From 6031b8a3224cde14fd1df6e60855310f97942ff9 Mon Sep 17 00:00:00 2001
From: Marius Tomaschewski <mt@suse.com>
Date: Fri, 11 Nov 2022 14:50:12 +0100
Subject: [PATCH] pam: declare root as sufficient frr pam account

https://github.com/FRRouting/frr/pull/11465 enabled account verification,
but the pam config declares rootok as sufficient in authentication only
and not in account verification, what causes warning in the log:

vtysh[3747]: pam_warn(frr:account): function=[pam_sm_acct_mgmt]
             flags=0 service=[frr] terminal=[<unknown>] user=[root]
	     ruser=[<unknown>] rhost=[<unknown>]

Signed-off-by: Marius Tomaschewski <mt@suse.com>
---
 debian/frr.pam | 1 +
 redhat/frr.pam | 1 +
 2 files changed, 2 insertions(+)

diff --git a/debian/frr.pam b/debian/frr.pam
index 2b106d43bc59..737b88953b59 100644
--- a/debian/frr.pam
+++ b/debian/frr.pam
@@ -1,3 +1,4 @@
 # Any user may call vtysh but only those belonging to the group frrvty can
 # actually connect to the socket and use the program.
 auth	sufficient	pam_permit.so
+account	sufficient	pam_rootok.so
diff --git a/redhat/frr.pam b/redhat/frr.pam
index 5cef5d9d746e..17a62f1999c8 100644
--- a/redhat/frr.pam
+++ b/redhat/frr.pam
@@ -5,6 +5,7 @@
 # Only allow root (and possibly wheel) to use this because enable access
 # is unrestricted.
 auth       sufficient   pam_rootok.so
+account    sufficient   pam_rootok.so
 
 # Uncomment the following line to implicitly trust users in the "wheel" group.
 #auth       sufficient   pam_wheel.so trust use_uid