.jia at windriver.com
Fri Jul 14 09:34:59 UTC 2017
* Problem:
While pam is enabled:
...
DISTRO_FEATURES_append = " pam"
...
Fix below errors on target:
...
root at qemux86:~# newusers
newusers: PAM: Authentication failure
root at qemux86:~# chpasswd
chpasswd: PAM: Authentication failure
...
* Analysis:
The pam.d/chpasswd and pam.d/newusers were added since OE-Classic:
...
https://github.com/openembedded/openembedded.git
commit 4677a67913c5ec376eb016e6aac21f9a7ad5e9c4
Author: David-John Willis <John.Willis at Distant-earth.com>
Date: Mon Nov 9 07:54:07 2009 +0000
shadow: Add version 4.1.4.2 and checksum.
...
And they were debian similar, but debian works well.
Becuase debian built shadow with option `--disable-account-tools-setuid'
...
* debian/patches/504_undef_USE_PAM.nolibpam,
debian/patches/504_undef_USE_PAM.dpatch, debian/rules: Patches removed.
Replaced by the --disable-account-tools-setuid configure option.
...
https://tracker.debian.org/media/packages/s/shadow/rules-1%3A4.2-3%2Bdeb8u1
(In debian, if built shadow without --disable-account-tools-setuid,
it has the same issue)
And OE removed --disable-account-tools-setuid later:
...
commit f6535ea12ab7f4d99adbe78919a7ed252175565f
Author: Kevin Tian <kevin.tian at intel.com>
Date: Fri Aug 6 10:34:29 2010 +0800
shadow: add new recipe 4.1.4.2
(borrow from OpenEmbedded with below tweaks)
Enhance login_defs_pam.sed according to shadow source, to ensuer we don't
leave any unknown definitions in /etc/login.defs when pam is enabled
no need for --disable-account-tools-setuid which is detected upon pam
automatically, and no specific CFLAGS append
...
* Solution
Remove the pam config files and use the one provided by shadow.
Signed-off-by: Hongxu Jia <hongxu.jia at windriver.com>
---
meta/recipes-extended/shadow/files/pam.d/chpasswd | 4 ----
meta/recipes-extended/shadow/files/pam.d/newusers | 4 ----
meta/recipes-extended/shadow/shadow.inc | 2 --
3 files changed, 10 deletions(-)
delete mode 100644 meta/recipes-extended/shadow/files/pam.d/chpasswd
delete mode 100644 meta/recipes-extended/shadow/files/pam.d/newusers
diff --git a/meta/recipes-extended/shadow/files/pam.d/chpasswd b/meta/recipes-extended/shadow/files/pam.d/chpasswd
deleted file mode 100644
index 9e3efa6..0000000
--- a/meta/recipes-extended/shadow/files/pam.d/chpasswd
+++ /dev/null
@@ -1,4 +0,0 @@
-# The PAM configuration file for the Shadow 'chpasswd' service
-#
-
-password include common-password
diff --git a/meta/recipes-extended/shadow/files/pam.d/newusers b/meta/recipes-extended/shadow/files/pam.d/newusers
deleted file mode 100644
index 4aa3dde..0000000
--- a/meta/recipes-extended/shadow/files/pam.d/newusers
+++ /dev/null
@@ -1,4 +0,0 @@
-# The PAM configuration file for the Shadow 'newusers' service
-#
-
-password include common-password
diff --git a/meta/recipes-extended/shadow/shadow.inc b/meta/recipes-extended/shadow/shadow.inc
index 5e6b0bd..1770216 100644
--- a/meta/recipes-extended/shadow/shadow.inc
+++ b/meta/recipes-extended/shadow/shadow.inc
@@ -40,10 +40,8 @@ SRC_URI[sha256sum] = "3b0893d1476766868cd88920f4f1231c4795652aa407569faff802bcda
# Additional Policy files for PAM
PAM_SRC_URI = "file://pam.d/chfn \
- file://pam.d/chpasswd \
file://pam.d/chsh \
file://pam.d/login \
- file://pam.d/newusers \
file://pam.d/passwd \
file://pam.d/su"
--
2.8.1
More information about the Openembedded-core
mailing list