Gitiles
Code Review Sign In
gerrit.openbmc.org / openbmc / meta-phosphor / 15a293b458ef2f013356f9746c0ac7a20e59c1c1
commit15a293b458ef2f013356f9746c0ac7a20e59c1c1[log] [tgz]
authorRichard Marian Thomaiyar <richard.marian.thomaiyar@linux.intel.com>Sat Nov 02 21:24:29 2019 +0530
committerBrad Bishop <bradleyb@fuzziesquirrel.com>Tue Nov 05 13:46:47 2019 +0000
tree48dd5aebfefa4ec1d73938433025f05062b43475
parent9257b20e3d83be1e7f0350080efac62de44c3600 [diff]
pam: Disable sensitive log & nullok

pam_unix logs user name when sessions are established, quiet
the same in configuraiton. This is done to avoid logging user name
as logs will be exported as part of debug log dump etc, thereby
compramising sensitive information.
Also disallow nullok login from security point of it.

Tested:
1. Verified that session establishment are not recorded with user
name.
2. Verfieid webui, redfish, ipmi, ssh login works as expected.

Change-Id: I3ddd0644fdc9c25f8252d0ca82d0d62b597c4447
Signed-off-by: Richard Marian Thomaiyar <richard.marian.thomaiyar@linux.intel.com>
3 files changed
tree: 48dd5aebfefa4ec1d73938433025f05062b43475
  1. aspeed-layer/
  2. classes/
  3. conf/
  4. nuvoton-layer/
  5. raspberrypi/
  6. recipes-connectivity/
  7. recipes-core/
  8. recipes-devtools/
  9. recipes-extended/
  10. recipes-graphics/
  11. recipes-phosphor/
  12. recipes-protocols/
  13. recipes-support/
  14. recipes-textproc/
  15. recipes-x86/
  16. COPYING.apache-2.0
  17. COPYING.MIT
  18. LICENSE
  19. MAINTAINERS
  20. README.md
  21. recipes.txt
README.md

OpenBMC

meta-phosphor is the OpenBMC layer. This layer should be included for all OpenBMC systems. The OpenBMC layer contains content which is shared between all OpenBMC systems.