2004-06-10 13:47:11 +08:00
|
|
|
<?xml version="1.0" encoding="ISO-8859-1"?>
|
|
|
|
|
<!DOCTYPE sect1 PUBLIC "-//OASIS//DTD DocBook XML V4.3//EN"
|
|
|
|
|
"http://www.oasis-open.org/docbook/xml/4.3/docbookx.dtd" [
|
|
|
|
|
<!ENTITY % general-entities SYSTEM "../../general.ent">
|
|
|
|
|
%general-entities;
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<!ENTITY Linux_PAM-download-http "http://www.kernel.org/pub/linux/libs/pam/pre/library/Linux-PAM-&Linux_PAM-version;.tar.bz2">
|
|
|
|
|
<!ENTITY Linux_PAM-download-ftp "ftp://ftp.kernel.org/pub/linux/libs/pam/pre/library/Linux-PAM-&Linux_PAM-version;.tar.bz2">
|
|
|
|
|
<!ENTITY Linux_PAM-size "332 KB">
|
|
|
|
|
<!ENTITY Linux_PAM-buildsize "4.1 MB">
|
|
|
|
|
<!ENTITY Linux_PAM-time "0.07 SBU">
|
|
|
|
|
]>
|
|
|
|
|
|
2003-09-23 00:23:23 +08:00
|
|
|
<sect1 id="Linux_PAM" xreflabel="Linux-PAM-&Linux_PAM-version;">
|
2004-05-07 04:30:53 +08:00
|
|
|
<?dbhtml filename="linux_pam.html"?>
|
2003-09-23 00:23:23 +08:00
|
|
|
<title>Linux-PAM-&Linux_PAM-version;</title>
|
2002-09-23 00:01:27 +08:00
|
|
|
|
2004-06-10 13:47:11 +08:00
|
|
|
<sect2>
|
|
|
|
|
<title>Introduction to <application>Linux-<acronym>PAM</acronym></application>
|
|
|
|
|
</title>
|
|
|
|
|
|
|
|
|
|
<para>The <application>Linux-<acronym>PAM</acronym></application> package
|
|
|
|
|
contains Pluggable Authentication Modules. This is useful to enable the local
|
|
|
|
|
system administrator to choose how applications authenticate users.</para>
|
|
|
|
|
|
|
|
|
|
<sect3><title>Package information</title>
|
|
|
|
|
<itemizedlist spacing='compact'>
|
|
|
|
|
<listitem><para>Download (HTTP): <ulink
|
|
|
|
|
url="&Linux_PAM-download-http;"/></para></listitem>
|
|
|
|
|
<listitem><para>Download (FTP): <ulink
|
|
|
|
|
url="&Linux_PAM-download-ftp;"/></para></listitem>
|
|
|
|
|
<listitem><para>Download size: &Linux_PAM-size;</para></listitem>
|
|
|
|
|
<listitem><para>Estimated Disk space required:
|
|
|
|
|
&Linux_PAM-buildsize;</para></listitem>
|
|
|
|
|
<listitem><para>Estimated build time:
|
|
|
|
|
&Linux_PAM-time;</para></listitem></itemizedlist>
|
|
|
|
|
</sect3>
|
|
|
|
|
|
|
|
|
|
<sect3><title>Additional download</title>
|
|
|
|
|
<itemizedlist spacing='compact'>
|
|
|
|
|
<listitem><para>Required patch:
|
|
|
|
|
<ulink url="&patch-root;/Linux-PAM-0.77-linkage-3.patch"/></para></listitem></itemizedlist>
|
|
|
|
|
</sect3>
|
|
|
|
|
|
|
|
|
|
<sect3><title><application>Linux-<acronym>PAM</acronym></application> dependencies</title>
|
|
|
|
|
<sect4><title>Optional</title>
|
|
|
|
|
<para><xref linkend="cracklib"/></para></sect4>
|
|
|
|
|
</sect3>
|
|
|
|
|
|
|
|
|
|
</sect2>
|
|
|
|
|
|
|
|
|
|
<sect2>
|
|
|
|
|
<title>Installation of <application>Linux-<acronym>PAM</acronym></application>
|
|
|
|
|
</title>
|
|
|
|
|
|
|
|
|
|
<para>Install <application>Linux-<acronym>PAM</acronym></application> by
|
|
|
|
|
running the following commands:</para>
|
|
|
|
|
|
|
|
|
|
<screen><userinput><command>patch -Np1 -i ../Linux-PAM-0.77-linkage-3.patch &&
|
|
|
|
|
autoconf &&
|
|
|
|
|
./configure --enable-static-libpam --with-mailspool=/var/mail \
|
|
|
|
|
--enable-read-both-confs --sysconfdir=/etc &&
|
|
|
|
|
make &&
|
|
|
|
|
make install &&
|
|
|
|
|
mv /lib/libpam.a /lib/libpam_misc.a /lib/libpamc.a /usr/lib &&
|
|
|
|
|
ln -sf ../../lib/libpam.so.&Linux_PAM-version; /usr/lib/libpam.so &&
|
|
|
|
|
ln -sf ../../lib/libpam_misc.so.&Linux_PAM-version; /usr/lib/libpam_misc.so &&
|
|
|
|
|
ln -sf ../../lib/libpamc.so.&Linux_PAM-version; /usr/lib/libpamc.so</command></userinput></screen>
|
|
|
|
|
|
|
|
|
|
</sect2>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<sect2>
|
|
|
|
|
<title>Command explanations</title>
|
|
|
|
|
|
2004-06-19 13:44:00 +08:00
|
|
|
<para><command>autoconf</command>: This is necessary because the patch
|
|
|
|
|
changes where <acronym>PAM</acronym> looks for the cracklib libraries,
|
|
|
|
|
requiring regeneration of the configure script.</para>
|
2004-06-10 13:47:11 +08:00
|
|
|
|
|
|
|
|
<para><option>--enable-static-libpam</option>: This switch builds
|
|
|
|
|
static <acronym>PAM</acronym> libraries as well as the dynamic libraries.</para>
|
|
|
|
|
|
|
|
|
|
<para><parameter>--with-mailspool=/var/mail</parameter>: This switch makes
|
|
|
|
|
the mailspool directory <acronym>FHS</acronym> compliant.</para>
|
|
|
|
|
|
|
|
|
|
<para><option>--enable-read-both-confs</option>: This switch lets the local
|
|
|
|
|
administrator choose which configuration file setup to use.</para>
|
|
|
|
|
|
|
|
|
|
<para><command>mv /lib/libpam.a /lib/libpam_misc.a /lib/libpamc.a
|
|
|
|
|
/usr/lib</command>: This command moves the static libraries to
|
2004-06-19 13:44:00 +08:00
|
|
|
<filename>/usr/lib</filename> to comply with <acronym>FHS</acronym>
|
|
|
|
|
guidelines.</para>
|
2004-06-10 13:47:11 +08:00
|
|
|
|
|
|
|
|
</sect2>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<sect2>
|
|
|
|
|
<title>Configuring <application>Linux-<acronym>PAM</acronym></application>
|
|
|
|
|
</title>
|
|
|
|
|
|
|
|
|
|
<sect3><title>Config files</title>
|
|
|
|
|
<para><filename>/etc/pam.d</filename> or <filename>/etc/pam.conf</filename>
|
|
|
|
|
</para></sect3>
|
|
|
|
|
|
|
|
|
|
<sect3><title>Configuration Information</title>
|
|
|
|
|
|
|
|
|
|
<para>Configuration information is placed in <filename>/etc/pam.d</filename> or
|
|
|
|
|
<filename>/etc/pam.conf</filename> depending on user preference. Below are
|
|
|
|
|
example files of each type:</para>
|
|
|
|
|
|
|
|
|
|
<screen># Begin /etc/pam.d/other
|
|
|
|
|
|
|
|
|
|
auth required pam_unix.so nullok
|
|
|
|
|
account required pam_unix.so
|
|
|
|
|
session required pam_unix.so
|
|
|
|
|
password required pam_unix.so nullok
|
|
|
|
|
|
|
|
|
|
# End /etc/pam.d/other
|
|
|
|
|
|
|
|
|
|
# Begin /etc/pam.conf
|
|
|
|
|
|
|
|
|
|
other auth required pam_unix.so nullok
|
|
|
|
|
other account required pam_unix.so
|
|
|
|
|
other session required pam_unix.so
|
|
|
|
|
other password required pam_unix.so nullok
|
|
|
|
|
|
|
|
|
|
# End /etc/pam.conf</screen>
|
|
|
|
|
|
|
|
|
|
<para>The <application><acronym>PAM</acronym></application> man page
|
|
|
|
|
(<command>man pam</command>) provides a good starting point for descriptions
|
|
|
|
|
of fields and allowable entries. The
|
|
|
|
|
<ulink url="http://www.kernel.org/pub/linux/libs/pam/Linux-PAM-html/pam.html">
|
|
|
|
|
Linux-PAM guide for system administrators</ulink>
|
|
|
|
|
is recommended for further reading.</para>
|
|
|
|
|
|
|
|
|
|
<para>Refer to <ulink url="http://www.kernel.org/pub/linux/libs/pam/modules.html"/>
|
|
|
|
|
for a list of various modules available.</para>
|
|
|
|
|
|
|
|
|
|
</sect3>
|
|
|
|
|
|
|
|
|
|
</sect2>
|
|
|
|
|
|
|
|
|
|
<sect2>
|
|
|
|
|
<title>Contents</title>
|
|
|
|
|
|
|
|
|
|
<para>The <application>Linux-<acronym>PAM</acronym></application> package
|
|
|
|
|
contains <command>unix-chkpwd</command> and <filename
|
|
|
|
|
class="libraryfile">libpam</filename>
|
|
|
|
|
libraries.</para>
|
|
|
|
|
|
|
|
|
|
</sect2>
|
|
|
|
|
|
|
|
|
|
<sect2><title>Description</title>
|
|
|
|
|
|
|
|
|
|
<sect3><title>unix-chkpwd</title>
|
2004-06-19 13:44:00 +08:00
|
|
|
<para><command>unix-chkpwd</command> checks user passwords that are stored
|
|
|
|
|
in read protected databases.</para></sect3>
|
2004-06-10 13:47:11 +08:00
|
|
|
|
|
|
|
|
<sect3><title>libpam libraries</title>
|
|
|
|
|
<para><filename class="libraryfile">libpam</filename> libraries provide the interfaces between
|
|
|
|
|
applications and the modules included with <acronym>PAM</acronym>.</para></sect3>
|
|
|
|
|
|
|
|
|
|
</sect2>
|
|
|
|
|
|
2002-09-23 00:01:27 +08:00
|
|
|
|
|
|
|
|
</sect1>
|
|
|
|
|
|
