#!/bin/sh
#
# Copyright (c) 2018-2019 AT&T Intellectual Property.
# Copyright (c) 2014-2017 Brocade Communications Systems, Inc.
# 
# SPDX-License-Identifier: GPL-2.0-only
#
# postinst script for vyatta-debian-pam-configs-config
#
# see: dh_installdeb(1)

set -e

# summary of how this script can be called:
#        * <postinst> `configure' <most-recently-configured-version>
#        * <old-postinst> `abort-upgrade' <new version>
#        * <conflictor's-postinst> `abort-remove' `in-favour' <package>
#          <new-version>
#        * <postinst> `abort-remove'
#        * <deconfigured's-postinst> `abort-deconfigure' `in-favour'
#          <failed-install-package> <version> `removing'
#          <conflicting-package> <version>
# for details, see http://www.debian.org/doc/debian-policy/ or
# the debian-policy package

sysconfdir=/opt/vyatta/etc

case "$1" in
    configure)
	# Fix up PAM configuration for login so that invalid users are prompted
	# for password
	sed -i --follow-symlinks 's/requisite[ \t][ \t]*pam_securetty.so/required pam_securetty.so/' $rootfsdir/etc/pam.d/login

	# Allow non-root users to use passwd command
	if grep -q 'pam_succeed_if.so' /etc/pam.d/passwd ; then
	    sed -i -e '/pam_succeed_if.so/d' /etc/pam.d/passwd
	fi
    ;;

    abort-upgrade|abort-remove|abort-deconfigure)
    ;;

    *)
        echo "postinst called with unknown argument \`$1'" >&2
        exit 1
    ;;
esac

# dh_installdeb will replace this with shell code automatically
# generated by other debhelper scripts.

#DEBHELPER#

exit 0
