From 7348fa57c7ada42820773f8c8b6f06f7181169ee Mon Sep 17 00:00:00 2001
From: Mikle Kolyada <zlogene@gentoo.org>
Date: Wed, 10 Jun 2020 14:32:46 +0300
Subject: New release

- disable cracklib in favor of passwdqc
- disable tally{,2} in favor of faillock

Signed-off-by: Mikle Kolyada <zlogene@gentoo.org>
---
 Makefile        | 4 ----
 basic-conf      | 4 ++--
 linux-pam-conf  | 7 +------
 system-auth.in  | 3 ---
 system-login.in | 8 ++++----
 5 files changed, 7 insertions(+), 19 deletions(-)

diff --git a/Makefile b/Makefile
index 9afc842..f7e7653 100644
--- a/Makefile
+++ b/Makefile
@@ -11,10 +11,6 @@ GIT=git
 
 PAMFLAGS = -include linux-pam-conf -include basic-conf -DLINUX_PAM_VERSION=$(LINUX_PAM_VERSION)
 
-ifeq "$(CRACKLIB)" "yes"
-PAMFLAGS += -DHAVE_CRACKLIB=1
-endif
-
 ifeq "$(PASSWDQC)" "yes"
 PAMFLAGS += -DHAVE_PASSWDQC=1
 endif
diff --git a/basic-conf b/basic-conf
index 5ab72c0..7b1bf00 100644
--- a/basic-conf
+++ b/basic-conf
@@ -1,8 +1,8 @@
-// Only use_authtok (authentication token) when using cracklib or some other module
+// Only use_authtok (authentication token) when using passwdqc or some other module
 // that checks for passwords, or pam_krb5
 #define AUTHTOK use_authtok
 
-#if HAVE_CRACKLIB || HAVE_PASSWDQC
+#if HAVE_PASSWDQC
 # define PASSWORD_STRENGTH 1
 #endif
 
diff --git a/linux-pam-conf b/linux-pam-conf
index ecd5697..962b2eb 100644
--- a/linux-pam-conf
+++ b/linux-pam-conf
@@ -12,12 +12,7 @@
 # define HAVE_MOTD			1
 # define HAVE_MAIL			1
 # define HAVE_LASTLOG                   1
-
-# if LINUX_PAM_VERSION > 0x010100 /* 1.1.0 */
-#  define TALLY_MODULE pam_tally2.so
-# else
-#  define TALLY_MODULE pam_tally.so
-# endif
+# define HAVE_FAILLOCK			1
 
 #endif
 
diff --git a/system-auth.in b/system-auth.in
index e65e4c2..dbb6971 100644
--- a/system-auth.in
+++ b/system-auth.in
@@ -18,9 +18,6 @@ account		required	pam_unix.so DEBUG
 /* This is needed to make sure that the Kerberos skip-on-success won't cause a bad jump. */
 account		optional	pam_permit.so
 
-#if HAVE_CRACKLIB
-password	required	pam_cracklib.so difok=2 minlen=8 dcredit=2 ocredit=2 retry=3 DEBUG
-#endif
 #if HAVE_PASSWDQC
 password	required	pam_passwdqc.so min=8,8,8,8,8 retry=3
 #endif
diff --git a/system-login.in b/system-login.in
index f159f10..d93d926 100644
--- a/system-login.in
+++ b/system-login.in
@@ -1,5 +1,5 @@
-#if defined(TALLY_MODULE)
-auth		required	TALLY_MODULE onerr=succeed
+#if HAVE_FAILLOCK
+auth		required	pam_faillock.so dir=/var/log deny=3
 #endif
 #if HAVE_SHELLS
 auth		required	pam_shells.so DEBUG
@@ -19,8 +19,8 @@ account		required	pam_login_access.so
 account		required	pam_nologin.so DEBUG_NOLOGIN
 #endif
 account		include		system-auth
-#if defined(TALLY_MODULE)
-account		required	TALLY_MODULE onerr=succeed DEBUG
+#if HAVE_FAILLOCK
+account		required	pam_faillock.so dir=/var/log deny=3
 #endif
 
 password	include		system-auth
-- 
cgit v1.2.3-65-gdbad