pam: Disable sensitive log & nullok pam_unix logs user name when sessions are established, quiet the same in configuraiton. This is done to avoid logging user name as logs will be exported as part of debug log dump etc, thereby compramising sensitive information. Also disallow nullok login from security point of it. Tested: 1. Verified that session establishment are not recorded with user name. 2. Verfieid webui, redfish, ipmi, ssh login works as expected. Change-Id: I3ddd0644fdc9c25f8252d0ca82d0d62b597c4447 Signed-off-by: Richard Marian Thomaiyar <richard.marian.thomaiyar@linux.intel.com>

commit: 15a293b458ef2f013356f9746c0ac7a20e59c1c1 [log] [tgz]
author: Richard Marian Thomaiyar <richard.marian.thomaiyar@linux.intel.com> Sat Nov 02 21:24:29 2019 +0530
committer: Brad Bishop <bradleyb@fuzziesquirrel.com> Tue Nov 05 13:46:47 2019 +0000
tree: 48dd5aebfefa4ec1d73938433025f05062b43475
parent: 9257b20e3d83be1e7f0350080efac62de44c3600 [diff] [blame]
diff --git a/recipes-extended/pam/libpam_%.bbappend b/recipes-extended/pam/libpam_%.bbappend
index f97664f..770ffea 100644
--- a/recipes-extended/pam/libpam_%.bbappend
+++ b/recipes-extended/pam/libpam_%.bbappend

@@ -3,6 +3,7 @@
 SRC_URI += " file://pam.d/common-password \
              file://pam.d/common-account \
              file://pam.d/common-auth \
+             file://pam.d/common-session \
             "
 
 RDEPENDS_${PN}-runtime += "${MLPREFIX}pam-plugin-cracklib-${libpam_suffix} \
commit	15a293b458ef2f013356f9746c0ac7a20e59c1c1	[log] [tgz]
author	Richard Marian Thomaiyar <richard.marian.thomaiyar@linux.intel.com>	Sat Nov 02 21:24:29 2019 +0530
committer	Brad Bishop <bradleyb@fuzziesquirrel.com>	Tue Nov 05 13:46:47 2019 +0000
tree	48dd5aebfefa4ec1d73938433025f05062b43475
parent	9257b20e3d83be1e7f0350080efac62de44c3600 [diff] [blame]