diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_empty_passwords/tests/no_nullok.pass.sh b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_empty_passwords/tests/no_nullok.pass.sh index 554e4427321..41454c199d9 100644 --- a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_empty_passwords/tests/no_nullok.pass.sh +++ b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_empty_passwords/tests/no_nullok.pass.sh @@ -3,7 +3,38 @@ # packages = pam {{% if 'ubuntu' in product %}} -sed -i --follow-symlinks '/nullok/d' /etc/pam.d/common-password +config_file=/usr/share/pam-configs/tmp_unix + +cat << EOF > "$config_file" +Name: Unix authentication +Default: yes +Priority: 256 +Auth-Type: Primary +Auth: + [success=end default=ignore] pam_unix.so nullok try_first_pass +Auth-Initial: + [success=end default=ignore] pam_unix.so nullok +Account-Type: Primary +Account: + [success=end new_authtok_reqd=done default=ignore] pam_unix.so +Account-Initial: + [success=end new_authtok_reqd=done default=ignore] pam_unix.so +Session-Type: Additional +Session: + required pam_unix.so +Session-Initial: + required pam_unix.so +Password-Type: Primary +Password: + [success=end default=ignore] pam_unix.so obscure use_authtok try_first_pass yescrypt +Password-Initial: + [success=end default=ignore] pam_unix.so obscure yescrypt +EOF + +DEBIAN_FRONTEND=noninteractive pam-auth-update --enable tmp_unix + +rm "$config_file" + {{% else %}} sed -i --follow-symlinks '/nullok/d' /etc/pam.d/system-auth sed -i --follow-symlinks '/nullok/d' /etc/pam.d/password-auth diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_empty_passwords/tests/nullok_commented.pass.sh b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_empty_passwords/tests/nullok_commented.pass.sh index 1f4e2b6f050..a9fa304c5ac 100644 --- a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_empty_passwords/tests/nullok_commented.pass.sh +++ b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_empty_passwords/tests/nullok_commented.pass.sh @@ -1,7 +1,43 @@ #!/bin/bash -# platform = Oracle Linux 7,Red Hat Virtualization 4,multi_platform_fedora +# platform = Oracle Linux 7,Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ubuntu +# packages = pam +{{% if 'ubuntu' in product %}} +config_file=/usr/share/pam-configs/tmp_unix + +cat << EOF > "$config_file" +Name: Unix authentication +Default: yes +Priority: 256 +Auth-Type: Primary +Auth: + [success=end default=ignore] pam_unix.so nullok try_first_pass +Auth-Initial: + [success=end default=ignore] pam_unix.so nullok +Account-Type: Primary +Account: + [success=end new_authtok_reqd=done default=ignore] pam_unix.so +Account-Initial: + [success=end new_authtok_reqd=done default=ignore] pam_unix.so +Session-Type: Additional +Session: + required pam_unix.so +Session-Initial: + required pam_unix.so +Password-Type: Primary +Password: + [success=end default=ignore] pam_unix.so obscure use_authtok try_first_pass yescrypt # nullok +Password-Initial: + [success=end default=ignore] pam_unix.so obscure yescrypt # nullok +EOF + +DEBIAN_FRONTEND=noninteractive pam-auth-update --enable tmp_unix + +rm "$config_file" + +{{% else %}} for pam_file in /etc/pam.d/system-auth /etc/pam.d/password-auth; do sed -i --follow-symlinks '/nullok/d' $pam_file echo "# auth sufficient pam_unix.so try_first_pass nullok" >> $pam_file done +{{% endif %}} diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_empty_passwords/tests/nullok_present.fail.sh b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_empty_passwords/tests/nullok_present.fail.sh index 00ae6330142..004e9c3692d 100644 --- a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_empty_passwords/tests/nullok_present.fail.sh +++ b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_empty_passwords/tests/nullok_present.fail.sh @@ -3,11 +3,37 @@ # packages = pam {{% if 'ubuntu' in product %}} -for FILE in "/etc/pam.d/common-password"; do - if ! grep -q "^[^#].*pam_unix\.so.*nullok" ${FILE}; then - sed -i 's/\(^[^#].*pam_unix\.so\)/\1 nullok/g' ${FILE} - fi -done +config_file=/usr/share/pam-configs/tmp_unix + +cat << EOF > "$config_file" +Name: Unix authentication +Default: yes +Priority: 256 +Auth-Type: Primary +Auth: + [success=end default=ignore] pam_unix.so nullok try_first_pass +Auth-Initial: + [success=end default=ignore] pam_unix.so nullok +Account-Type: Primary +Account: + [success=end new_authtok_reqd=done default=ignore] pam_unix.so +Account-Initial: + [success=end new_authtok_reqd=done default=ignore] pam_unix.so +Session-Type: Additional +Session: + required pam_unix.so +Session-Initial: + required pam_unix.so +Password-Type: Primary +Password: + [success=end default=ignore] pam_unix.so obscure use_authtok try_first_pass yescrypt nullok +Password-Initial: + [success=end default=ignore] pam_unix.so obscure yescrypt nullok +EOF + +DEBIAN_FRONTEND=noninteractive pam-auth-update --enable tmp_unix + +rm "$config_file" {{% else %}} SYSTEM_AUTH_FILE="/etc/pam.d/system-auth"