diff options
authorKoen Kooi <koen@openembedded.org>2010-03-22 01:06:49 +0000
committerMarcin Juszkiewicz <marcin@buglabs.net>2010-03-23 10:57:26 +0100
commit9649f085e9ac0430994e88272c3e2825cc4c49d5 (patch)
parent189b18ab9c09a1ad70461e97f23637e0d026973d (diff)
shadow: try to fix serial-login issue
Acked-by: <koen@openembedded.org> Acked-by: Philip Balister <philip@balister.org>
3 files changed, 172 insertions, 2 deletions
diff --git a/recipes/shadow/files/pam.d/login b/recipes/shadow/files/pam.d/login
index 2186d3eee9..65992c626c 100644
--- a/recipes/shadow/files/pam.d/login
+++ b/recipes/shadow/files/pam.d/login
@@ -20,7 +20,7 @@ auth optional pam_faildelay.so delay=3000000
# You can change it to a "required" module if you think it permits to
# guess valid user names of your system (invalid user names are considered
# as possibly being root).
-auth requisite pam_securetty.so
+auth [success=ok ignore=ignore user_unknown=ignore default=die] pam_securetty.so
# Disallows other than root logins when /etc/nologin exists
# (Replaces the `NOLOGINS_FILE' option from login.defs)
diff --git a/recipes/shadow/files/securetty b/recipes/shadow/files/securetty
new file mode 100644
index 0000000000..2705baaac5
--- /dev/null
+++ b/recipes/shadow/files/securetty
@@ -0,0 +1,167 @@
+# /etc/securetty: list of terminals on which root is allowed to login.
+# See securetty(5) and login(1).
+# Standard serial ports
+# USB dongles
+# Embedded MPC platforms
+# PA-RISC mux ports
+# Standard hypervisor virtual console
+# Oldstyle Xen console
+# Standard consoles
+# devfs consoles
+# Note: On kernels greater than 2.6.12, this is not needed.
+# Standard serial ports, with devfs
+# Standard consoles, with devfs
diff --git a/recipes/shadow/shadow_4.1.4.2.bb b/recipes/shadow/shadow_4.1.4.2.bb
index 04887a01d1..7f6402358c 100644
--- a/recipes/shadow/shadow_4.1.4.2.bb
+++ b/recipes/shadow/shadow_4.1.4.2.bb
@@ -4,7 +4,7 @@ LICENSE = "GPL"
DEPEND = "libpam"
-PR = "r5"
+PR = "r6"
EXTRA_OECONF += " --enable-shared --enable-static --with-libpam --without-libcrack"
@@ -24,6 +24,7 @@ SRC_URI_append = " \
file://pam.d/newusers \
file://pam.d/passwd \
file://pam.d/su \
+ file://securetty \
S = "${WORKDIR}/shadow-${PV}"
@@ -49,4 +50,6 @@ do_install_append() {
# The system MDA will set this later anyway.
sed -i 's/MAIL_DIR/#MAIL_DIR/g' ${D}${sysconfdir}/login.defs
sed -i 's/#MAIL_FILE/MAIL_FILE/g' ${D}${sysconfdir}/login.defs
+ install -m 0644 ${WORKDIR}/securetty ${D}${sysconfdir}/securetty