[Pkg-shadow-commits] r2886 - in debian/trunk/tests/usertools: . chpasswd-PAM/01_chpasswd_invalid_user chpasswd-PAM/01_chpasswd_invalid_user/config/etc chpasswd-PAM/01_chpasswd_invalid_user/config/etc/pam.d chpasswd-PAM/01_chpasswd_invalid_user/data chpasswd-PAM/02_chpasswd_multiple_users/config/etc chpasswd-PAM/02_chpasswd_multiple_users/config/etc/pam.d chpasswd-PAM/03_chpasswd_no_shadow_file chpasswd-PAM/03_chpasswd_no_shadow_file/config/etc chpasswd-PAM/03_chpasswd_no_shadow_file/data chpasswd-PAM/04_chpasswd_no_shadow_entry chpasswd-PAM/04_chpasswd_no_shadow_entry/config/etc chpasswd-PAM/04_chpasswd_no_shadow_entry/config/etc/pam.d chpasswd-PAM/04_chpasswd_no_shadow_entry/data chpasswd-PAM/05_chpasswd_error_no_password chpasswd-PAM/05_chpasswd_error_no_password/config/etc chpasswd-PAM/05_chpasswd_error_no_password/config/etc/pam.d chpasswd-PAM/05_chpasswd_error_no_password/data
Nicolas FRANÇOIS
nekral-guest at alioth.debian.org
Sat May 9 22:20:43 UTC 2009
Author: nekral-guest
Date: 2009-05-09 22:20:43 +0000 (Sat, 09 May 2009)
New Revision: 2886
Added:
debian/trunk/tests/usertools/chpasswd-PAM/
debian/trunk/tests/usertools/chpasswd-PAM/01_chpasswd_invalid_user/config/etc/pam.d/
debian/trunk/tests/usertools/chpasswd-PAM/01_chpasswd_invalid_user/config/etc/pam.d/chpasswd
debian/trunk/tests/usertools/chpasswd-PAM/01_chpasswd_invalid_user/config/etc/pam.d/common-password
debian/trunk/tests/usertools/chpasswd-PAM/01_chpasswd_invalid_user/data/shadow
debian/trunk/tests/usertools/chpasswd-PAM/02_chpasswd_multiple_users/config/etc/pam.d/
debian/trunk/tests/usertools/chpasswd-PAM/02_chpasswd_multiple_users/config/etc/pam.d/chpasswd
debian/trunk/tests/usertools/chpasswd-PAM/02_chpasswd_multiple_users/config/etc/pam.d/common-password
debian/trunk/tests/usertools/chpasswd-PAM/03_chpasswd_no_shadow_file/data/chpasswd.err
debian/trunk/tests/usertools/chpasswd-PAM/04_chpasswd_no_shadow_entry/config/etc/pam.d/
debian/trunk/tests/usertools/chpasswd-PAM/04_chpasswd_no_shadow_entry/config/etc/pam.d/chpasswd
debian/trunk/tests/usertools/chpasswd-PAM/04_chpasswd_no_shadow_entry/config/etc/pam.d/common-password
debian/trunk/tests/usertools/chpasswd-PAM/04_chpasswd_no_shadow_entry/data/chpasswd.err
debian/trunk/tests/usertools/chpasswd-PAM/05_chpasswd_error_no_password/config/etc/pam.d/
debian/trunk/tests/usertools/chpasswd-PAM/05_chpasswd_error_no_password/config/etc/pam.d/chpasswd
debian/trunk/tests/usertools/chpasswd-PAM/05_chpasswd_error_no_password/config/etc/pam.d/common-password
debian/trunk/tests/usertools/chpasswd-PAM/05_chpasswd_error_no_password/data/shadow
Removed:
debian/trunk/tests/usertools/chpasswd-PAM/01_chpasswd_invalid_user/config/etc/login.defs
debian/trunk/tests/usertools/chpasswd-PAM/02_chpasswd_multiple_users/config/etc/login.defs
debian/trunk/tests/usertools/chpasswd-PAM/03_chpasswd_no_shadow_file/config/etc/login.defs
debian/trunk/tests/usertools/chpasswd-PAM/04_chpasswd_no_shadow_entry/config/etc/login.defs
debian/trunk/tests/usertools/chpasswd-PAM/05_chpasswd_error_no_password/config/etc/login.defs
Modified:
debian/trunk/tests/usertools/chpasswd-PAM/01_chpasswd_invalid_user/chpasswd.test
debian/trunk/tests/usertools/chpasswd-PAM/01_chpasswd_invalid_user/data/chpasswd.err
debian/trunk/tests/usertools/chpasswd-PAM/03_chpasswd_no_shadow_file/chpasswd.test
debian/trunk/tests/usertools/chpasswd-PAM/04_chpasswd_no_shadow_entry/chpasswd.test
debian/trunk/tests/usertools/chpasswd-PAM/05_chpasswd_error_no_password/chpasswd.test
debian/trunk/tests/usertools/chpasswd-PAM/05_chpasswd_error_no_password/data/chpasswd.err
Log:
Added tests for the PAM version of chpasswd.
Modified: debian/trunk/tests/usertools/chpasswd-PAM/01_chpasswd_invalid_user/chpasswd.test
===================================================================
--- debian/trunk/tests/usertools/chpasswd/01_chpasswd_invalid_user/chpasswd.test 2009-04-30 21:53:54 UTC (rev 2853)
+++ debian/trunk/tests/usertools/chpasswd-PAM/01_chpasswd_invalid_user/chpasswd.test 2009-05-09 22:20:43 UTC (rev 2886)
@@ -44,7 +44,7 @@
../../../common/compare_file.pl config/etc/group /etc/group
echo "OK"
echo -n "Check the shadow file..."
-../../../common/compare_file.pl config/etc/shadow /etc/shadow
+../../../common/compare_file.pl data/shadow /etc/shadow
echo "OK"
echo -n "Check the gshadow file..."
../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
Deleted: debian/trunk/tests/usertools/chpasswd-PAM/01_chpasswd_invalid_user/config/etc/login.defs
===================================================================
--- debian/trunk/tests/usertools/chpasswd/01_chpasswd_invalid_user/config/etc/login.defs 2009-04-30 21:53:54 UTC (rev 2853)
+++ debian/trunk/tests/usertools/chpasswd-PAM/01_chpasswd_invalid_user/config/etc/login.defs 2009-05-09 22:20:43 UTC (rev 2886)
@@ -1,318 +0,0 @@
-#
-# /etc/login.defs - Configuration control definitions for the login package.
-#
-# Three items must be defined: MAIL_DIR, ENV_SUPATH, and ENV_PATH.
-# If unspecified, some arbitrary (and possibly incorrect) value will
-# be assumed. All other items are optional - if not specified then
-# the described action or option will be inhibited.
-#
-# Comment lines (lines beginning with "#") and blank lines are ignored.
-#
-# Modified for Linux. --marekm
-
-# REQUIRED for useradd/userdel/usermod
-# Directory where mailboxes reside, _or_ name of file, relative to the
-# home directory. If you _do_ define MAIL_DIR and MAIL_FILE,
-# MAIL_DIR takes precedence.
-#
-# Essentially:
-# - MAIL_DIR defines the location of users mail spool files
-# (for mbox use) by appending the username to MAIL_DIR as defined
-# below.
-# - MAIL_FILE defines the location of the users mail spool files as the
-# fully-qualified filename obtained by prepending the user home
-# directory before $MAIL_FILE
-#
-# NOTE: This is no more used for setting up users MAIL environment variable
-# which is, starting from shadow 4.0.12-1 in Debian, entirely the
-# job of the pam_mail PAM modules
-# See default PAM configuration files provided for
-# login, su, etc.
-#
-# This is a temporary situation: setting these variables will soon
-# move to /etc/default/useradd and the variables will then be
-# no more supported
-MAIL_DIR /var/mail
-#MAIL_FILE .mail
-
-#
-# Enable logging and display of /var/log/faillog login failure info.
-# This option conflicts with the pam_tally PAM module.
-#
-FAILLOG_ENAB yes
-
-#
-# Enable display of unknown usernames when login failures are recorded.
-#
-# WARNING: Unknown usernames may become world readable.
-# See #290803 and #298773 for details about how this could become a security
-# concern
-LOG_UNKFAIL_ENAB no
-
-#
-# Enable logging of successful logins
-#
-LOG_OK_LOGINS no
-
-#
-# Enable "syslog" logging of su activity - in addition to sulog file logging.
-# SYSLOG_SG_ENAB does the same for newgrp and sg.
-#
-SYSLOG_SU_ENAB yes
-SYSLOG_SG_ENAB yes
-
-#
-# If defined, all su activity is logged to this file.
-#
-#SULOG_FILE /var/log/sulog
-
-#
-# If defined, file which maps tty line to TERM environment parameter.
-# Each line of the file is in a format something like "vt100 tty01".
-#
-#TTYTYPE_FILE /etc/ttytype
-
-#
-# If defined, login failures will be logged here in a utmp format
-# last, when invoked as lastb, will read /var/log/btmp, so...
-#
-FTMP_FILE /var/log/btmp
-
-#
-# If defined, the command name to display when running "su -". For
-# example, if this is defined as "su" then a "ps" will display the
-# command is "-su". If not defined, then "ps" would display the
-# name of the shell actually being run, e.g. something like "-sh".
-#
-SU_NAME su
-
-#
-# If defined, file which inhibits all the usual chatter during the login
-# sequence. If a full pathname, then hushed mode will be enabled if the
-# user's name or shell are found in the file. If not a full pathname, then
-# hushed mode will be enabled if the file exists in the user's home directory.
-#
-HUSHLOGIN_FILE .hushlogin
-#HUSHLOGIN_FILE /etc/hushlogins
-
-#
-# *REQUIRED* The default PATH settings, for superuser and normal users.
-#
-# (they are minimal, add the rest in the shell startup files)
-ENV_SUPATH PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
-ENV_PATH PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
-
-#
-# Terminal permissions
-#
-# TTYGROUP Login tty will be assigned this group ownership.
-# TTYPERM Login tty will be set to this permission.
-#
-# If you have a "write" program which is "setgid" to a special group
-# which owns the terminals, define TTYGROUP to the group number and
-# TTYPERM to 0620. Otherwise leave TTYGROUP commented out and assign
-# TTYPERM to either 622 or 600.
-#
-# In Debian /usr/bin/bsd-write or similar programs are setgid tty
-# However, the default and recommended value for TTYPERM is still 0600
-# to not allow anyone to write to anyone else console or terminal
-
-# Users can still allow other people to write them by issuing
-# the "mesg y" command.
-
-TTYGROUP tty
-TTYPERM 0600
-
-#
-# Login configuration initializations:
-#
-# ERASECHAR Terminal ERASE character ('\010' = backspace).
-# KILLCHAR Terminal KILL character ('\025' = CTRL/U).
-# UMASK Default "umask" value.
-#
-# The ERASECHAR and KILLCHAR are used only on System V machines.
-#
-# UMASK usage is discouraged because it catches only some classes of user
-# entries to system, in fact only those made through login(1), while setting
-# umask in shell rc file will catch also logins through su, cron, ssh etc.
-#
-# At the same time, using shell rc to set umask won't catch entries which use
-# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
-# user and alike.
-#
-# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
-# as the solution which catches all these cases on PAM-enabled systems.
-#
-# This avoids the confusion created by having the umask set
-# in two different places -- in login.defs and shell rc files (i.e.
-# /etc/profile).
-#
-# For discussion, see #314539 and #248150 as well as the thread starting at
-# http://lists.debian.org/debian-devel/2005/06/msg01598.html
-#
-# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
-#
-ERASECHAR 0177
-KILLCHAR 025
-# 022 is the "historical" value in Debian for UMASK when it was used
-# 027, or even 077, could be considered better for privacy
-# There is no One True Answer here : each sysadmin must make up his/her
-# mind.
-#UMASK 022
-
-#
-# Password aging controls:
-#
-# PASS_MAX_DAYS Maximum number of days a password may be used.
-# PASS_MIN_DAYS Minimum number of days allowed between password changes.
-# PASS_WARN_AGE Number of days warning given before a password expires.
-#
-PASS_MAX_DAYS 99999
-PASS_MIN_DAYS 0
-PASS_WARN_AGE 7
-
-#
-# Min/max values for automatic uid selection in useradd
-#
-UID_MIN 1000
-UID_MAX 60000
-
-#
-# Min/max values for automatic gid selection in groupadd
-#
-GID_MIN 100
-GID_MAX 60000
-
-#
-# Max number of login retries if password is bad. This will most likely be
-# overriden by PAM, since the default pam_unix module has it's own built
-# in of 3 retries. However, this is a safe fallback in case you are using
-# an authentication module that does not enforce PAM_MAXTRIES.
-#
-LOGIN_RETRIES 5
-
-#
-# Max time in seconds for login
-#
-LOGIN_TIMEOUT 60
-
-#
-# Which fields may be changed by regular users using chfn - use
-# any combination of letters "frwh" (full name, room number, work
-# phone, home phone). If not defined, no changes are allowed.
-# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
-#
-CHFN_RESTRICT rwh
-
-#
-# Should login be allowed if we can't cd to the home directory?
-# Default in no.
-#
-DEFAULT_HOME yes
-
-#
-# If defined, this command is run when removing a user.
-# It should remove any at/cron/print jobs etc. owned by
-# the user to be removed (passed as the first argument).
-#
-#USERDEL_CMD /usr/sbin/userdel_local
-
-#
-# This enables userdel to remove user groups if no members exist.
-#
-# Other former uses of this variable such as setting the umask when
-# user==primary group are not used in PAM environments, thus in Debian
-#
-USERGROUPS_ENAB yes
-
-#
-# Instead of the real user shell, the program specified by this parameter
-# will be launched, although its visible name (argv[0]) will be the shell's.
-# The program may do whatever it wants (logging, additional authentification,
-# banner, ...) before running the actual shell.
-#
-# FAKE_SHELL /bin/fakeshell
-
-#
-# If defined, either full pathname of a file containing device names or
-# a ":" delimited list of device names. Root logins will be allowed only
-# upon these devices.
-#
-# This variable is used by login and su.
-#
-#CONSOLE /etc/consoles
-#CONSOLE console:tty01:tty02:tty03:tty04
-
-#
-# List of groups to add to the user's supplementary group set
-# when logging in on the console (as determined by the CONSOLE
-# setting). Default is none.
-#
-# Use with caution - it is possible for users to gain permanent
-# access to these groups, even when not logged in on the console.
-# How to do it is left as an exercise for the reader...
-#
-# This variable is used by login and su.
-#
-#CONSOLE_GROUPS floppy:audio:cdrom
-
-#
-# Only works if compiled with MD5_CRYPT defined:
-# If set to "yes", new passwords will be encrypted using the MD5-based
-# algorithm compatible with the one used by recent releases of FreeBSD.
-# It supports passwords of unlimited length and longer salt strings.
-# Set to "no" if you need to copy encrypted passwords to other systems
-# which don't understand the new algorithm. Default is "no".
-#
-# This variable is used by chpasswd, gpasswd and newusers.
-#
-#MD5_CRYPT_ENAB no
-ENCRYPT_METHOD DES
-#SHA_CRYPT_MIN_ROUNDS 5000
-#SHA_CRYPT_MAX_ROUNDS 5000
-
-################# OBSOLETED BY PAM ##############
-# #
-# These options are now handled by PAM. Please #
-# edit the appropriate file in /etc/pam.d/ to #
-# enable the equivelants of them.
-#
-###############
-
-#MOTD_FILE
-#DIALUPS_CHECK_ENAB
-#LASTLOG_ENAB
-#MAIL_CHECK_ENAB
-#OBSCURE_CHECKS_ENAB
-#PORTTIME_CHECKS_ENAB
-#SU_WHEEL_ONLY
-#CRACKLIB_DICTPATH
-#PASS_CHANGE_TRIES
-#PASS_ALWAYS_WARN
-#ENVIRON_FILE
-#NOLOGINS_FILE
-#ISSUE_FILE
-#PASS_MIN_LEN
-#PASS_MAX_LEN
-#ULIMIT
-#ENV_HZ
-#CHFN_AUTH
-#CHSH_AUTH
-#FAIL_DELAY
-
-################# OBSOLETED #######################
-# #
-# These options are no more handled by shadow. #
-# #
-# Shadow utilities will display a warning if they #
-# still appear. #
-# #
-###################################################
-
-# CLOSE_SESSIONS
-# LOGIN_STRING
-# NO_PASSWORD_CONSOLE
-# QMAIL_DIR
-
-
-
Added: debian/trunk/tests/usertools/chpasswd-PAM/01_chpasswd_invalid_user/config/etc/pam.d/chpasswd
===================================================================
--- debian/trunk/tests/usertools/chpasswd-PAM/01_chpasswd_invalid_user/config/etc/pam.d/chpasswd (rev 0)
+++ debian/trunk/tests/usertools/chpasswd-PAM/01_chpasswd_invalid_user/config/etc/pam.d/chpasswd 2009-05-09 22:20:43 UTC (rev 2886)
@@ -0,0 +1,6 @@
+#
+# The PAM configuration file for the Shadow `chpasswd' service
+#
+
+ at include common-password
+
Added: debian/trunk/tests/usertools/chpasswd-PAM/01_chpasswd_invalid_user/config/etc/pam.d/common-password
===================================================================
--- debian/trunk/tests/usertools/chpasswd-PAM/01_chpasswd_invalid_user/config/etc/pam.d/common-password (rev 0)
+++ debian/trunk/tests/usertools/chpasswd-PAM/01_chpasswd_invalid_user/config/etc/pam.d/common-password 2009-05-09 22:20:43 UTC (rev 2886)
@@ -0,0 +1,33 @@
+#
+# /etc/pam.d/common-password - password-related modules common to all services
+#
+# This file is included from other service-specific PAM config files,
+# and should contain a list of modules that define the services to be
+# used to change user passwords. The default is pam_unix.
+
+# Explanation of pam_unix options:
+#
+# The "md5" option enables MD5 passwords. Without this option, the
+# default is Unix crypt.
+#
+# The "obscure" option replaces the old `OBSCURE_CHECKS_ENAB' option in
+# login.defs.
+#
+# See the pam_unix manpage for other options.
+
+# As of pam 1.0.1-6, this file is managed by pam-auth-update by default.
+# To take advantage of this, it is recommended that you configure any
+# local modules either before or after the default block, and use
+# pam-auth-update to manage selection of other modules. See
+# pam-auth-update(8) for details.
+
+# here are the per-package modules (the "Primary" block)
+password [success=1 default=ignore] pam_unix.so obscure md5
+# here's the fallback if no module succeeds
+password requisite pam_deny.so
+# prime the stack with a positive return value if there isn't one already;
+# this avoids us returning an error just because nothing sets a success code
+# since the modules above will each just jump around
+password required pam_permit.so
+# and here are more per-package modules (the "Additional" block)
+# end of pam-auth-update config
Modified: debian/trunk/tests/usertools/chpasswd-PAM/01_chpasswd_invalid_user/data/chpasswd.err
===================================================================
--- debian/trunk/tests/usertools/chpasswd/01_chpasswd_invalid_user/data/chpasswd.err 2009-04-30 21:53:54 UTC (rev 2853)
+++ debian/trunk/tests/usertools/chpasswd-PAM/01_chpasswd_invalid_user/data/chpasswd.err 2009-05-09 22:20:43 UTC (rev 2886)
@@ -1,2 +1,3 @@
-chpasswd: line 3: user 'foooo' does not exist
-chpasswd: error detected, changes ignored
+chpasswd: (user foooo) pam_chauthtok() failed, error:
+Authentication token manipulation error
+chpasswd: (line 3, user foooo) password not changed
Added: debian/trunk/tests/usertools/chpasswd-PAM/01_chpasswd_invalid_user/data/shadow
===================================================================
--- debian/trunk/tests/usertools/chpasswd-PAM/01_chpasswd_invalid_user/data/shadow (rev 0)
+++ debian/trunk/tests/usertools/chpasswd-PAM/01_chpasswd_invalid_user/data/shadow 2009-05-09 22:20:43 UTC (rev 2886)
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:@PASS_MD5 test2@:@TODAY@:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:@PASS_MD5 test@:@TODAY@:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
Deleted: debian/trunk/tests/usertools/chpasswd-PAM/02_chpasswd_multiple_users/config/etc/login.defs
===================================================================
--- debian/trunk/tests/usertools/chpasswd/02_chpasswd_multiple_users/config/etc/login.defs 2009-04-30 21:53:54 UTC (rev 2853)
+++ debian/trunk/tests/usertools/chpasswd-PAM/02_chpasswd_multiple_users/config/etc/login.defs 2009-05-09 22:20:43 UTC (rev 2886)
@@ -1,318 +0,0 @@
-#
-# /etc/login.defs - Configuration control definitions for the login package.
-#
-# Three items must be defined: MAIL_DIR, ENV_SUPATH, and ENV_PATH.
-# If unspecified, some arbitrary (and possibly incorrect) value will
-# be assumed. All other items are optional - if not specified then
-# the described action or option will be inhibited.
-#
-# Comment lines (lines beginning with "#") and blank lines are ignored.
-#
-# Modified for Linux. --marekm
-
-# REQUIRED for useradd/userdel/usermod
-# Directory where mailboxes reside, _or_ name of file, relative to the
-# home directory. If you _do_ define MAIL_DIR and MAIL_FILE,
-# MAIL_DIR takes precedence.
-#
-# Essentially:
-# - MAIL_DIR defines the location of users mail spool files
-# (for mbox use) by appending the username to MAIL_DIR as defined
-# below.
-# - MAIL_FILE defines the location of the users mail spool files as the
-# fully-qualified filename obtained by prepending the user home
-# directory before $MAIL_FILE
-#
-# NOTE: This is no more used for setting up users MAIL environment variable
-# which is, starting from shadow 4.0.12-1 in Debian, entirely the
-# job of the pam_mail PAM modules
-# See default PAM configuration files provided for
-# login, su, etc.
-#
-# This is a temporary situation: setting these variables will soon
-# move to /etc/default/useradd and the variables will then be
-# no more supported
-MAIL_DIR /var/mail
-#MAIL_FILE .mail
-
-#
-# Enable logging and display of /var/log/faillog login failure info.
-# This option conflicts with the pam_tally PAM module.
-#
-FAILLOG_ENAB yes
-
-#
-# Enable display of unknown usernames when login failures are recorded.
-#
-# WARNING: Unknown usernames may become world readable.
-# See #290803 and #298773 for details about how this could become a security
-# concern
-LOG_UNKFAIL_ENAB no
-
-#
-# Enable logging of successful logins
-#
-LOG_OK_LOGINS no
-
-#
-# Enable "syslog" logging of su activity - in addition to sulog file logging.
-# SYSLOG_SG_ENAB does the same for newgrp and sg.
-#
-SYSLOG_SU_ENAB yes
-SYSLOG_SG_ENAB yes
-
-#
-# If defined, all su activity is logged to this file.
-#
-#SULOG_FILE /var/log/sulog
-
-#
-# If defined, file which maps tty line to TERM environment parameter.
-# Each line of the file is in a format something like "vt100 tty01".
-#
-#TTYTYPE_FILE /etc/ttytype
-
-#
-# If defined, login failures will be logged here in a utmp format
-# last, when invoked as lastb, will read /var/log/btmp, so...
-#
-FTMP_FILE /var/log/btmp
-
-#
-# If defined, the command name to display when running "su -". For
-# example, if this is defined as "su" then a "ps" will display the
-# command is "-su". If not defined, then "ps" would display the
-# name of the shell actually being run, e.g. something like "-sh".
-#
-SU_NAME su
-
-#
-# If defined, file which inhibits all the usual chatter during the login
-# sequence. If a full pathname, then hushed mode will be enabled if the
-# user's name or shell are found in the file. If not a full pathname, then
-# hushed mode will be enabled if the file exists in the user's home directory.
-#
-HUSHLOGIN_FILE .hushlogin
-#HUSHLOGIN_FILE /etc/hushlogins
-
-#
-# *REQUIRED* The default PATH settings, for superuser and normal users.
-#
-# (they are minimal, add the rest in the shell startup files)
-ENV_SUPATH PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
-ENV_PATH PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
-
-#
-# Terminal permissions
-#
-# TTYGROUP Login tty will be assigned this group ownership.
-# TTYPERM Login tty will be set to this permission.
-#
-# If you have a "write" program which is "setgid" to a special group
-# which owns the terminals, define TTYGROUP to the group number and
-# TTYPERM to 0620. Otherwise leave TTYGROUP commented out and assign
-# TTYPERM to either 622 or 600.
-#
-# In Debian /usr/bin/bsd-write or similar programs are setgid tty
-# However, the default and recommended value for TTYPERM is still 0600
-# to not allow anyone to write to anyone else console or terminal
-
-# Users can still allow other people to write them by issuing
-# the "mesg y" command.
-
-TTYGROUP tty
-TTYPERM 0600
-
-#
-# Login configuration initializations:
-#
-# ERASECHAR Terminal ERASE character ('\010' = backspace).
-# KILLCHAR Terminal KILL character ('\025' = CTRL/U).
-# UMASK Default "umask" value.
-#
-# The ERASECHAR and KILLCHAR are used only on System V machines.
-#
-# UMASK usage is discouraged because it catches only some classes of user
-# entries to system, in fact only those made through login(1), while setting
-# umask in shell rc file will catch also logins through su, cron, ssh etc.
-#
-# At the same time, using shell rc to set umask won't catch entries which use
-# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
-# user and alike.
-#
-# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
-# as the solution which catches all these cases on PAM-enabled systems.
-#
-# This avoids the confusion created by having the umask set
-# in two different places -- in login.defs and shell rc files (i.e.
-# /etc/profile).
-#
-# For discussion, see #314539 and #248150 as well as the thread starting at
-# http://lists.debian.org/debian-devel/2005/06/msg01598.html
-#
-# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
-#
-ERASECHAR 0177
-KILLCHAR 025
-# 022 is the "historical" value in Debian for UMASK when it was used
-# 027, or even 077, could be considered better for privacy
-# There is no One True Answer here : each sysadmin must make up his/her
-# mind.
-#UMASK 022
-
-#
-# Password aging controls:
-#
-# PASS_MAX_DAYS Maximum number of days a password may be used.
-# PASS_MIN_DAYS Minimum number of days allowed between password changes.
-# PASS_WARN_AGE Number of days warning given before a password expires.
-#
-PASS_MAX_DAYS 99999
-PASS_MIN_DAYS 0
-PASS_WARN_AGE 7
-
-#
-# Min/max values for automatic uid selection in useradd
-#
-UID_MIN 1000
-UID_MAX 60000
-
-#
-# Min/max values for automatic gid selection in groupadd
-#
-GID_MIN 100
-GID_MAX 60000
-
-#
-# Max number of login retries if password is bad. This will most likely be
-# overriden by PAM, since the default pam_unix module has it's own built
-# in of 3 retries. However, this is a safe fallback in case you are using
-# an authentication module that does not enforce PAM_MAXTRIES.
-#
-LOGIN_RETRIES 5
-
-#
-# Max time in seconds for login
-#
-LOGIN_TIMEOUT 60
-
-#
-# Which fields may be changed by regular users using chfn - use
-# any combination of letters "frwh" (full name, room number, work
-# phone, home phone). If not defined, no changes are allowed.
-# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
-#
-CHFN_RESTRICT rwh
-
-#
-# Should login be allowed if we can't cd to the home directory?
-# Default in no.
-#
-DEFAULT_HOME yes
-
-#
-# If defined, this command is run when removing a user.
-# It should remove any at/cron/print jobs etc. owned by
-# the user to be removed (passed as the first argument).
-#
-#USERDEL_CMD /usr/sbin/userdel_local
-
-#
-# This enables userdel to remove user groups if no members exist.
-#
-# Other former uses of this variable such as setting the umask when
-# user==primary group are not used in PAM environments, thus in Debian
-#
-USERGROUPS_ENAB yes
-
-#
-# Instead of the real user shell, the program specified by this parameter
-# will be launched, although its visible name (argv[0]) will be the shell's.
-# The program may do whatever it wants (logging, additional authentification,
-# banner, ...) before running the actual shell.
-#
-# FAKE_SHELL /bin/fakeshell
-
-#
-# If defined, either full pathname of a file containing device names or
-# a ":" delimited list of device names. Root logins will be allowed only
-# upon these devices.
-#
-# This variable is used by login and su.
-#
-#CONSOLE /etc/consoles
-#CONSOLE console:tty01:tty02:tty03:tty04
-
-#
-# List of groups to add to the user's supplementary group set
-# when logging in on the console (as determined by the CONSOLE
-# setting). Default is none.
-#
-# Use with caution - it is possible for users to gain permanent
-# access to these groups, even when not logged in on the console.
-# How to do it is left as an exercise for the reader...
-#
-# This variable is used by login and su.
-#
-#CONSOLE_GROUPS floppy:audio:cdrom
-
-#
-# Only works if compiled with MD5_CRYPT defined:
-# If set to "yes", new passwords will be encrypted using the MD5-based
-# algorithm compatible with the one used by recent releases of FreeBSD.
-# It supports passwords of unlimited length and longer salt strings.
-# Set to "no" if you need to copy encrypted passwords to other systems
-# which don't understand the new algorithm. Default is "no".
-#
-# This variable is used by chpasswd, gpasswd and newusers.
-#
-#MD5_CRYPT_ENAB no
-ENCRYPT_METHOD DES
-#SHA_CRYPT_MIN_ROUNDS 5000
-#SHA_CRYPT_MAX_ROUNDS 5000
-
-################# OBSOLETED BY PAM ##############
-# #
-# These options are now handled by PAM. Please #
-# edit the appropriate file in /etc/pam.d/ to #
-# enable the equivelants of them.
-#
-###############
-
-#MOTD_FILE
-#DIALUPS_CHECK_ENAB
-#LASTLOG_ENAB
-#MAIL_CHECK_ENAB
-#OBSCURE_CHECKS_ENAB
-#PORTTIME_CHECKS_ENAB
-#SU_WHEEL_ONLY
-#CRACKLIB_DICTPATH
-#PASS_CHANGE_TRIES
-#PASS_ALWAYS_WARN
-#ENVIRON_FILE
-#NOLOGINS_FILE
-#ISSUE_FILE
-#PASS_MIN_LEN
-#PASS_MAX_LEN
-#ULIMIT
-#ENV_HZ
-#CHFN_AUTH
-#CHSH_AUTH
-#FAIL_DELAY
-
-################# OBSOLETED #######################
-# #
-# These options are no more handled by shadow. #
-# #
-# Shadow utilities will display a warning if they #
-# still appear. #
-# #
-###################################################
-
-# CLOSE_SESSIONS
-# LOGIN_STRING
-# NO_PASSWORD_CONSOLE
-# QMAIL_DIR
-
-
-
Added: debian/trunk/tests/usertools/chpasswd-PAM/02_chpasswd_multiple_users/config/etc/pam.d/chpasswd
===================================================================
--- debian/trunk/tests/usertools/chpasswd-PAM/02_chpasswd_multiple_users/config/etc/pam.d/chpasswd (rev 0)
+++ debian/trunk/tests/usertools/chpasswd-PAM/02_chpasswd_multiple_users/config/etc/pam.d/chpasswd 2009-05-09 22:20:43 UTC (rev 2886)
@@ -0,0 +1,6 @@
+#
+# The PAM configuration file for the Shadow `chpasswd' service
+#
+
+ at include common-password
+
Added: debian/trunk/tests/usertools/chpasswd-PAM/02_chpasswd_multiple_users/config/etc/pam.d/common-password
===================================================================
--- debian/trunk/tests/usertools/chpasswd-PAM/02_chpasswd_multiple_users/config/etc/pam.d/common-password (rev 0)
+++ debian/trunk/tests/usertools/chpasswd-PAM/02_chpasswd_multiple_users/config/etc/pam.d/common-password 2009-05-09 22:20:43 UTC (rev 2886)
@@ -0,0 +1,33 @@
+#
+# /etc/pam.d/common-password - password-related modules common to all services
+#
+# This file is included from other service-specific PAM config files,
+# and should contain a list of modules that define the services to be
+# used to change user passwords. The default is pam_unix.
+
+# Explanation of pam_unix options:
+#
+# The "md5" option enables MD5 passwords. Without this option, the
+# default is Unix crypt.
+#
+# The "obscure" option replaces the old `OBSCURE_CHECKS_ENAB' option in
+# login.defs.
+#
+# See the pam_unix manpage for other options.
+
+# As of pam 1.0.1-6, this file is managed by pam-auth-update by default.
+# To take advantage of this, it is recommended that you configure any
+# local modules either before or after the default block, and use
+# pam-auth-update to manage selection of other modules. See
+# pam-auth-update(8) for details.
+
+# here are the per-package modules (the "Primary" block)
+password [success=1 default=ignore] pam_unix.so obscure
+# here's the fallback if no module succeeds
+password requisite pam_deny.so
+# prime the stack with a positive return value if there isn't one already;
+# this avoids us returning an error just because nothing sets a success code
+# since the modules above will each just jump around
+password required pam_permit.so
+# and here are more per-package modules (the "Additional" block)
+# end of pam-auth-update config
Modified: debian/trunk/tests/usertools/chpasswd-PAM/03_chpasswd_no_shadow_file/chpasswd.test
===================================================================
--- debian/trunk/tests/usertools/chpasswd/03_chpasswd_no_shadow_file/chpasswd.test 2009-04-30 21:53:54 UTC (rev 2853)
+++ debian/trunk/tests/usertools/chpasswd-PAM/03_chpasswd_no_shadow_file/chpasswd.test 2009-05-09 22:20:43 UTC (rev 2886)
@@ -22,11 +22,26 @@
echo -n "Change nobody's and lp's password..."
echo 'nobody:test
-lp:test2' | chpasswd
+lp:test2' | chpasswd 2>tmp/chpasswd.err && exit 1 || {
+ status=$?
+}
echo "OK"
+echo -n "Check returned status ($status)..."
+test "$status" = "1"
+echo "OK"
+
+echo "chpasswd reported:"
+echo "======================================================================="
+cat tmp/chpasswd.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/chpasswd.err tmp/chpasswd.err
+echo "error message OK."
+rm -f tmp/chpasswd.err
+
echo -n "Check the passwd file..."
-../../../common/compare_file.pl data/passwd /etc/passwd
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
echo "OK"
echo -n "Check the group file..."
../../../common/compare_file.pl config/etc/group /etc/group
Deleted: debian/trunk/tests/usertools/chpasswd-PAM/03_chpasswd_no_shadow_file/config/etc/login.defs
===================================================================
--- debian/trunk/tests/usertools/chpasswd/03_chpasswd_no_shadow_file/config/etc/login.defs 2009-04-30 21:53:54 UTC (rev 2853)
+++ debian/trunk/tests/usertools/chpasswd-PAM/03_chpasswd_no_shadow_file/config/etc/login.defs 2009-05-09 22:20:43 UTC (rev 2886)
@@ -1,318 +0,0 @@
-#
-# /etc/login.defs - Configuration control definitions for the login package.
-#
-# Three items must be defined: MAIL_DIR, ENV_SUPATH, and ENV_PATH.
-# If unspecified, some arbitrary (and possibly incorrect) value will
-# be assumed. All other items are optional - if not specified then
-# the described action or option will be inhibited.
-#
-# Comment lines (lines beginning with "#") and blank lines are ignored.
-#
-# Modified for Linux. --marekm
-
-# REQUIRED for useradd/userdel/usermod
-# Directory where mailboxes reside, _or_ name of file, relative to the
-# home directory. If you _do_ define MAIL_DIR and MAIL_FILE,
-# MAIL_DIR takes precedence.
-#
-# Essentially:
-# - MAIL_DIR defines the location of users mail spool files
-# (for mbox use) by appending the username to MAIL_DIR as defined
-# below.
-# - MAIL_FILE defines the location of the users mail spool files as the
-# fully-qualified filename obtained by prepending the user home
-# directory before $MAIL_FILE
-#
-# NOTE: This is no more used for setting up users MAIL environment variable
-# which is, starting from shadow 4.0.12-1 in Debian, entirely the
-# job of the pam_mail PAM modules
-# See default PAM configuration files provided for
-# login, su, etc.
-#
-# This is a temporary situation: setting these variables will soon
-# move to /etc/default/useradd and the variables will then be
-# no more supported
-MAIL_DIR /var/mail
-#MAIL_FILE .mail
-
-#
-# Enable logging and display of /var/log/faillog login failure info.
-# This option conflicts with the pam_tally PAM module.
-#
-FAILLOG_ENAB yes
-
-#
-# Enable display of unknown usernames when login failures are recorded.
-#
-# WARNING: Unknown usernames may become world readable.
-# See #290803 and #298773 for details about how this could become a security
-# concern
-LOG_UNKFAIL_ENAB no
-
-#
-# Enable logging of successful logins
-#
-LOG_OK_LOGINS no
-
-#
-# Enable "syslog" logging of su activity - in addition to sulog file logging.
-# SYSLOG_SG_ENAB does the same for newgrp and sg.
-#
-SYSLOG_SU_ENAB yes
-SYSLOG_SG_ENAB yes
-
-#
-# If defined, all su activity is logged to this file.
-#
-#SULOG_FILE /var/log/sulog
-
-#
-# If defined, file which maps tty line to TERM environment parameter.
-# Each line of the file is in a format something like "vt100 tty01".
-#
-#TTYTYPE_FILE /etc/ttytype
-
-#
-# If defined, login failures will be logged here in a utmp format
-# last, when invoked as lastb, will read /var/log/btmp, so...
-#
-FTMP_FILE /var/log/btmp
-
-#
-# If defined, the command name to display when running "su -". For
-# example, if this is defined as "su" then a "ps" will display the
-# command is "-su". If not defined, then "ps" would display the
-# name of the shell actually being run, e.g. something like "-sh".
-#
-SU_NAME su
-
-#
-# If defined, file which inhibits all the usual chatter during the login
-# sequence. If a full pathname, then hushed mode will be enabled if the
-# user's name or shell are found in the file. If not a full pathname, then
-# hushed mode will be enabled if the file exists in the user's home directory.
-#
-HUSHLOGIN_FILE .hushlogin
-#HUSHLOGIN_FILE /etc/hushlogins
-
-#
-# *REQUIRED* The default PATH settings, for superuser and normal users.
-#
-# (they are minimal, add the rest in the shell startup files)
-ENV_SUPATH PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
-ENV_PATH PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
-
-#
-# Terminal permissions
-#
-# TTYGROUP Login tty will be assigned this group ownership.
-# TTYPERM Login tty will be set to this permission.
-#
-# If you have a "write" program which is "setgid" to a special group
-# which owns the terminals, define TTYGROUP to the group number and
-# TTYPERM to 0620. Otherwise leave TTYGROUP commented out and assign
-# TTYPERM to either 622 or 600.
-#
-# In Debian /usr/bin/bsd-write or similar programs are setgid tty
-# However, the default and recommended value for TTYPERM is still 0600
-# to not allow anyone to write to anyone else console or terminal
-
-# Users can still allow other people to write them by issuing
-# the "mesg y" command.
-
-TTYGROUP tty
-TTYPERM 0600
-
-#
-# Login configuration initializations:
-#
-# ERASECHAR Terminal ERASE character ('\010' = backspace).
-# KILLCHAR Terminal KILL character ('\025' = CTRL/U).
-# UMASK Default "umask" value.
-#
-# The ERASECHAR and KILLCHAR are used only on System V machines.
-#
-# UMASK usage is discouraged because it catches only some classes of user
-# entries to system, in fact only those made through login(1), while setting
-# umask in shell rc file will catch also logins through su, cron, ssh etc.
-#
-# At the same time, using shell rc to set umask won't catch entries which use
-# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
-# user and alike.
-#
-# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
-# as the solution which catches all these cases on PAM-enabled systems.
-#
-# This avoids the confusion created by having the umask set
-# in two different places -- in login.defs and shell rc files (i.e.
-# /etc/profile).
-#
-# For discussion, see #314539 and #248150 as well as the thread starting at
-# http://lists.debian.org/debian-devel/2005/06/msg01598.html
-#
-# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
-#
-ERASECHAR 0177
-KILLCHAR 025
-# 022 is the "historical" value in Debian for UMASK when it was used
-# 027, or even 077, could be considered better for privacy
-# There is no One True Answer here : each sysadmin must make up his/her
-# mind.
-#UMASK 022
-
-#
-# Password aging controls:
-#
-# PASS_MAX_DAYS Maximum number of days a password may be used.
-# PASS_MIN_DAYS Minimum number of days allowed between password changes.
-# PASS_WARN_AGE Number of days warning given before a password expires.
-#
-PASS_MAX_DAYS 99999
-PASS_MIN_DAYS 0
-PASS_WARN_AGE 7
-
-#
-# Min/max values for automatic uid selection in useradd
-#
-UID_MIN 1000
-UID_MAX 60000
-
-#
-# Min/max values for automatic gid selection in groupadd
-#
-GID_MIN 100
-GID_MAX 60000
-
-#
-# Max number of login retries if password is bad. This will most likely be
-# overriden by PAM, since the default pam_unix module has it's own built
-# in of 3 retries. However, this is a safe fallback in case you are using
-# an authentication module that does not enforce PAM_MAXTRIES.
-#
-LOGIN_RETRIES 5
-
-#
-# Max time in seconds for login
-#
-LOGIN_TIMEOUT 60
-
-#
-# Which fields may be changed by regular users using chfn - use
-# any combination of letters "frwh" (full name, room number, work
-# phone, home phone). If not defined, no changes are allowed.
-# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
-#
-CHFN_RESTRICT rwh
-
-#
-# Should login be allowed if we can't cd to the home directory?
-# Default in no.
-#
-DEFAULT_HOME yes
-
-#
-# If defined, this command is run when removing a user.
-# It should remove any at/cron/print jobs etc. owned by
-# the user to be removed (passed as the first argument).
-#
-#USERDEL_CMD /usr/sbin/userdel_local
-
-#
-# This enables userdel to remove user groups if no members exist.
-#
-# Other former uses of this variable such as setting the umask when
-# user==primary group are not used in PAM environments, thus in Debian
-#
-USERGROUPS_ENAB yes
-
-#
-# Instead of the real user shell, the program specified by this parameter
-# will be launched, although its visible name (argv[0]) will be the shell's.
-# The program may do whatever it wants (logging, additional authentification,
-# banner, ...) before running the actual shell.
-#
-# FAKE_SHELL /bin/fakeshell
-
-#
-# If defined, either full pathname of a file containing device names or
-# a ":" delimited list of device names. Root logins will be allowed only
-# upon these devices.
-#
-# This variable is used by login and su.
-#
-#CONSOLE /etc/consoles
-#CONSOLE console:tty01:tty02:tty03:tty04
-
-#
-# List of groups to add to the user's supplementary group set
-# when logging in on the console (as determined by the CONSOLE
-# setting). Default is none.
-#
-# Use with caution - it is possible for users to gain permanent
-# access to these groups, even when not logged in on the console.
-# How to do it is left as an exercise for the reader...
-#
-# This variable is used by login and su.
-#
-#CONSOLE_GROUPS floppy:audio:cdrom
-
-#
-# Only works if compiled with MD5_CRYPT defined:
-# If set to "yes", new passwords will be encrypted using the MD5-based
-# algorithm compatible with the one used by recent releases of FreeBSD.
-# It supports passwords of unlimited length and longer salt strings.
-# Set to "no" if you need to copy encrypted passwords to other systems
-# which don't understand the new algorithm. Default is "no".
-#
-# This variable is used by chpasswd, gpasswd and newusers.
-#
-#MD5_CRYPT_ENAB no
-ENCRYPT_METHOD DES
-#SHA_CRYPT_MIN_ROUNDS 5000
-#SHA_CRYPT_MAX_ROUNDS 5000
-
-################# OBSOLETED BY PAM ##############
-# #
-# These options are now handled by PAM. Please #
-# edit the appropriate file in /etc/pam.d/ to #
-# enable the equivelants of them.
-#
-###############
-
-#MOTD_FILE
-#DIALUPS_CHECK_ENAB
-#LASTLOG_ENAB
-#MAIL_CHECK_ENAB
-#OBSCURE_CHECKS_ENAB
-#PORTTIME_CHECKS_ENAB
-#SU_WHEEL_ONLY
-#CRACKLIB_DICTPATH
-#PASS_CHANGE_TRIES
-#PASS_ALWAYS_WARN
-#ENVIRON_FILE
-#NOLOGINS_FILE
-#ISSUE_FILE
-#PASS_MIN_LEN
-#PASS_MAX_LEN
-#ULIMIT
-#ENV_HZ
-#CHFN_AUTH
-#CHSH_AUTH
-#FAIL_DELAY
-
-################# OBSOLETED #######################
-# #
-# These options are no more handled by shadow. #
-# #
-# Shadow utilities will display a warning if they #
-# still appear. #
-# #
-###################################################
-
-# CLOSE_SESSIONS
-# LOGIN_STRING
-# NO_PASSWORD_CONSOLE
-# QMAIL_DIR
-
-
-
Added: debian/trunk/tests/usertools/chpasswd-PAM/03_chpasswd_no_shadow_file/data/chpasswd.err
===================================================================
--- debian/trunk/tests/usertools/chpasswd-PAM/03_chpasswd_no_shadow_file/data/chpasswd.err (rev 0)
+++ debian/trunk/tests/usertools/chpasswd-PAM/03_chpasswd_no_shadow_file/data/chpasswd.err 2009-05-09 22:20:43 UTC (rev 2886)
@@ -0,0 +1,6 @@
+chpasswd: (user nobody) pam_chauthtok() failed, error:
+Authentication token manipulation error
+chpasswd: (line 1, user nobody) password not changed
+chpasswd: (user lp) pam_chauthtok() failed, error:
+Authentication token manipulation error
+chpasswd: (line 2, user lp) password not changed
Modified: debian/trunk/tests/usertools/chpasswd-PAM/04_chpasswd_no_shadow_entry/chpasswd.test
===================================================================
--- debian/trunk/tests/usertools/chpasswd/04_chpasswd_no_shadow_entry/chpasswd.test 2009-04-30 21:53:54 UTC (rev 2853)
+++ debian/trunk/tests/usertools/chpasswd-PAM/04_chpasswd_no_shadow_entry/chpasswd.test 2009-05-09 22:20:43 UTC (rev 2886)
@@ -18,11 +18,26 @@
echo -n "Change nobody's and lp's password..."
echo 'nobody:test
-lp:test2' | chpasswd
+lp:test2' | chpasswd 2>tmp/chpasswd.err && exit 1 || {
+ status=$?
+}
echo "OK"
+echo -n "Check returned status ($status)..."
+test "$status" = "1"
+echo "OK"
+
+echo "chpasswd reported:"
+echo "======================================================================="
+cat tmp/chpasswd.err
+echo "======================================================================="
+echo -n "Check that there were a failure message..."
+diff -au data/chpasswd.err tmp/chpasswd.err
+echo "error message OK."
+rm -f tmp/chpasswd.err
+
echo -n "Check the passwd file..."
-../../../common/compare_file.pl data/passwd /etc/passwd
+../../../common/compare_file.pl config/etc/passwd /etc/passwd
echo "OK"
echo -n "Check the group file..."
../../../common/compare_file.pl config/etc/group /etc/group
Deleted: debian/trunk/tests/usertools/chpasswd-PAM/04_chpasswd_no_shadow_entry/config/etc/login.defs
===================================================================
--- debian/trunk/tests/usertools/chpasswd/04_chpasswd_no_shadow_entry/config/etc/login.defs 2009-04-30 21:53:54 UTC (rev 2853)
+++ debian/trunk/tests/usertools/chpasswd-PAM/04_chpasswd_no_shadow_entry/config/etc/login.defs 2009-05-09 22:20:43 UTC (rev 2886)
@@ -1,318 +0,0 @@
-#
-# /etc/login.defs - Configuration control definitions for the login package.
-#
-# Three items must be defined: MAIL_DIR, ENV_SUPATH, and ENV_PATH.
-# If unspecified, some arbitrary (and possibly incorrect) value will
-# be assumed. All other items are optional - if not specified then
-# the described action or option will be inhibited.
-#
-# Comment lines (lines beginning with "#") and blank lines are ignored.
-#
-# Modified for Linux. --marekm
-
-# REQUIRED for useradd/userdel/usermod
-# Directory where mailboxes reside, _or_ name of file, relative to the
-# home directory. If you _do_ define MAIL_DIR and MAIL_FILE,
-# MAIL_DIR takes precedence.
-#
-# Essentially:
-# - MAIL_DIR defines the location of users mail spool files
-# (for mbox use) by appending the username to MAIL_DIR as defined
-# below.
-# - MAIL_FILE defines the location of the users mail spool files as the
-# fully-qualified filename obtained by prepending the user home
-# directory before $MAIL_FILE
-#
-# NOTE: This is no more used for setting up users MAIL environment variable
-# which is, starting from shadow 4.0.12-1 in Debian, entirely the
-# job of the pam_mail PAM modules
-# See default PAM configuration files provided for
-# login, su, etc.
-#
-# This is a temporary situation: setting these variables will soon
-# move to /etc/default/useradd and the variables will then be
-# no more supported
-MAIL_DIR /var/mail
-#MAIL_FILE .mail
-
-#
-# Enable logging and display of /var/log/faillog login failure info.
-# This option conflicts with the pam_tally PAM module.
-#
-FAILLOG_ENAB yes
-
-#
-# Enable display of unknown usernames when login failures are recorded.
-#
-# WARNING: Unknown usernames may become world readable.
-# See #290803 and #298773 for details about how this could become a security
-# concern
-LOG_UNKFAIL_ENAB no
-
-#
-# Enable logging of successful logins
-#
-LOG_OK_LOGINS no
-
-#
-# Enable "syslog" logging of su activity - in addition to sulog file logging.
-# SYSLOG_SG_ENAB does the same for newgrp and sg.
-#
-SYSLOG_SU_ENAB yes
-SYSLOG_SG_ENAB yes
-
-#
-# If defined, all su activity is logged to this file.
-#
-#SULOG_FILE /var/log/sulog
-
-#
-# If defined, file which maps tty line to TERM environment parameter.
-# Each line of the file is in a format something like "vt100 tty01".
-#
-#TTYTYPE_FILE /etc/ttytype
-
-#
-# If defined, login failures will be logged here in a utmp format
-# last, when invoked as lastb, will read /var/log/btmp, so...
-#
-FTMP_FILE /var/log/btmp
-
-#
-# If defined, the command name to display when running "su -". For
-# example, if this is defined as "su" then a "ps" will display the
-# command is "-su". If not defined, then "ps" would display the
-# name of the shell actually being run, e.g. something like "-sh".
-#
-SU_NAME su
-
-#
-# If defined, file which inhibits all the usual chatter during the login
-# sequence. If a full pathname, then hushed mode will be enabled if the
-# user's name or shell are found in the file. If not a full pathname, then
-# hushed mode will be enabled if the file exists in the user's home directory.
-#
-HUSHLOGIN_FILE .hushlogin
-#HUSHLOGIN_FILE /etc/hushlogins
-
-#
-# *REQUIRED* The default PATH settings, for superuser and normal users.
-#
-# (they are minimal, add the rest in the shell startup files)
-ENV_SUPATH PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
-ENV_PATH PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
-
-#
-# Terminal permissions
-#
-# TTYGROUP Login tty will be assigned this group ownership.
-# TTYPERM Login tty will be set to this permission.
-#
-# If you have a "write" program which is "setgid" to a special group
-# which owns the terminals, define TTYGROUP to the group number and
-# TTYPERM to 0620. Otherwise leave TTYGROUP commented out and assign
-# TTYPERM to either 622 or 600.
-#
-# In Debian /usr/bin/bsd-write or similar programs are setgid tty
-# However, the default and recommended value for TTYPERM is still 0600
-# to not allow anyone to write to anyone else console or terminal
-
-# Users can still allow other people to write them by issuing
-# the "mesg y" command.
-
-TTYGROUP tty
-TTYPERM 0600
-
-#
-# Login configuration initializations:
-#
-# ERASECHAR Terminal ERASE character ('\010' = backspace).
-# KILLCHAR Terminal KILL character ('\025' = CTRL/U).
-# UMASK Default "umask" value.
-#
-# The ERASECHAR and KILLCHAR are used only on System V machines.
-#
-# UMASK usage is discouraged because it catches only some classes of user
-# entries to system, in fact only those made through login(1), while setting
-# umask in shell rc file will catch also logins through su, cron, ssh etc.
-#
-# At the same time, using shell rc to set umask won't catch entries which use
-# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
-# user and alike.
-#
-# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
-# as the solution which catches all these cases on PAM-enabled systems.
-#
-# This avoids the confusion created by having the umask set
-# in two different places -- in login.defs and shell rc files (i.e.
-# /etc/profile).
-#
-# For discussion, see #314539 and #248150 as well as the thread starting at
-# http://lists.debian.org/debian-devel/2005/06/msg01598.html
-#
-# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
-#
-ERASECHAR 0177
-KILLCHAR 025
-# 022 is the "historical" value in Debian for UMASK when it was used
-# 027, or even 077, could be considered better for privacy
-# There is no One True Answer here : each sysadmin must make up his/her
-# mind.
-#UMASK 022
-
-#
-# Password aging controls:
-#
-# PASS_MAX_DAYS Maximum number of days a password may be used.
-# PASS_MIN_DAYS Minimum number of days allowed between password changes.
-# PASS_WARN_AGE Number of days warning given before a password expires.
-#
-PASS_MAX_DAYS 99999
-PASS_MIN_DAYS 0
-PASS_WARN_AGE 7
-
-#
-# Min/max values for automatic uid selection in useradd
-#
-UID_MIN 1000
-UID_MAX 60000
-
-#
-# Min/max values for automatic gid selection in groupadd
-#
-GID_MIN 100
-GID_MAX 60000
-
-#
-# Max number of login retries if password is bad. This will most likely be
-# overriden by PAM, since the default pam_unix module has it's own built
-# in of 3 retries. However, this is a safe fallback in case you are using
-# an authentication module that does not enforce PAM_MAXTRIES.
-#
-LOGIN_RETRIES 5
-
-#
-# Max time in seconds for login
-#
-LOGIN_TIMEOUT 60
-
-#
-# Which fields may be changed by regular users using chfn - use
-# any combination of letters "frwh" (full name, room number, work
-# phone, home phone). If not defined, no changes are allowed.
-# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
-#
-CHFN_RESTRICT rwh
-
-#
-# Should login be allowed if we can't cd to the home directory?
-# Default in no.
-#
-DEFAULT_HOME yes
-
-#
-# If defined, this command is run when removing a user.
-# It should remove any at/cron/print jobs etc. owned by
-# the user to be removed (passed as the first argument).
-#
-#USERDEL_CMD /usr/sbin/userdel_local
-
-#
-# This enables userdel to remove user groups if no members exist.
-#
-# Other former uses of this variable such as setting the umask when
-# user==primary group are not used in PAM environments, thus in Debian
-#
-USERGROUPS_ENAB yes
-
-#
-# Instead of the real user shell, the program specified by this parameter
-# will be launched, although its visible name (argv[0]) will be the shell's.
-# The program may do whatever it wants (logging, additional authentification,
-# banner, ...) before running the actual shell.
-#
-# FAKE_SHELL /bin/fakeshell
-
-#
-# If defined, either full pathname of a file containing device names or
-# a ":" delimited list of device names. Root logins will be allowed only
-# upon these devices.
-#
-# This variable is used by login and su.
-#
-#CONSOLE /etc/consoles
-#CONSOLE console:tty01:tty02:tty03:tty04
-
-#
-# List of groups to add to the user's supplementary group set
-# when logging in on the console (as determined by the CONSOLE
-# setting). Default is none.
-#
-# Use with caution - it is possible for users to gain permanent
-# access to these groups, even when not logged in on the console.
-# How to do it is left as an exercise for the reader...
-#
-# This variable is used by login and su.
-#
-#CONSOLE_GROUPS floppy:audio:cdrom
-
-#
-# Only works if compiled with MD5_CRYPT defined:
-# If set to "yes", new passwords will be encrypted using the MD5-based
-# algorithm compatible with the one used by recent releases of FreeBSD.
-# It supports passwords of unlimited length and longer salt strings.
-# Set to "no" if you need to copy encrypted passwords to other systems
-# which don't understand the new algorithm. Default is "no".
-#
-# This variable is used by chpasswd, gpasswd and newusers.
-#
-#MD5_CRYPT_ENAB no
-ENCRYPT_METHOD DES
-#SHA_CRYPT_MIN_ROUNDS 5000
-#SHA_CRYPT_MAX_ROUNDS 5000
-
-################# OBSOLETED BY PAM ##############
-# #
-# These options are now handled by PAM. Please #
-# edit the appropriate file in /etc/pam.d/ to #
-# enable the equivelants of them.
-#
-###############
-
-#MOTD_FILE
-#DIALUPS_CHECK_ENAB
-#LASTLOG_ENAB
-#MAIL_CHECK_ENAB
-#OBSCURE_CHECKS_ENAB
-#PORTTIME_CHECKS_ENAB
-#SU_WHEEL_ONLY
-#CRACKLIB_DICTPATH
-#PASS_CHANGE_TRIES
-#PASS_ALWAYS_WARN
-#ENVIRON_FILE
-#NOLOGINS_FILE
-#ISSUE_FILE
-#PASS_MIN_LEN
-#PASS_MAX_LEN
-#ULIMIT
-#ENV_HZ
-#CHFN_AUTH
-#CHSH_AUTH
-#FAIL_DELAY
-
-################# OBSOLETED #######################
-# #
-# These options are no more handled by shadow. #
-# #
-# Shadow utilities will display a warning if they #
-# still appear. #
-# #
-###################################################
-
-# CLOSE_SESSIONS
-# LOGIN_STRING
-# NO_PASSWORD_CONSOLE
-# QMAIL_DIR
-
-
-
Added: debian/trunk/tests/usertools/chpasswd-PAM/04_chpasswd_no_shadow_entry/config/etc/pam.d/chpasswd
===================================================================
--- debian/trunk/tests/usertools/chpasswd-PAM/04_chpasswd_no_shadow_entry/config/etc/pam.d/chpasswd (rev 0)
+++ debian/trunk/tests/usertools/chpasswd-PAM/04_chpasswd_no_shadow_entry/config/etc/pam.d/chpasswd 2009-05-09 22:20:43 UTC (rev 2886)
@@ -0,0 +1,6 @@
+#
+# The PAM configuration file for the Shadow `chpasswd' service
+#
+
+ at include common-password
+
Added: debian/trunk/tests/usertools/chpasswd-PAM/04_chpasswd_no_shadow_entry/config/etc/pam.d/common-password
===================================================================
--- debian/trunk/tests/usertools/chpasswd-PAM/04_chpasswd_no_shadow_entry/config/etc/pam.d/common-password (rev 0)
+++ debian/trunk/tests/usertools/chpasswd-PAM/04_chpasswd_no_shadow_entry/config/etc/pam.d/common-password 2009-05-09 22:20:43 UTC (rev 2886)
@@ -0,0 +1,33 @@
+#
+# /etc/pam.d/common-password - password-related modules common to all services
+#
+# This file is included from other service-specific PAM config files,
+# and should contain a list of modules that define the services to be
+# used to change user passwords. The default is pam_unix.
+
+# Explanation of pam_unix options:
+#
+# The "md5" option enables MD5 passwords. Without this option, the
+# default is Unix crypt.
+#
+# The "obscure" option replaces the old `OBSCURE_CHECKS_ENAB' option in
+# login.defs.
+#
+# See the pam_unix manpage for other options.
+
+# As of pam 1.0.1-6, this file is managed by pam-auth-update by default.
+# To take advantage of this, it is recommended that you configure any
+# local modules either before or after the default block, and use
+# pam-auth-update to manage selection of other modules. See
+# pam-auth-update(8) for details.
+
+# here are the per-package modules (the "Primary" block)
+password [success=1 default=ignore] pam_unix.so obscure
+# here's the fallback if no module succeeds
+password requisite pam_deny.so
+# prime the stack with a positive return value if there isn't one already;
+# this avoids us returning an error just because nothing sets a success code
+# since the modules above will each just jump around
+password required pam_permit.so
+# and here are more per-package modules (the "Additional" block)
+# end of pam-auth-update config
Added: debian/trunk/tests/usertools/chpasswd-PAM/04_chpasswd_no_shadow_entry/data/chpasswd.err
===================================================================
--- debian/trunk/tests/usertools/chpasswd-PAM/04_chpasswd_no_shadow_entry/data/chpasswd.err (rev 0)
+++ debian/trunk/tests/usertools/chpasswd-PAM/04_chpasswd_no_shadow_entry/data/chpasswd.err 2009-05-09 22:20:43 UTC (rev 2886)
@@ -0,0 +1,3 @@
+chpasswd: (user lp) pam_chauthtok() failed, error:
+Authentication token manipulation error
+chpasswd: (line 2, user lp) password not changed
Modified: debian/trunk/tests/usertools/chpasswd-PAM/05_chpasswd_error_no_password/chpasswd.test
===================================================================
--- debian/trunk/tests/usertools/chpasswd/05_chpasswd_error_no_password/chpasswd.test 2009-04-30 21:53:54 UTC (rev 2853)
+++ debian/trunk/tests/usertools/chpasswd-PAM/05_chpasswd_error_no_password/chpasswd.test 2009-05-09 22:20:43 UTC (rev 2886)
@@ -43,7 +43,7 @@
../../../common/compare_file.pl config/etc/group /etc/group
echo "OK"
echo -n "Check the shadow file..."
-../../../common/compare_file.pl config/etc/shadow /etc/shadow
+../../../common/compare_file.pl data/shadow /etc/shadow
echo "OK"
echo -n "Check the gshadow file..."
../../../common/compare_file.pl config/etc/gshadow /etc/gshadow
Deleted: debian/trunk/tests/usertools/chpasswd-PAM/05_chpasswd_error_no_password/config/etc/login.defs
===================================================================
--- debian/trunk/tests/usertools/chpasswd/05_chpasswd_error_no_password/config/etc/login.defs 2009-04-30 21:53:54 UTC (rev 2853)
+++ debian/trunk/tests/usertools/chpasswd-PAM/05_chpasswd_error_no_password/config/etc/login.defs 2009-05-09 22:20:43 UTC (rev 2886)
@@ -1,318 +0,0 @@
-#
-# /etc/login.defs - Configuration control definitions for the login package.
-#
-# Three items must be defined: MAIL_DIR, ENV_SUPATH, and ENV_PATH.
-# If unspecified, some arbitrary (and possibly incorrect) value will
-# be assumed. All other items are optional - if not specified then
-# the described action or option will be inhibited.
-#
-# Comment lines (lines beginning with "#") and blank lines are ignored.
-#
-# Modified for Linux. --marekm
-
-# REQUIRED for useradd/userdel/usermod
-# Directory where mailboxes reside, _or_ name of file, relative to the
-# home directory. If you _do_ define MAIL_DIR and MAIL_FILE,
-# MAIL_DIR takes precedence.
-#
-# Essentially:
-# - MAIL_DIR defines the location of users mail spool files
-# (for mbox use) by appending the username to MAIL_DIR as defined
-# below.
-# - MAIL_FILE defines the location of the users mail spool files as the
-# fully-qualified filename obtained by prepending the user home
-# directory before $MAIL_FILE
-#
-# NOTE: This is no more used for setting up users MAIL environment variable
-# which is, starting from shadow 4.0.12-1 in Debian, entirely the
-# job of the pam_mail PAM modules
-# See default PAM configuration files provided for
-# login, su, etc.
-#
-# This is a temporary situation: setting these variables will soon
-# move to /etc/default/useradd and the variables will then be
-# no more supported
-MAIL_DIR /var/mail
-#MAIL_FILE .mail
-
-#
-# Enable logging and display of /var/log/faillog login failure info.
-# This option conflicts with the pam_tally PAM module.
-#
-FAILLOG_ENAB yes
-
-#
-# Enable display of unknown usernames when login failures are recorded.
-#
-# WARNING: Unknown usernames may become world readable.
-# See #290803 and #298773 for details about how this could become a security
-# concern
-LOG_UNKFAIL_ENAB no
-
-#
-# Enable logging of successful logins
-#
-LOG_OK_LOGINS no
-
-#
-# Enable "syslog" logging of su activity - in addition to sulog file logging.
-# SYSLOG_SG_ENAB does the same for newgrp and sg.
-#
-SYSLOG_SU_ENAB yes
-SYSLOG_SG_ENAB yes
-
-#
-# If defined, all su activity is logged to this file.
-#
-#SULOG_FILE /var/log/sulog
-
-#
-# If defined, file which maps tty line to TERM environment parameter.
-# Each line of the file is in a format something like "vt100 tty01".
-#
-#TTYTYPE_FILE /etc/ttytype
-
-#
-# If defined, login failures will be logged here in a utmp format
-# last, when invoked as lastb, will read /var/log/btmp, so...
-#
-FTMP_FILE /var/log/btmp
-
-#
-# If defined, the command name to display when running "su -". For
-# example, if this is defined as "su" then a "ps" will display the
-# command is "-su". If not defined, then "ps" would display the
-# name of the shell actually being run, e.g. something like "-sh".
-#
-SU_NAME su
-
-#
-# If defined, file which inhibits all the usual chatter during the login
-# sequence. If a full pathname, then hushed mode will be enabled if the
-# user's name or shell are found in the file. If not a full pathname, then
-# hushed mode will be enabled if the file exists in the user's home directory.
-#
-HUSHLOGIN_FILE .hushlogin
-#HUSHLOGIN_FILE /etc/hushlogins
-
-#
-# *REQUIRED* The default PATH settings, for superuser and normal users.
-#
-# (they are minimal, add the rest in the shell startup files)
-ENV_SUPATH PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
-ENV_PATH PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
-
-#
-# Terminal permissions
-#
-# TTYGROUP Login tty will be assigned this group ownership.
-# TTYPERM Login tty will be set to this permission.
-#
-# If you have a "write" program which is "setgid" to a special group
-# which owns the terminals, define TTYGROUP to the group number and
-# TTYPERM to 0620. Otherwise leave TTYGROUP commented out and assign
-# TTYPERM to either 622 or 600.
-#
-# In Debian /usr/bin/bsd-write or similar programs are setgid tty
-# However, the default and recommended value for TTYPERM is still 0600
-# to not allow anyone to write to anyone else console or terminal
-
-# Users can still allow other people to write them by issuing
-# the "mesg y" command.
-
-TTYGROUP tty
-TTYPERM 0600
-
-#
-# Login configuration initializations:
-#
-# ERASECHAR Terminal ERASE character ('\010' = backspace).
-# KILLCHAR Terminal KILL character ('\025' = CTRL/U).
-# UMASK Default "umask" value.
-#
-# The ERASECHAR and KILLCHAR are used only on System V machines.
-#
-# UMASK usage is discouraged because it catches only some classes of user
-# entries to system, in fact only those made through login(1), while setting
-# umask in shell rc file will catch also logins through su, cron, ssh etc.
-#
-# At the same time, using shell rc to set umask won't catch entries which use
-# non-shell executables in place of login shell, like /usr/sbin/pppd for "ppp"
-# user and alike.
-#
-# Therefore the use of pam_umask is recommended (Debian package libpam-umask)
-# as the solution which catches all these cases on PAM-enabled systems.
-#
-# This avoids the confusion created by having the umask set
-# in two different places -- in login.defs and shell rc files (i.e.
-# /etc/profile).
-#
-# For discussion, see #314539 and #248150 as well as the thread starting at
-# http://lists.debian.org/debian-devel/2005/06/msg01598.html
-#
-# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
-#
-ERASECHAR 0177
-KILLCHAR 025
-# 022 is the "historical" value in Debian for UMASK when it was used
-# 027, or even 077, could be considered better for privacy
-# There is no One True Answer here : each sysadmin must make up his/her
-# mind.
-#UMASK 022
-
-#
-# Password aging controls:
-#
-# PASS_MAX_DAYS Maximum number of days a password may be used.
-# PASS_MIN_DAYS Minimum number of days allowed between password changes.
-# PASS_WARN_AGE Number of days warning given before a password expires.
-#
-PASS_MAX_DAYS 99999
-PASS_MIN_DAYS 0
-PASS_WARN_AGE 7
-
-#
-# Min/max values for automatic uid selection in useradd
-#
-UID_MIN 1000
-UID_MAX 60000
-
-#
-# Min/max values for automatic gid selection in groupadd
-#
-GID_MIN 100
-GID_MAX 60000
-
-#
-# Max number of login retries if password is bad. This will most likely be
-# overriden by PAM, since the default pam_unix module has it's own built
-# in of 3 retries. However, this is a safe fallback in case you are using
-# an authentication module that does not enforce PAM_MAXTRIES.
-#
-LOGIN_RETRIES 5
-
-#
-# Max time in seconds for login
-#
-LOGIN_TIMEOUT 60
-
-#
-# Which fields may be changed by regular users using chfn - use
-# any combination of letters "frwh" (full name, room number, work
-# phone, home phone). If not defined, no changes are allowed.
-# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
-#
-CHFN_RESTRICT rwh
-
-#
-# Should login be allowed if we can't cd to the home directory?
-# Default in no.
-#
-DEFAULT_HOME yes
-
-#
-# If defined, this command is run when removing a user.
-# It should remove any at/cron/print jobs etc. owned by
-# the user to be removed (passed as the first argument).
-#
-#USERDEL_CMD /usr/sbin/userdel_local
-
-#
-# This enables userdel to remove user groups if no members exist.
-#
-# Other former uses of this variable such as setting the umask when
-# user==primary group are not used in PAM environments, thus in Debian
-#
-USERGROUPS_ENAB yes
-
-#
-# Instead of the real user shell, the program specified by this parameter
-# will be launched, although its visible name (argv[0]) will be the shell's.
-# The program may do whatever it wants (logging, additional authentification,
-# banner, ...) before running the actual shell.
-#
-# FAKE_SHELL /bin/fakeshell
-
-#
-# If defined, either full pathname of a file containing device names or
-# a ":" delimited list of device names. Root logins will be allowed only
-# upon these devices.
-#
-# This variable is used by login and su.
-#
-#CONSOLE /etc/consoles
-#CONSOLE console:tty01:tty02:tty03:tty04
-
-#
-# List of groups to add to the user's supplementary group set
-# when logging in on the console (as determined by the CONSOLE
-# setting). Default is none.
-#
-# Use with caution - it is possible for users to gain permanent
-# access to these groups, even when not logged in on the console.
-# How to do it is left as an exercise for the reader...
-#
-# This variable is used by login and su.
-#
-#CONSOLE_GROUPS floppy:audio:cdrom
-
-#
-# Only works if compiled with MD5_CRYPT defined:
-# If set to "yes", new passwords will be encrypted using the MD5-based
-# algorithm compatible with the one used by recent releases of FreeBSD.
-# It supports passwords of unlimited length and longer salt strings.
-# Set to "no" if you need to copy encrypted passwords to other systems
-# which don't understand the new algorithm. Default is "no".
-#
-# This variable is used by chpasswd, gpasswd and newusers.
-#
-#MD5_CRYPT_ENAB no
-ENCRYPT_METHOD DES
-#SHA_CRYPT_MIN_ROUNDS 5000
-#SHA_CRYPT_MAX_ROUNDS 5000
-
-################# OBSOLETED BY PAM ##############
-# #
-# These options are now handled by PAM. Please #
-# edit the appropriate file in /etc/pam.d/ to #
-# enable the equivelants of them.
-#
-###############
-
-#MOTD_FILE
-#DIALUPS_CHECK_ENAB
-#LASTLOG_ENAB
-#MAIL_CHECK_ENAB
-#OBSCURE_CHECKS_ENAB
-#PORTTIME_CHECKS_ENAB
-#SU_WHEEL_ONLY
-#CRACKLIB_DICTPATH
-#PASS_CHANGE_TRIES
-#PASS_ALWAYS_WARN
-#ENVIRON_FILE
-#NOLOGINS_FILE
-#ISSUE_FILE
-#PASS_MIN_LEN
-#PASS_MAX_LEN
-#ULIMIT
-#ENV_HZ
-#CHFN_AUTH
-#CHSH_AUTH
-#FAIL_DELAY
-
-################# OBSOLETED #######################
-# #
-# These options are no more handled by shadow. #
-# #
-# Shadow utilities will display a warning if they #
-# still appear. #
-# #
-###################################################
-
-# CLOSE_SESSIONS
-# LOGIN_STRING
-# NO_PASSWORD_CONSOLE
-# QMAIL_DIR
-
-
-
Added: debian/trunk/tests/usertools/chpasswd-PAM/05_chpasswd_error_no_password/config/etc/pam.d/chpasswd
===================================================================
--- debian/trunk/tests/usertools/chpasswd-PAM/05_chpasswd_error_no_password/config/etc/pam.d/chpasswd (rev 0)
+++ debian/trunk/tests/usertools/chpasswd-PAM/05_chpasswd_error_no_password/config/etc/pam.d/chpasswd 2009-05-09 22:20:43 UTC (rev 2886)
@@ -0,0 +1,6 @@
+#
+# The PAM configuration file for the Shadow `chpasswd' service
+#
+
+ at include common-password
+
Added: debian/trunk/tests/usertools/chpasswd-PAM/05_chpasswd_error_no_password/config/etc/pam.d/common-password
===================================================================
--- debian/trunk/tests/usertools/chpasswd-PAM/05_chpasswd_error_no_password/config/etc/pam.d/common-password (rev 0)
+++ debian/trunk/tests/usertools/chpasswd-PAM/05_chpasswd_error_no_password/config/etc/pam.d/common-password 2009-05-09 22:20:43 UTC (rev 2886)
@@ -0,0 +1,33 @@
+#
+# /etc/pam.d/common-password - password-related modules common to all services
+#
+# This file is included from other service-specific PAM config files,
+# and should contain a list of modules that define the services to be
+# used to change user passwords. The default is pam_unix.
+
+# Explanation of pam_unix options:
+#
+# The "md5" option enables MD5 passwords. Without this option, the
+# default is Unix crypt.
+#
+# The "obscure" option replaces the old `OBSCURE_CHECKS_ENAB' option in
+# login.defs.
+#
+# See the pam_unix manpage for other options.
+
+# As of pam 1.0.1-6, this file is managed by pam-auth-update by default.
+# To take advantage of this, it is recommended that you configure any
+# local modules either before or after the default block, and use
+# pam-auth-update to manage selection of other modules. See
+# pam-auth-update(8) for details.
+
+# here are the per-package modules (the "Primary" block)
+password [success=1 default=ignore] pam_unix.so obscure md5
+# here's the fallback if no module succeeds
+password requisite pam_deny.so
+# prime the stack with a positive return value if there isn't one already;
+# this avoids us returning an error just because nothing sets a success code
+# since the modules above will each just jump around
+password required pam_permit.so
+# and here are more per-package modules (the "Additional" block)
+# end of pam-auth-update config
Modified: debian/trunk/tests/usertools/chpasswd-PAM/05_chpasswd_error_no_password/data/chpasswd.err
===================================================================
--- debian/trunk/tests/usertools/chpasswd/05_chpasswd_error_no_password/data/chpasswd.err 2009-04-30 21:53:54 UTC (rev 2853)
+++ debian/trunk/tests/usertools/chpasswd-PAM/05_chpasswd_error_no_password/data/chpasswd.err 2009-05-09 22:20:43 UTC (rev 2886)
@@ -1,2 +1 @@
chpasswd: line 2: missing new password
-chpasswd: error detected, changes ignored
Added: debian/trunk/tests/usertools/chpasswd-PAM/05_chpasswd_error_no_password/data/shadow
===================================================================
--- debian/trunk/tests/usertools/chpasswd-PAM/05_chpasswd_error_no_password/data/shadow (rev 0)
+++ debian/trunk/tests/usertools/chpasswd-PAM/05_chpasswd_error_no_password/data/shadow 2009-05-09 22:20:43 UTC (rev 2886)
@@ -0,0 +1,19 @@
+root:$1$NBLBLIXb$WUgojj1bNuxWEADQGt1m9.:12991:0:99999:7:::
+daemon:*:12977:0:99999:7:::
+bin:*:12977:0:99999:7:::
+sys:*:12977:0:99999:7:::
+sync:*:12977:0:99999:7:::
+games:*:12977:0:99999:7:::
+man:*:12977:0:99999:7:::
+lp:*:12977:0:99999:7:::
+mail:*:12977:0:99999:7:::
+news:*:12977:0:99999:7:::
+uucp:*:12977:0:99999:7:::
+proxy:*:12977:0:99999:7:::
+www-data:*:12977:0:99999:7:::
+backup:*:12977:0:99999:7:::
+list:*:12977:0:99999:7:::
+irc:*:12977:0:99999:7:::
+gnats:*:12977:0:99999:7:::
+nobody:@PASS_MD5 test@:@TODAY@:0:99999:7:::
+Debian-exim:!:12977:0:99999:7:::
More information about the Pkg-shadow-commits
mailing list