pam: declare root as sufficient frr pam account

https://github.com/FRRouting/frr/pull/11465 enabled account verification, but the pam config declares rootok as sufficient in authentication only and not in account verification, what causes warning in the log: vtysh[3747]: pam_warn(frr:account): function=[pam_sm_acct_mgmt] flags=0 service=[frr] terminal=[<unknown>] user=[root] ruser=[<unknown>] rhost=[<unknown>] Signed-off-by: Marius Tomaschewski <mt@suse.com>
author: Marius Tomaschewski <mt@suse.com> 2022-11-11 14:50:12 +0100
committer: Marius Tomaschewski <mt@suse.com> 2022-11-11 15:55:09 +0100
commit: 6031b8a3224cde14fd1df6e60855310f97942ff9 (patch)
tree: ae959e51c037f5ee6d9497bec04ffb0c498a9586
parent: 744de7c695729a3fb640f08626dc61cab00a2f9c (diff)
2 files changed, 2 insertions, 0 deletions
diff --git a/debian/frr.pam b/debian/frr.pam
index 2b106d43bc..737b88953b 100644
--- a/debian/frr.pam
+++ b/debian/frr.pam
@@ -1,3 +1,4 @@
 # Any user may call vtysh but only those belonging to the group frrvty can
 # actually connect to the socket and use the program.
 auth	sufficient	pam_permit.so
+account	sufficient	pam_rootok.so
diff --git a/redhat/frr.pam b/redhat/frr.pam
index 5cef5d9d74..17a62f1999 100644
--- a/redhat/frr.pam
+++ b/redhat/frr.pam
@@ -5,6 +5,7 @@
 # Only allow root (and possibly wheel) to use this because enable access
 # is unrestricted.
 auth       sufficient   pam_rootok.so
+account    sufficient   pam_rootok.so
 
 # Uncomment the following line to implicitly trust users in the "wheel" group.
 #auth       sufficient   pam_wheel.so trust use_uid
author	Marius Tomaschewski <mt@suse.com>	2022-11-11 14:50:12 +0100
committer	Marius Tomaschewski <mt@suse.com>	2022-11-11 15:55:09 +0100
commit	6031b8a3224cde14fd1df6e60855310f97942ff9 (patch)
tree	ae959e51c037f5ee6d9497bec04ffb0c498a9586
parent	744de7c695729a3fb640f08626dc61cab00a2f9c (diff)