From 9f3ec1c3a6aa0670479668355c11fd9e7cb4bb7d Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Pavel=20B=C5=99ezina?= <pbrezina@redhat.com>
Date: Thu, 13 Sep 2018 14:37:57 +0200
Subject: [PATCH 12/16] nis: with-nispwquality will enable pwquality for nis
 users

Resolves:
https://github.com/pbrezina/authselect/issues/88
---
 profiles/nis/README        | 5 +++++
 profiles/nis/password-auth | 2 +-
 profiles/nis/system-auth   | 2 +-
 3 files changed, 7 insertions(+), 2 deletions(-)

diff --git a/profiles/nis/README b/profiles/nis/README
index 6335fcfb051f01b7acdd4fde689de0d77c0d43a1..b4ffb8b56d8f9930ee5b70f34d0ba7a2dc35dae0 100644
--- a/profiles/nis/README
+++ b/profiles/nis/README
@@ -33,6 +33,11 @@ with-silent-lastlog::
 with-pamaccess::
     Check access.conf during account authorization.
 
+with-nispwquality::
+    If this option is set pam_pwquality module will check password quality
+    for NIS users as well as local users during password change. Without this
+    option only local users passwords are checked.
+
 EXAMPLES
 --------
 * Enable NIS with no additional modules
diff --git a/profiles/nis/password-auth b/profiles/nis/password-auth
index 78028e19bbad3965f5232c6b6177d8780d7e1c04..159da35740cfdf1396a8bc8a97c397919f056797 100644
--- a/profiles/nis/password-auth
+++ b/profiles/nis/password-auth
@@ -13,7 +13,7 @@ account     sufficient                                   pam_localuser.so
 account     sufficient                                   pam_succeed_if.so uid < 1000 quiet
 account     required                                     pam_permit.so
 
-password    requisite                                    pam_pwquality.so try_first_pass local_users_only
+password    requisite                                    pam_pwquality.so try_first_pass {if not "with-nispwquality":local_users_only}
 password    sufficient                                   pam_unix.so sha512 shadow nullok try_first_pass use_authtok nis
 password    required                                     pam_deny.so
 
diff --git a/profiles/nis/system-auth b/profiles/nis/system-auth
index 2909a546a49f991128c48285fa90a1937fa03513..5f941f264b6adf2ca5cdc67685ed227ecc180ac7 100644
--- a/profiles/nis/system-auth
+++ b/profiles/nis/system-auth
@@ -14,7 +14,7 @@ account     sufficient                                   pam_localuser.so
 account     sufficient                                   pam_succeed_if.so uid < 1000 quiet
 account     required                                     pam_permit.so
 
-password    requisite                                    pam_pwquality.so try_first_pass local_users_only
+password    requisite                                    pam_pwquality.so try_first_pass {if not "with-nispwquality":local_users_only}
 password    sufficient                                   pam_unix.so sha512 shadow nullok try_first_pass use_authtok nis
 password    required                                     pam_deny.so
 
-- 
2.17.1