shadow: upgrade to 4.1.4.3 to fix security vulnerability

For CVE-2011-0721: http://lists.debian.org/debian-security-announce/2011/msg00030.html Signed-off-by: Yu Ke <ke.yu@intel.com>
author: Yu Ke <ke.yu@intel.com> 2011-02-28 19:34:45 +0800
committer: Saul Wold <sgw@linux.intel.com> 2011-03-02 09:48:50 -0800
commit: 0af09206acbf3b9cde581088e4430f1e8dc3bf2e (patch)
tree: 8ee40510c2255fa788ec972c2243a18c5d630c48 /meta/recipes-extended/shadow/files/pam.d/chsh
parent: cb118b739b53fadad1c20e75a9f5a77d3473e7c7 (diff)
download: openembedded-core-contrib-0af09206acbf3b9cde581088e4430f1e8dc3bf2e.tar.gz
1 files changed, 19 insertions, 0 deletions
diff --git a/meta/recipes-extended/shadow/files/pam.d/chsh b/meta/recipes-extended/shadow/files/pam.d/chsh
new file mode 100644
index 0000000000..8fb169f64e
--- /dev/null
+++ b/meta/recipes-extended/shadow/files/pam.d/chsh
@@ -0,0 +1,19 @@
+#
+# The PAM configuration file for the Shadow `chsh' service
+#
+
+# This will not allow a user to change their shell unless
+# their current one is listed in /etc/shells. This keeps
+# accounts with special shells from changing them.
+auth       required   pam_shells.so
+
+# This allows root to change user shell without being
+# prompted for a password
+auth		sufficient	pam_rootok.so
+
+# The standard Unix authentication modules, used with
+# NIS (man nsswitch) as well as normal /etc/passwd and
+# /etc/shadow entries.
+auth       include      common-auth
+account    include      common-account
+session    include      common-session
author	Yu Ke <ke.yu@intel.com>	2011-02-28 19:34:45 +0800
committer	Saul Wold <sgw@linux.intel.com>	2011-03-02 09:48:50 -0800
commit	0af09206acbf3b9cde581088e4430f1e8dc3bf2e (patch)
tree	8ee40510c2255fa788ec972c2243a18c5d630c48 /meta/recipes-extended/shadow/files/pam.d/chsh
parent	cb118b739b53fadad1c20e75a9f5a77d3473e7c7 (diff)
download	openembedded-core-contrib-0af09206acbf3b9cde581088e4430f1e8dc3bf2e.tar.gz