Fix System account doesn't block after invalid login attempts

Move ssh.pam from openssh-config to pam-config

Verified below issue!
When trying to login invalid password attempt 5 times using
ssh, the user account is not locked out. 
/etc/pam.d/sshd is expected in controller node as well.

Closes-Bug: #1814345

Change-Id: I8fae8782cbd491c6efe8631f04c2728a531bc4ca
Signed-off-by: zhipengl <zhipengs.liu@intel.com>
This commit is contained in:
zhipengl 2019-07-06 00:17:08 +08:00 committed by zhipeng liu
parent f84dd59f62
commit 202ad050a8
3 changed files with 4 additions and 3 deletions

View File

@ -15,6 +15,7 @@ BuildArch: noarch
Source: %name-%version.tar.gz Source: %name-%version.tar.gz
Requires: %{_bindir}/systemctl Requires: %{_bindir}/systemctl
Requires: pam-config
Requires: openssh Requires: openssh
Summary: package StarlingX configuration files of openssh to system folder. Summary: package StarlingX configuration files of openssh to system folder.
@ -29,7 +30,6 @@ package StarlingX configuration files of openssh to system folder.
%install %install
%{__install} -d %{buildroot}%{_datadir}/starlingx %{__install} -d %{buildroot}%{_datadir}/starlingx
%{__install} -d %{buildroot}%{_sysconfdir}/systemd/system %{__install} -d %{buildroot}%{_sysconfdir}/systemd/system
%{__install} -m 644 sshd.pam %{buildroot}%{_datadir}/starlingx/sshd.pam
%{__install} -m 644 sshd.service %{buildroot}%{_sysconfdir}/systemd/system/sshd.service %{__install} -m 644 sshd.service %{buildroot}%{_sysconfdir}/systemd/system/sshd.service
%{__install} -m 644 ssh_config %{buildroot}%{_datadir}/starlingx/ssh_config %{__install} -m 644 ssh_config %{buildroot}%{_datadir}/starlingx/ssh_config
%{__install} -m 600 sshd_config %{buildroot}%{_datadir}/starlingx/sshd_config %{__install} -m 600 sshd_config %{buildroot}%{_datadir}/starlingx/sshd_config
@ -38,13 +38,11 @@ package StarlingX configuration files of openssh to system folder.
%define _pamconfdir %{_sysconfdir}/pam.d %define _pamconfdir %{_sysconfdir}/pam.d
if [ $1 -eq 1 ] ; then if [ $1 -eq 1 ] ; then
# Initial installation # Initial installation
cp -f %{_datadir}/starlingx/sshd.pam %{_pamconfdir}/sshd
cp -f %{_datadir}/starlingx/ssh_config %{_sysconfdir}/ssh/ssh_config cp -f %{_datadir}/starlingx/ssh_config %{_sysconfdir}/ssh/ssh_config
cp -f %{_datadir}/starlingx/sshd_config %{_sysconfdir}/ssh/sshd_config cp -f %{_datadir}/starlingx/sshd_config %{_sysconfdir}/ssh/sshd_config
fi fi
%files %files
%{_datadir}/starlingx/sshd.pam
%{_sysconfdir}/systemd/system/sshd.service %{_sysconfdir}/systemd/system/sshd.service
%{_datadir}/starlingx/ssh_config %{_datadir}/starlingx/ssh_config
%{_datadir}/starlingx/sshd_config %{_datadir}/starlingx/sshd_config

View File

@ -30,6 +30,7 @@ package StarlingX configuration files of pam to system folder.
%install %install
%{__install} -d %{buildroot}%{_pamconfdir} %{__install} -d %{buildroot}%{_pamconfdir}
%{__install} -d %{buildroot}%{_datadir}/starlingx %{__install} -d %{buildroot}%{_datadir}/starlingx
%{__install} -m 644 sshd.pam %{buildroot}%{_datadir}/starlingx/sshd.pam
%{__install} -m 644 common-account %{buildroot}%{_pamconfdir}/common-account %{__install} -m 644 common-account %{buildroot}%{_pamconfdir}/common-account
%{__install} -m 644 common-auth %{buildroot}%{_pamconfdir}/common-auth %{__install} -m 644 common-auth %{buildroot}%{_pamconfdir}/common-auth
%{__install} -m 644 common-password %{buildroot}%{_pamconfdir}/common-password %{__install} -m 644 common-password %{buildroot}%{_pamconfdir}/common-password
@ -41,10 +42,12 @@ package StarlingX configuration files of pam to system folder.
if [ $1 -eq 1 ] ; then if [ $1 -eq 1 ] ; then
# Initial installation # Initial installation
cp -f %{_datadir}/starlingx/stx.system-auth %{_pamconfdir}/system-auth cp -f %{_datadir}/starlingx/stx.system-auth %{_pamconfdir}/system-auth
cp -f %{_datadir}/starlingx/sshd.pam %{_pamconfdir}/sshd
fi fi
%files %files
%{_datadir}/starlingx/stx.system-auth %{_datadir}/starlingx/stx.system-auth
%{_datadir}/starlingx/sshd.pam
%config(noreplace) %{_pamconfdir}/common-account %config(noreplace) %{_pamconfdir}/common-account
%config(noreplace) %{_pamconfdir}/common-auth %config(noreplace) %{_pamconfdir}/common-auth
%config(noreplace) %{_pamconfdir}/common-password %config(noreplace) %{_pamconfdir}/common-password