Enable pam-ipmi modules in pam password stack

Enabled pam-ipmicheck & pam-ipmisave modules in
pam password stacked modules. This modules will
store 'ipmi' group users password in encrypted
form in /etc/ipmi_pass file along with /etc/shadow.
This special file will be used by phosphor-ipmi-net
during RAKP messages.
This will not affect users who doesn't belong to
'ipmi' group.

(From meta-phosphor rev: 945a28a80ea24c59441ce511aff95092121dfc78)

Change-Id: I1b9e2c78c1e0b8a0f8da2a28c6d89638c45f692d
Signed-off-by: Richard Marian Thomaiyar <richard.marian.thomaiyar@linux.intel.com>
Signed-off-by: Brad Bishop <bradleyb@fuzziesquirrel.com>

1 files changed, 4 insertions, 2 deletions

diff --git a/meta-phosphor/recipes-core/pam/libpam/pam.d/common-password b/meta-phosphor/recipes-core/pam/libpam/pam.d/common-password
index ddd7ca1d7..ac3f368c8 100644
--- a/meta-phosphor/recipes-core/pam/libpam/pam.d/common-password
+++ b/meta-phosphor/recipes-core/pam/libpam/pam.d/common-password
@@ -16,9 +16,11 @@
 # See the pam_unix manpage for other options.
 
 # here are the per-package modules (the "Primary" block)
-password	[success=ok default=die]	pam_cracklib.so debug enforce_for_root reject_username minlen=8 difok=0
+password	[success=ok default=die]	pam_ipmicheck.so spec_grp_name=ipmi
+password	[success=ok default=die]	pam_cracklib.so debug enforce_for_root reject_username minlen=8 difok=0 use_authtok
 #password	[success=ok ignore=ignore default=die]	pam_pwhistory.so debug enforce_for_root remember=0 use_authtok
-password	[success=1 default=die] 	pam_unix.so sha512 use_authtok
+password	[success=ok default=die]	pam_unix.so sha512 use_authtok
+password	[success=1 default=die] 	pam_ipmisave.so spec_grp_name=ipmi spec_pass_file=/etc/ipmi_pass key_file=/etc/key_file
 # here's the fallback if no module succeeds
 password	requisite			pam_deny.so
 # prime the stack with a positive return value if there isn't one already;