msw/CISS.debian.installer
SHA256
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

V8.00.000.2025.06.17
All checks were successful
🛡️ Shell Script Linting / 🛡️ Shell Script Linting (push) Successful in 1m44s
Details

Browse Source 
Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
This commit is contained in:
Marc S. Weidner
2025-10-19 16:03:46 +01:00
parent f34190107b
commit e717f0aa2f
3 changed files with 5 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
func/cdi_4500_user/4520_accounts_setup.sh
View File

@@ -1008,7 +1008,7 @@ auth [success=2 default=ignore] pam_exec.so quiet /usr/local/libe
# pam_google_authenticator will itself fail if the file is absent; we add a clear hint before it.
# No 'nullok' here: listed users MUST have a secret; missing -> hard fail.
auth required pam_echo.so file=/etc/ciss/pam_login_totp.prompt
auth required pam_google_authenticator.so disallow-reuse
auth required pam_google_authenticator.so
# ===== CISS 2FA block end =====
@@ -1092,7 +1092,7 @@ auth [success=2 default=ignore] pam_exec.so quiet /usr/local/libe
# pam_google_authenticator will itself fail if the file is absent; we add a clear hint before it.
# No 'nullok' here: listed users MUST have a secret; missing -> hard fail.
auth required pam_echo.so file=/etc/ciss/pam_ssh_totp.prompt
auth required pam_google_authenticator.so disallow-reuse
auth required pam_google_authenticator.so
# For non-2FA users KI must be a silent success to satisfy AuthenticationMethods.
auth sufficient pam_permit.so
@@ -1213,7 +1213,7 @@ auth [success=2 default=ignore] pam_exec.so quiet /usr/local/libe
# pam_google_authenticator will itself fail if the file is absent; we add a clear hint before it.
# No 'nullok' here: listed users MUST have a secret; missing -> hard fail.
auth required pam_echo.so file=/etc/ciss/pam_su_totp.prompt
auth required pam_google_authenticator.so disallow-reuse
auth required pam_google_authenticator.so
# ===== CISS 2FA block end =====
@@ -1278,7 +1278,7 @@ auth [success=2 default=ignore] pam_exec.so quiet /usr/local/libe
# pam_google_authenticator will itself fail if the file is absent; we add a clear hint before it.
# No 'nullok' here: listed users MUST have a secret; missing -> hard fail.
auth required pam_echo.so file=/etc/ciss/pam_sudo_totp.prompt
auth required pam_google_authenticator.so disallow-reuse
auth required pam_google_authenticator.so
# ===== CISS 2FA block end =====