Enable pam-ipmi modules in pam password stack
Enabled pam-ipmicheck & pam-ipmisave modules in
pam password stacked modules. This modules will
store 'ipmi' group users password in encrypted
form in /etc/ipmi_pass file along with /etc/shadow.
This special file will be used by phosphor-ipmi-net
during RAKP messages.
This will not affect users who doesn't belong to
'ipmi' group.
Change-Id: Ie0236662e36f7eb2914ee276ab9b2c73a01425fa
Signed-off-by: Richard Marian Thomaiyar <richard.marian.thomaiyar@linux.intel.com>
diff --git a/recipes-core/pam/libpam/pam.d/common-password b/recipes-core/pam/libpam/pam.d/common-password
index ddd7ca1..ac3f368 100644
--- a/recipes-core/pam/libpam/pam.d/common-password
+++ b/recipes-core/pam/libpam/pam.d/common-password
@@ -16,9 +16,11 @@
# See the pam_unix manpage for other options.
# here are the per-package modules (the "Primary" block)
-password [success=ok default=die] pam_cracklib.so debug enforce_for_root reject_username minlen=8 difok=0
+password [success=ok default=die] pam_ipmicheck.so spec_grp_name=ipmi
+password [success=ok default=die] pam_cracklib.so debug enforce_for_root reject_username minlen=8 difok=0 use_authtok
#password [success=ok ignore=ignore default=die] pam_pwhistory.so debug enforce_for_root remember=0 use_authtok
-password [success=1 default=die] pam_unix.so sha512 use_authtok
+password [success=ok default=die] pam_unix.so sha512 use_authtok
+password [success=1 default=die] pam_ipmisave.so spec_grp_name=ipmi spec_pass_file=/etc/ipmi_pass key_file=/etc/key_file
# here's the fallback if no module succeeds
password requisite pam_deny.so
# prime the stack with a positive return value if there isn't one already;