linux-from-scratch/glfs
1
0
Fork 0
mirror of https://github.com/Zeckmathederg/glfs.git synced 2025-01-24 06:52:14 +08:00
Code Issues Actions Packages Projects Releases Wiki Activity

Updated to Linux-PAM-1.0.3

Browse Source 
git-svn-id: svn://svn.linuxfromscratch.org/BLFS/trunk/BOOK@7764 af4574ff-66df-0310-9fd7-8a98e5e911e0
This commit is contained in:
Randy McMurchy 2009-02-15 17:59:51 +00:00
parent 71475136b6
commit 903f671f26
3 changed files with 67 additions and 59 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
general.ent
View File

@ -3,7 +3,7 @@ $LastChangedBy$
$Date$
-->
<!ENTITY day "13"> <!-- Always 2 digits -->
<!ENTITY day "15"> <!-- Always 2 digits -->
<!ENTITY month "02"> <!-- Always 2 digits -->
<!ENTITY year "2009">
<!ENTITY copyrightdate "2001-&year;">
@ -62,7 +62,7 @@ $Date$
<!ENTITY openssl-version "0.9.8j">
<!ENTITY gnutls-version "1.6.3">
<!ENTITY cracklib-version "2.8.13">
<!ENTITY linux-pam-version "0.99.10.0">
<!ENTITY linux-pam-version "1.0.3">
<!ENTITY shadow-version "4.0.18.1">
<!ENTITY iptables-version "1.3.8">
<!ENTITY gnupg-version "1.4.9">

9
introduction/welcome/changelog.xml
View File

@ -41,6 +41,15 @@
-->
<listitem>
<para>February 15th, 2009</para>
<itemizedlist>
<listitem>
<para>[randy] - Updated to Linux-PAM-1.0.3.</para>
</listitem>
</itemizedlist>
</listitem>
<listitem>
<para>February 13th, 2009</para>
<itemizedlist>

113
postlfs/security/linux-pam.xml
View File

@ -4,13 +4,16 @@
<!ENTITY % general-entities SYSTEM "../../general.ent">
%general-entities;
<!ENTITY linux-pam-download-http "http://www.kernel.org/pub/linux/libs/pam/pre/library/Linux-PAM-&linux-pam-version;.tar.bz2">
<!ENTITY linux-pam-download-ftp "ftp://ftp.kernel.org/pub/linux/libs/pam/pre/library/Linux-PAM-&linux-pam-version;.tar.bz2">
<!ENTITY linux-pam-md5sum "be4dd1d34ac5933408e13e48f3eb710a">
<!ENTITY linux-pam-size "911 kB">
<!ENTITY linux-pam-buildsize "23 MB">
<!ENTITY linux-pam-download-http "http://www.kernel.org/pub/linux/libs/pam/library/Linux-PAM-&linux-pam-version;.tar.bz2">
<!ENTITY linux-pam-download-ftp "ftp://ftp.kernel.org/pub/linux/libs/pam/library/Linux-PAM-&linux-pam-version;.tar.bz2">
<!ENTITY linux-pam-md5sum "7cc8653cb31717dbb1380bde980c9fdf">
<!ENTITY linux-pam-size "1.0 MB">
<!ENTITY linux-pam-buildsize "19 MB (includes installing the optional documentation)">
<!ENTITY linux-pam-time "0.6 SBU">
<!ENTITY linux-pam-docs-download "&sources-anduin-http;/l/Linux-PAM-&linux-pam-version;-docs.tar.bz2">
<!ENTITY linux-pam-docs-download "http://www.kernel.org/pub/linux/libs/pam/documentation/Linux-PAM-&linux-pam-version;-docs.tar.bz2">
<!ENTITY linux-pam-docs-md5sum "119bffcb3e99e1d6d53a4d992584c03d">
<!ENTITY linux-pam-docs-size "714 KB">
]>
<sect1 id="linux-pam" xreflabel="Linux-PAM-&linux-pam-version;">
@ -60,15 +63,21 @@
<bridgehead renderas="sect3">Additional Downloads</bridgehead>
<itemizedlist spacing='compact'>
<listitem>
<para>Optional documentation:
<ulink url="&linux-pam-docs-download;"/></para>
<para>Optional documentation: <ulink url="&linux-pam-docs-download;"/></para>
</listitem>
<listitem>
<para>Download MD5sum: &linux-pam-docs-md5sum;</para>
</listitem>
<listitem>
<para>Download size &linux-pam-docs-size;</para>
</listitem>
</itemizedlist>
<bridgehead renderas="sect3">Linux-PAM Dependencies</bridgehead>
<bridgehead renderas="sect4">Optional</bridgehead>
<para role="optional"><xref linkend="cracklib"/>, and
<para role="optional"><xref linkend="cracklib"/>,
<xref linkend="x-window-system"/>, and
<!-- <xref linkend="db"/> (for the pam_userdb module), -->
<ulink url="http://www.prelude-ids.org/">Prelude</ulink></para>
@ -87,38 +96,41 @@
<sect2 role="installation">
<title>Installation of Linux-PAM</title>
<para>If you downloaded the documentation, unpack the tarball from the
same top-level directory you unpacked the source tarball from. The files
will unpack into the correct directories of the source tree.</para>
<para>If you downloaded the documentation, unpack the tarball by issuing
the following command.</para>
<screen><userinput>tar xf ../Linux-PAM-&linux-pam-version;.tar.bz2 --strip-components=1</userinput></screen>
<para>Install <application>Linux-PAM</application> by
running the following commands:</para>
<screen><userinput>./configure --libdir=/lib \
--sbindir=/lib/security \
--enable-securedir=/lib/security \
<screen><userinput>./configure --sbindir=/lib/security \
--docdir=/usr/share/doc/Linux-PAM-&linux-pam-version; \
--enable-read-both-confs \
--with-xauth=/usr/X11R6/bin/xauth &amp;&amp;
--enable-read-both-confs &amp;&amp;
make</userinput></screen>
<!-- <para>To test the results, issue <command>make check</command>.</para> -->
<para>To test the results, a configuration file must be created. This file
will be removed after the tests have completed. Ensure there are no errors
produced by the tests before continuing the installation. First create the
configuration file by issuing the following commands as the
<systemitem class="username">root</systemitem> user:</para>
<para>The test suite will not provide meaningful results until the package
has been installed and minimally configured. If, after installing the
package and creating a minimum configuration as shown below in the 'other'
example, you wish to run the tests, issue
<command>make check</command>.</para>
<screen role="root"><userinput>install -v -m755 -d /etc/pam.d &amp;&amp;
<!-- <tip>
<para>Don't delete the <application>Linux-PAM</application> source tree
until after you reinstall the <application>Shadow</application> package.
The reinstallation of the Shadow package includes much more stringent
security for the PAM configuration, and you can run the
<application>Linux-PAM</application> test suite after completing the
<application>Shadow</application> instructions to test the new setup. All
the tests should pass.</para>
</tip> -->
cat &gt; /etc/pam.d/other &lt;&lt; "EOF"
auth required pam_deny.so
account required pam_deny.so
password required pam_deny.so
session required pam_deny.so
EOF</userinput></screen>
<para>Now run the tests by issuing <command>make check</command>.</para>
<para>Remove the configuration file created earlier by issuing the
following command as the
<systemitem class="username">root</systemitem> user:</para>
<screen role="root"><userinput>rm -rfv /etc/pam.d</userinput></screen>
<para>Now, as the <systemitem class="username">root</systemitem> user:</para>
@ -137,34 +149,17 @@ if [ -L /lib/libpam.so ]; then
done
fi</userinput></screen>
<!-- <para>If you downloaded the documentation, install it using the following
command:</para>
<screen role="root"><userinput>for DOCTYPE in html pdf ps txts
do
cp -v -R doc/$DOCTYPE /usr/share/doc/Linux-PAM-&linux-pam-version;
done</userinput></screen> -->
</sect2>
<sect2 role="commands">
<title>Command Explanations</title>
<para><parameter>--libdir=/lib</parameter>: This parameter results in
the libraries being installed in
<filename class='directory'>/lib</filename> as they may be required in
single-user mode.</para>
<para><parameter>--sbindir=/lib/security</parameter>: This parameter
results in two executables, one of which is not intended to be run from the
command line, being installed in the same directory as the PAM modules.
results in three executables, two of which are not intended to be run from
the command line, being installed in the same directory as the PAM modules.
The other executable is later moved to the
<filename class='directory'>/sbin</filename> directory.</para>
<para><parameter>--enable-securedir=/lib/security</parameter>: This
parameter results in the PAM modules being installed in
<filename class='directory'>/lib/security</filename>.</para>
<para><parameter>--docdir=...</parameter>: This parameter results in
the documentation being installed in a versioned directory name.</para>
@ -172,11 +167,13 @@ done</userinput></screen> -->
allows the local administrator to choose which configuration file setup to
use.</para>
<para><parameter>--with-xauth=/usr/X11R6/bin/xauth</parameter>: This
<!-- This appears unnecessary as the xauth module is created even if X
has not yet been installed.
<para><parameter>-with-xauth=/usr/X11R6/bin/xauth</parameter>: This
parameter forces the build of the pam_xauth module, even if xauth is not
yet installed. Omit this switch if you have no plans to build
<application>Xorg</application>, or modify the path if you intend to
install <application>Xorg</application> into a non-standard path.</para>
install <application>Xorg</application> into a non-standard path.</para> -->
<para><command>chmod -v 4755 /lib/security/unix_chkpwd</command>:
The <command>unix_chkpwd</command> password-helper program must be setuid
@ -265,7 +262,7 @@ other password required pam_unix.so nullok
<para>Refer to <ulink
url="http://www.kernel.org/pub/linux/libs/pam/modules.html"/>
for a list of various modules available.</para>
for a list of various third-party modules available.</para>
<important>
<para>You should now reinstall the <xref linkend="shadow"/>
@ -286,9 +283,11 @@ other password required pam_unix.so nullok
<seglistitem>
<seg>pam_tally</seg>
<seg>libpam.{so,a}, libpamc.{so,a}, and libpam_misc.{so,a}</seg>
<seg>/etc/pam.d, /etc/security, /lib/security and
/usr/include/security</seg>
<seg>libpam.{so,a}, libpamc.{so,a}, libpam_misc.{so,a} and
numerous PAM modules</seg>
<seg>/etc/pam.d, /etc/security, /lib/security,
/usr/include/security, /usr/share/doc/Linux-PAM-&linux-pam-version;
and /var/run/sepermit</seg>
</seglistitem>
</segmentedlist>