remove automatic pam_mount / pam_script entries

[blast] / modules / smb_nis.mk

diff --git a/modules/smb_nis.mk b/modules/smb_nis.mk
index a940d1de0737ed42dedefcb570cf9ce644b05fe2..320c97ab892a505476eb91923868ce9aab0e63e5 100644 (file)
--- a/modules/smb_nis.mk
+++ b/modules/smb_nis.mk
@@ -14,6 +14,7 @@ export smb_nis_pamscript smb_nis_pammount
 define smb_nis_pamscript :=
 #!/bin/sh
 
+# forced through bash, to hide euid from smbpasswd
 /bin/bash -c '
   printf "%s\n" "$$PAM_OLDAUTHTOK" "$$PAM_AUTHTOK" "$$PAM_AUTHTOK" \
   | smbpasswd -sr ${nis_server} -U "$$PAM_USER"
@@ -42,20 +43,21 @@ _smb_nis: ${CFGROOT}/etc/yp.conf ${CFGROOT}/etc/defaultdomain
 
 _smb_nis: ${CFGROOT}
        sed -Ei 's;^(passwd:|group:|shadow:|gshadow:) *;\1      nis ;' $${CFGROOT}/etc/nsswitch.conf
+       sed -Ei '/pam_(script|mount).so/d' $${CFGROOT}/etc/pam.d/common-*
        printf '\nauth          optional        pam_mount.so\n' >>$${CFGROOT}/etc/pam.d/common-auth
        printf '\nsession       optional        pam_mount.so\n' >>$${CFGROOT}/etc/pam.d/common-session
        printf '\npassword      required        pam_script.so dir=/opt/pam_script\n'  >$${CFGROOT}/etc/pam.d/common-password
 
-${CFGROOT}/opt/pam_script/pam_script_passwd: ${CFGROOT}
+${CFGROOT}/opt/pam_script/pam_script_passwd: ${CFGROOT} .FORCE
        mkdir -p "$(dir $@)"
        printf '%s' "$${smb_nis_pamscript}" >"$@"
 
-${CFGROOT}/etc/security/pam_mount.conf.xml: ${CFGROOT}
+${CFGROOT}/etc/security/pam_mount.conf.xml: ${CFGROOT} .FORCE
        mkdir -p "$(dir $@)"
        printf '%s' "$${smb_nis_pammount}" >"$@"
 
-${CFGROOT}/etc/yp.conf: ${CFGROOT}
+${CFGROOT}/etc/yp.conf: ${CFGROOT} .FORCE
        printf 'ypserver        %s\n' "${nis_server}" >"$@"
 
-${CFGROOT}/etc/defaultdomain: ${CFGROOT}
+${CFGROOT}/etc/defaultdomain: ${CFGROOT} .FORCE
        printf '.%s\n' "${nis_server}" >"$@"