[packages/pam] - replaced pam_cracklib with pam_pwquality

baggins baggins at pld-linux.org
Sat Dec 23 10:53:34 CET 2023 

commit 2bbc19f4b9253e711ab073f6f00b531504421629
Author: Jan Rękorajski <baggins at pld-linux.org>
Date:   Sat Dec 23 08:52:44 2023 +0100

    - replaced pam_cracklib with pam_pwquality

 pam.spec         | 5 +++--
 system-auth.pamd | 2 +-
 2 files changed, 4 insertions(+), 3 deletions(-)
---
diff --git a/pam.spec b/pam.spec
index b6ca1b8..af061de 100644
--- a/pam.spec
+++ b/pam.spec
@@ -1,6 +1,5 @@
 # TODO
 # - fix pdf gen or disable it: No fo2pdf processor installed, skip PDF generation
-# - replace pam_cracklib.so with pam_pwquality.so (backwards compatible with its options), comes with pam-pam_pwquality package
 # - pam_tally, pam_tally2 are deprecated in favor of pam_faillock
 # NOTE: https://github.com/linux-pam/linux-pam/releases/download/v%{version}/Linux-PAM-%{version}-docs.tar.xz
 #   is not needed here: it contains documentation in target formats (HTML, PDF) built from sources included in main tarball
@@ -87,14 +86,16 @@ Requires:	awk
 Requires:	crypt(blowfish)
 Requires:	glibc >= 6:2.5-0.5
 %{?with_selinux:Requires:	libselinux >= 2.1.9}
+Requires:	pam-pam_pwquality
 Suggests:	make
-Suggests:	pam-pam_pwquality
 Suggests:	pam-pam_userdb = %{epoch}:%{version}-%{release}
 Obsoletes:	pam-doc
+Obsoletes:	pam-pam_cracklib < 1:1.5.3
 Obsoletes:	pam-pam_opie
 Obsoletes:	pam-pam_pwdb
 Obsoletes:	pam-pam_radius
 Obsoletes:	pam-pam_skey
+Obsoletes:	pam-pam_tally < 1:1.5.3
 Obsoletes:	pam-pam_tcpd
 Obsoletes:	pam_make
 Obsoletes:	pamconfig
diff --git a/system-auth.pamd b/system-auth.pamd
index b60b659..bdf95ab 100644
--- a/system-auth.pamd
+++ b/system-auth.pamd
@@ -9,7 +9,7 @@ account		required	pam_time.so
 account		required	pam_unix.so
 
 #password	[success=1 ignore=reset abort=die default=bad]	pam_pwgen.so upper=1 digit=1
-password	required	pam_cracklib.so try_first_pass difok=2 minlen=8 dcredit=2 ocredit=2 retry=3
+password	required	pam_pwquality.so difok=2 minlen=13 dcredit=2 ocredit=2 retry=3 use_authtok
 password	required	pam_unix.so try_first_pass yescrypt shadow use_authtok
 #password	required	pam_exec.so failok seteuid /usr/bin/make -C /var/db
 #password	required	pam_exec.so failok seteuid /usr/bin/make -C /var/yp
================================================================

---- gitweb:

http://git.pld-linux.org/gitweb.cgi/packages/pam.git/commitdiff/23fa49333acbd78ce8d4861c0734e45bd43d0437

More information about the pld-cvs-commit mailing list