From cc7a265195079c63a694e24a528c444bfa6a2646 Mon Sep 17 00:00:00 2001
From: Simon Rettberg
Date: Tue, 26 Apr 2016 14:02:17 +0200
Subject: [ldap/ad] Add pam line for bwidm auth

---
 data/ad/common-account | 5 +++--
 data/ad/common-auth    | 6 ++++--
 2 files changed, 7 insertions(+), 4 deletions(-)

diff --git a/data/ad/common-account b/data/ad/common-account
index 5de6729..341a340 100644
--- a/data/ad/common-account
+++ b/data/ad/common-account
@@ -1,5 +1,6 @@
-account	[success=2 new_authtok_reqd=done default=ignore]	pam_unix.so
-account	[success=1 default=ignore]	pam_sss.so use_first_pass
+account	[success=3 new_authtok_reqd=done default=ignore]	pam_unix.so
+account	[success=2 new_authtok_reqd=done default=ignore]	pam_exec.so quiet /opt/openslx/scripts/pam_bwidm
+account	[success=1 default=ignore]	pam_sss.so
 # here's the fallback if no module succeeds
 account	requisite			pam_deny.so
 # prime the stack with a positive return value if there isn't one already;
diff --git a/data/ad/common-auth b/data/ad/common-auth
index 2fb9810..f7e97a5 100644
--- a/data/ad/common-auth
+++ b/data/ad/common-auth
@@ -1,6 +1,8 @@
-auth	[success=2 default=ignore]	pam_unix.so nullok_secure
-auth	[success=1 default=ignore]	pam_sss.so use_first_pass
+auth	[success=4 default=ignore]	pam_unix.so nodelay
+auth	[success=3 default=ignore] pam_exec.so quiet expose_authtok /opt/openslx/scripts/pam_bwidm
+auth	[success=2 default=ignore]	pam_sss.so use_first_pass
 # here's the fallback if no module succeeds
+auth  optional          pam_faildelay.so delay=2123123
 auth	requisite			pam_deny.so
 auth	optional			pam_script.so expose=1
 # prime the stack with a positive return value if there isn't one already;
-- 
cgit v1.2.3-55-g7522