From 9764ce2873a05ec9e81c6979177122f9846a9ee2 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Pavel=20B=C5=99ezina?= <pbrezina@redhat.com>
Date: Thu, 13 Sep 2018 14:30:55 +0200
Subject: [PATCH 11/16] nis: add nis option to pam_unix in password phase
This option will allow nis users to change their passwords with 'passwd'.
Resolves:
https://github.com/pbrezina/authselect/issues/87
---
profiles/nis/password-auth | 2 +-
profiles/nis/system-auth | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/profiles/nis/password-auth b/profiles/nis/password-auth
index 8f18616eb2d2c228880989ea4cce86b6588b2190..78028e19bbad3965f5232c6b6177d8780d7e1c04 100644
--- a/profiles/nis/password-auth
+++ b/profiles/nis/password-auth
@@ -14,7 +14,7 @@ account sufficient pam_succeed_if.so uid <
account required pam_permit.so
password requisite pam_pwquality.so try_first_pass local_users_only
-password sufficient pam_unix.so sha512 shadow nullok try_first_pass use_authtok
+password sufficient pam_unix.so sha512 shadow nullok try_first_pass use_authtok nis
password required pam_deny.so
session optional pam_keyinit.so revoke
diff --git a/profiles/nis/system-auth b/profiles/nis/system-auth
index e0bc4ef2fb4efc825927d13c0ff4b0083e5134ea..2909a546a49f991128c48285fa90a1937fa03513 100644
--- a/profiles/nis/system-auth
+++ b/profiles/nis/system-auth
@@ -15,7 +15,7 @@ account sufficient pam_succeed_if.so uid <
account required pam_permit.so
password requisite pam_pwquality.so try_first_pass local_users_only
-password sufficient pam_unix.so sha512 shadow nullok try_first_pass use_authtok
+password sufficient pam_unix.so sha512 shadow nullok try_first_pass use_authtok nis
password required pam_deny.so
session optional pam_keyinit.so revoke
--
2.17.1