pam-config: add pam_deny module for password

pam_deny module is required for password, or it always fail when
changing password for sysadmin in the first login:
login[49221]: err PAM bad jump in stack
login[49221]: err Permission denied

Issue-ID: INF-200
Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
Change-Id: I56776b7d02851833e8a330bca129c08baf73c82e

diff --git a/meta-stx/recipes-core/stx-config-files/config-files_1.0.0.bb b/meta-stx/recipes-core/stx-config-files/config-files_1.0.0.bb
index e8f0b93..82d1092 100644 (file)
--- a/meta-stx/recipes-core/stx-config-files/config-files_1.0.0.bb
+++ b/meta-stx/recipes-core/stx-config-files/config-files_1.0.0.bb
@@ -580,6 +580,9 @@ pkg_postinst_ontarget_pam-config() {
        
        cp -f ${datadir}/starlingx/stx.system-auth ${sysconfdir}/pam.d/system-auth
        cp -f ${datadir}/starlingx/sshd.pam    ${sysconfdir}/pam.d/sshd
+
+       sed -i -e '/password .*pam_ldap.so/,/session .*revoke/ s/^$/password required pam_deny.so\n/g' \
+               ${sysconfdir}/pam.d/system-auth
 }
 
 pkg_postinst_ontarget_rabbitmq-server-config() {