From e68c4f053905de7bc965667d57c330d080441cad Mon Sep 17 00:00:00 2001
From: Donatas Abraitis <donatas@opensourcerouting.org>
Date: Tue, 16 Jan 2024 21:14:30 +0200
Subject: packaging: Just permit anything if PAM is enabled

With a current pam_rootok.so, it works only with `root` account. If the user
is under `frrvty`, `frr` group, it gets the error:

```
% groups | grep -o -E "frrvty|frr"
frrvty
frr

% vtysh -c 'end'
vtysh_pam: Failed in account validation: Permission denied(6)
```

Checking the logs:

```
vtysh[23930]: pam_rootok(frr:account): root check failed
```

Signed-off-by: Donatas Abraitis <donatas@opensourcerouting.org>
---
 debian/frr.pam | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'debian')

diff --git a/debian/frr.pam b/debian/frr.pam
index 737b88953b..1077243a12 100644
--- a/debian/frr.pam
+++ b/debian/frr.pam
@@ -1,4 +1,4 @@
 # Any user may call vtysh but only those belonging to the group frrvty can
 # actually connect to the socket and use the program.
 auth	sufficient	pam_permit.so
-account	sufficient	pam_rootok.so
+account	sufficient	pam_permit.so
-- 
cgit v1.2.3