Fixes#1295
This change is necessary to support sudo 1.8.23+ which came with the following
major change:
- PAM account management modules and BSD auth approval modules are now run even
when no password is required.
Signed-off-by: Joseph Nuthalapati <njoseph@thoughtworks.com>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- Install mod_auth_pubtkt and generate public/private key-pair.
- Redirect user to login page if no cookie is presented.
- Add check for authenticated user for login page.
- Temporarily switched to DSA because of a bug in mod_auth_pubtkt
which causes it to accept only DSA and not RSA. Also had to use SHA1
instead of SHA256.
- Enabled SSO for Syncthing, Repro and TT-RSS.
- Using tokens to authorize by user groups.
- Generate keys during first boot.
- Do stricter matches when editing configuration file. Earlier
mechanism would match comments etc.
- Move action methods to module core from views.
- During first boot, notify users that console login is restricted and
that they can changed that from security settings.
- Recommend enabling conosle login restrictions. Add message about why
console restrictions are important.
- Show title in security module.
