Gitiles
Code Review Sign In
gerrit.openbmc.org / openbmc / meta-phosphor / 356ec08b989c84d1d034c3ff283a6909658d9435
commit356ec08b989c84d1d034c3ff283a6909658d9435[log] [tgz]
authorRichard Marian Thomaiyar <richard.marian.thomaiyar@linux.intel.com>Fri Aug 30 17:17:03 2019 +0530
committerRichard Marian Thomaiyar <richard.marian.thomaiyar@linux.intel.com>Thu Sep 12 21:12:25 2019 +0530
tree2e10b7b8f7646e2c39044bed3fe55b95bb0918a9
parent1934adfce56091b78b33b04666543f6b5d973b59 [diff]
pam: Fix not querying password for invalid user

Not querying password for invalid user name is security
issue and can be used to determine valid / invalid user names
in the system. Always proceed to password acceptance screen
for invalid user login attempt too. This commit configures
pam_tally2 to ignore unknown user and proceed to do password
check.

Tested:
Verified the same in bmc serial console login with invalid user
name and password was requested, before displaying login incorrect.

Note: dropbear handles this already and hence ssh will not exhibit
this behavior.

Change-Id: Icb5a48dc0a026664d17c4056ed4b4c995f8a81ad
Signed-off-by: Richard Marian Thomaiyar <richard.marian.thomaiyar@linux.intel.com>
1 file changed
tree: 2e10b7b8f7646e2c39044bed3fe55b95bb0918a9
  1. aspeed-layer/
  2. classes/
  3. conf/
  4. nuvoton-layer/
  5. raspberrypi/
  6. recipes-connectivity/
  7. recipes-core/
  8. recipes-devtools/
  9. recipes-extended/
  10. recipes-graphics/
  11. recipes-phosphor/
  12. recipes-protocols/
  13. recipes-support/
  14. recipes-textproc/
  15. COPYING.apache-2.0
  16. COPYING.MIT
  17. LICENSE
  18. MAINTAINERS
  19. README.md
  20. recipes.txt
README.md

OpenBMC

meta-phosphor is the OpenBMC layer. This layer should be included for all OpenBMC systems. The OpenBMC layer contains content which is shared between all OpenBMC systems.