pam: Disable sensitive log & nullok
pam_unix logs user name when sessions are established, quiet
the same in configuraiton. This is done to avoid logging user name
as logs will be exported as part of debug log dump etc, thereby
compramising sensitive information.
Also disallow nullok login from security point of it.
Tested:
1. Verified that session establishment are not recorded with user
name.
2. Verfieid webui, redfish, ipmi, ssh login works as expected.
Change-Id: I3ddd0644fdc9c25f8252d0ca82d0d62b597c4447
Signed-off-by: Richard Marian Thomaiyar <richard.marian.thomaiyar@linux.intel.com>
diff --git a/recipes-extended/pam/libpam_%.bbappend b/recipes-extended/pam/libpam_%.bbappend
index f97664f..770ffea 100644
--- a/recipes-extended/pam/libpam_%.bbappend
+++ b/recipes-extended/pam/libpam_%.bbappend
@@ -3,6 +3,7 @@
SRC_URI += " file://pam.d/common-password \
file://pam.d/common-account \
file://pam.d/common-auth \
+ file://pam.d/common-session \
"
RDEPENDS_${PN}-runtime += "${MLPREFIX}pam-plugin-cracklib-${libpam_suffix} \