Enabled status of pwhistory module if remember option is used

2015-10-23 14:37:48 +02:00 · 2015-10-23 14:37:48 +02:00 · e2b8b9b18a
parent a98f377f4d
commit e2b8b9b18a
1 changed files with 4 additions and 3 deletions
--- a/plugins/plugin_pam_phase1
+++ b/plugins/plugin_pam_phase1
@ -150,12 +150,12 @@
                                    pam_mail | pam_mkhomedir | pam_motd) ;;
                                    pam_namespace | pam_nologin) ;;
                                    pam_permit) ;;
+
                                    # Password history - Can be configured via pam_unix or pam_pwhistory
                                    pam_pwhistory)
                                        logtext "Result: found ${PAM_MODULE} module (password history)"
                                        # set default for having pam_pwhistory enabled
                                        if [ "${PAM_PASSWORD_PWHISTORY_AMOUNT}" = "" ]; then PAM_PASSWORD_PWHISTORY_AMOUNT=10; fi
-                                        if [ "${PAM_PASSWORD_PWHISTORY_ENABLED}" = "" ]; then PAM_PASSWORD_PWHISTORY_ENABLED=1; fi
                                        if [ ! "${PAM_MODULE_OPTIONS}" = "" ]; then
                                            for I in ${PAM_MODULE_OPTIONS}; do
                                                OPTION=`echo ${I} | awk -F= '{ print $1 }'`
@ -166,6 +166,7 @@
                                                        logtext "Result: password history (remember) configured for pam_pwhistory"
                                                        DigitsOnly ${VALUE}
                                                        PAM_PASSWORD_PWHISTORY_AMOUNT=${VALUE}
+                                                        PAM_PASSWORD_PWHISTORY_ENABLED=1
                                                        Debug "Found password history enabled with module ${PAM_MODULE_NAME} and password amount ${PAM_PASSWORD_PWHISTORY_AMOUNT}"
                                                    ;;
                                                esac
@ -348,12 +349,12 @@ logtext "[PAM] Password strength testing enabled: ${PAM_PASSWORD_STRENGTH_TESTED
 if [ ${PAM_PASSWORD_STRENGTH_TESTED} -eq 1 ]; then
    report "password_strength_tested=1"

-        if [ ${CREDITS_D_PASSWORD} -ge 1 && ${CREDITS_L_PASSWORD} -ge 1 && ${CREDITS_O_PASSWORD} -ge 1 && ${CREDITS_U_PASSWORD} -ge 1 ]; then
+        if [ ${CREDITS_D_PASSWORD} -ge 1 -a ${CREDITS_L_PASSWORD} -ge 1 -a ${CREDITS_O_PASSWORD} -ge 1 -a ${CREDITS_U_PASSWORD} -ge 1 ]; then
                # Show how many password class are required out of 4
                logtext "[PAM] Minimum password class out of 4: ${MIN_PASSWORD_CLASS}"
                report "min_password_class=${MIN_PASSWORD_CLASS}"
        else
-                logtext "[PAM] Minimum password class setting of ${MIN_PASSWORD_CLASS} out of 4 is ignored since at least 1 class are forced "
+                logtext "[PAM] Minimum password class setting of ${MIN_PASSWORD_CLASS} out of 4 is ignored since at least 1 class are forced"
                report "min_password_class=ignored"
        fi