Added fixed patch

i9 changed/i9/crypto-policies-20230731-1.git94f0e2c.el9_3.1.inferit.2.1
Alexey Berezhok 11 months ago
parent 30992439f9
commit 4c858126f1

@ -1,4 +1,4 @@
From dc95ab82c6a961755c8d06949ca02c1685dca275 Mon Sep 17 00:00:00 2001
From dc91f590afb518ad562b8df7054f3b725f8a1d1f Mon Sep 17 00:00:00 2001
From: Alexey Berezhok <aberezhok@msvsphere-os.ru>
Date: Tue, 23 Jan 2024 23:01:57 +0300
Subject: [PATCH] Added GOST policy also added experimental PAM generator
@ -512,7 +512,7 @@ index 0000000..f9e4e54
+subid: sss {include if "with-subid"}
diff --git a/authselect_policies/sssd_gost/password-auth b/authselect_policies/sssd_gost/password-auth
new file mode 100644
index 0000000..c15e948
index 0000000..7832fb7
--- /dev/null
+++ b/authselect_policies/sssd_gost/password-auth
@@ -0,0 +1,39 @@
@ -542,7 +542,7 @@ index 0000000..c15e948
+password requisite pam_pwquality.so local_users_only
+password [default=1 ignore=ignore success=ok] pam_localuser.so {include if "with-pwhistory"}
+password requisite pam_pwhistory.so use_authtok {include if "with-pwhistory"}
+password sufficient pam_unix.so {if "with-gost":gost_yescript|sha512} shadow {if not "without-nullok":nullok} use_authtok
+password sufficient pam_unix.so {if "with-gost":gost_yescrypt|sha512} shadow {if not "without-nullok":nullok} use_authtok
+password [success=1 default=ignore] pam_localuser.so
+password sufficient pam_sss.so use_authtok
+password required pam_deny.so
@ -599,7 +599,7 @@ index 0000000..754847f
+session optional pam_gnome_keyring.so only_if=login auto_start {include if "with-pam-gnome-keyring"}
diff --git a/authselect_policies/sssd_gost/system-auth b/authselect_policies/sssd_gost/system-auth
new file mode 100644
index 0000000..3b352d4
index 0000000..31d4ee1
--- /dev/null
+++ b/authselect_policies/sssd_gost/system-auth
@@ -0,0 +1,46 @@
@ -636,7 +636,7 @@ index 0000000..3b352d4
+password requisite pam_pwquality.so local_users_only
+password [default=1 ignore=ignore success=ok] pam_localuser.so {include if "with-pwhistory"}
+password requisite pam_pwhistory.so use_authtok {include if "with-pwhistory"}
+password sufficient pam_unix.so {if "with-gost":gost_yescript|sha512} shadow {if not "without-nullok":nullok} use_authtok
+password sufficient pam_unix.so {if "with-gost":gost_yescrypt|sha512} shadow {if not "without-nullok":nullok} use_authtok
+password [success=1 default=ignore] pam_localuser.so
+password sufficient pam_sss.so use_authtok
+password required pam_deny.so

Loading…
Cancel
Save