From d3c9d55547a4cb52419593769f4b877452dce8aa Mon Sep 17 00:00:00 2001
From: Steve Langasek <vorlon@debian.org>
Date: Wed, 20 Aug 2008 01:02:43 -0700
Subject: we can't use 'deny' as a fallback if we aren't going to have any
 primary modules, which is generally the case for the password stack at
 present

---
 debian/local/common-password | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

(limited to 'debian')

diff --git a/debian/local/common-password b/debian/local/common-password
index 690a737e..8b21c8d7 100644
--- a/debian/local/common-password
+++ b/debian/local/common-password
@@ -24,7 +24,9 @@
 # here are the per-package modules (the "Primary" block)
 $password_primary
 # here's the fallback if no module succeeds
-password	requisite			pam_deny.so
+# this is obviously a completely redundant line, except that it lets us
+# handle better the case where there are no "Primary" modules provided
+password	required			pam_permit.so
 # prime the stack with a positive return value if there isn't one already;
 # this avoids us returning an error just because nothing sets a success code
 # since the modules above will each just jump around
-- 
cgit v1.2.3