diff options
| author | Pavel Březina <pbrezina@redhat.com> | 2019-10-31 12:26:31 +0100 |
|---|---|---|
| committer | Tomáš Mráz <t8m@users.noreply.github.com> | 2020-02-18 11:14:27 +0100 |
| commit | f5adefa106e28c92dd73dbabac12bad667ef7b8f (patch) | |
| tree | 3193ef03dfdb94021de12695b5a6d7be1a69c6f7 /modules/pam_unix/pam_unix.8.xml | |
| parent | f07a873240de53e07897d4ef9d1d3fd0c28fe7bb (diff) | |
| download | pam-f5adefa106e28c92dd73dbabac12bad667ef7b8f.tar.gz pam-f5adefa106e28c92dd73dbabac12bad667ef7b8f.tar.bz2 pam-f5adefa106e28c92dd73dbabac12bad667ef7b8f.zip | |
pam_unix: add nullresetok option to allow reset blank passwords
Adding nullresetok to auth phase of pam_unix module will allow users
with blank password to authenticate in order to immediatelly change
their password even if nullok is not set.
This allows to have blank password authentication disabled but still
allows administrator to create new user accounts with expired blank
password that must be change on the first login.
Diffstat (limited to 'modules/pam_unix/pam_unix.8.xml')
| -rw-r--r-- | modules/pam_unix/pam_unix.8.xml | 13 |
1 files changed, 13 insertions, 0 deletions
diff --git a/modules/pam_unix/pam_unix.8.xml b/modules/pam_unix/pam_unix.8.xml index 93a01c89..607ec85c 100644 --- a/modules/pam_unix/pam_unix.8.xml +++ b/modules/pam_unix/pam_unix.8.xml @@ -165,6 +165,19 @@ </varlistentry> <varlistentry> <term> + <option>nullresetok</option> + </term> + <listitem> + <para> + Allow users to authenticate with blank password if password reset + is enforced even if <option>nullok</option> is not set. If password + reset is not required and <option>nullok</option> is not set the + authentication with blank password will be denied. + </para> + </listitem> + </varlistentry> + <varlistentry> + <term> <option>try_first_pass</option> </term> <listitem> |