diff options
author | Simon Rettberg | 2019-06-28 16:08:18 +0200 |
---|---|---|
committer | root | 2019-06-28 17:12:39 +0200 |
commit | 2318dd33592a354465de4496a99b6d02ada2fa41 (patch) | |
tree | 664a6e6ca8b11b2059f5c4538ff45286525d9afc /core/modules/pam-slx-plug/data/opt/openslx/pam/systemd/create-pam-config | |
parent | [pam-bwidm] Improve some checks; only generate UID if none yet (diff) | |
download | mltk-2318dd33592a354465de4496a99b6d02ada2fa41.tar.gz mltk-2318dd33592a354465de4496a99b6d02ada2fa41.tar.xz mltk-2318dd33592a354465de4496a99b6d02ada2fa41.zip |
[pam-slx-plug] Add auth-final-exec hook
On successful authentication, run everything
in dir /opt/openslx/pam/hooks/auth-final-exec.d
This applies no matter which authentication module
succeeded, contrary to the old pam_script_auth.d directory.
Note that the password is NOT exposed in this hook,
and it is only run if the pam stack is executing in root
context.
Diffstat (limited to 'core/modules/pam-slx-plug/data/opt/openslx/pam/systemd/create-pam-config')
-rwxr-xr-x | core/modules/pam-slx-plug/data/opt/openslx/pam/systemd/create-pam-config | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/core/modules/pam-slx-plug/data/opt/openslx/pam/systemd/create-pam-config b/core/modules/pam-slx-plug/data/opt/openslx/pam/systemd/create-pam-config index 7de43b7e..a4daa837 100755 --- a/core/modules/pam-slx-plug/data/opt/openslx/pam/systemd/create-pam-config +++ b/core/modules/pam-slx-plug/data/opt/openslx/pam/systemd/create-pam-config @@ -135,6 +135,7 @@ if grep -q '<slx-autogen>' "/etc/pam.d/common-auth"; then cat >> "$tmpfile" <<-HERE auth optional pam_faildelay.so delay=2123123 auth requisite pam_deny.so + auth optional pam_exec.so quiet /opt/openslx/pam/exec_auth_final auth required pam_permit.so auth optional pam_cap.so HERE |