libpam: deny all services for the OTHER entries

Submitted by Ming Liu on July 26, 2013, 9:51 a.m. | Patch ID: 54567


Message ID
State Accepted
Commit 4ca0af699b5b4b3cf95b3e76482651949fd922ac
Headers show

Commit Message

Ming Liu July 26, 2013, 9:51 a.m.
To be secure, change behavior of the OTHER entries to warn and deny
access to everything by stating on all services.

Signed-off-by: Ming Liu <>
 meta/recipes-extended/pam/libpam/pam.d/other |   15 ++++++---------
 1 files changed, 6 insertions(+), 9 deletions(-)

Patch hide | download patch | download mbox

diff --git a/meta/recipes-extended/pam/libpam/pam.d/other b/meta/recipes-extended/pam/libpam/pam.d/other
index 6e40cd0..ec970ec 100644
--- a/meta/recipes-extended/pam/libpam/pam.d/other
+++ b/meta/recipes-extended/pam/libpam/pam.d/other
@@ -6,22 +6,19 @@ 
 #pam_open_session, the session module out of /etc/pam.d/other is
-#If you really want nothing to happen then use or as appropriate.
 # We use to generate syslog notes that the 'other'
 #fallback rules are being used (as a hint to suggest you should setup
-#specific PAM rules for the service and aid to debugging). We then 
-#fall back to the system default in /etc/pam.d/common-*
+#specific PAM rules for the service and aid to debugging). Then to be
+#secure, deny access to all services by default. 
 auth       required
-auth       include      common-auth
+auth       required
 account    required
-account    include      common-account
+account    required
 password   required
-password   include      common-password
+password   required
 session    required
-session    include      common-session
+session    required