[b4b71892] | 1 | <?xml version="1.0" encoding="ISO-8859-1"?>
|
---|
[6732c094] | 2 | <!DOCTYPE sect1 PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
|
---|
| 3 | "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
|
---|
[b4b71892] | 4 | <!ENTITY % general-entities SYSTEM "../../general.ent">
|
---|
| 5 | %general-entities;
|
---|
| 6 |
|
---|
[7eaa8018] | 7 | <!ENTITY linux-pam-download-http "https://github.com/linux-pam/linux-pam/releases/download/v&linux-pam-version;/Linux-PAM-&linux-pam-version;.tar.xz">
|
---|
[1ae6204] | 8 | <!ENTITY linux-pam-download-ftp " ">
|
---|
[7eaa8018] | 9 | <!ENTITY linux-pam-md5sum "558ff53b0fc0563ca97f79e911822165">
|
---|
| 10 | <!ENTITY linux-pam-size "892 MB">
|
---|
| 11 | <!ENTITY linux-pam-buildsize "26 MB (with tests)">
|
---|
| 12 | <!ENTITY linux-pam-time "0.3 SBU (with tests)">
|
---|
| 13 |
|
---|
[c246bfab] | 14 | <!ENTITY linux-pam-docs-download "https://github.com/linux-pam/linux-pam/releases/download/v&linux-pam-version;/Linux-PAM-&linux-pam-docs-version;-docs.tar.xz">
|
---|
[7eaa8018] | 15 | <!ENTITY linux-pam-docs-md5sum "1885fae049acd1b699a5459d7c4a0130">
|
---|
| 16 | <!ENTITY linux-pam-docs-size "449 KB">
|
---|
| 17 | <!--
|
---|
[1ae6204] | 18 | <!ENTITY debian-pam-docs "http://debian.securedservers.com/kernel/pub/linux/libs/pam">
|
---|
[7eaa8018] | 19 | -->
|
---|
[b4b71892] | 20 | ]>
|
---|
| 21 |
|
---|
[6603f8b] | 22 | <sect1 id="linux-pam" xreflabel="Linux-PAM-&linux-pam-version;">
|
---|
| 23 | <?dbhtml filename="linux-pam.html"?>
|
---|
[c7eb655] | 24 |
|
---|
| 25 | <sect1info>
|
---|
| 26 | <othername>$LastChangedBy$</othername>
|
---|
| 27 | <date>$Date$</date>
|
---|
| 28 | </sect1info>
|
---|
| 29 |
|
---|
[6603f8b] | 30 | <title>Linux-PAM-&linux-pam-version;</title>
|
---|
[c7eb655] | 31 |
|
---|
[6603f8b] | 32 | <indexterm zone="linux-pam">
|
---|
| 33 | <primary sortas="a-Linux-PAM">Linux-PAM</primary>
|
---|
[c7eb655] | 34 | </indexterm>
|
---|
| 35 |
|
---|
| 36 | <sect2 role="package">
|
---|
[db248d06] | 37 | <title>Introduction to Linux PAM</title>
|
---|
[c7eb655] | 38 |
|
---|
[db248d06] | 39 | <para>
|
---|
| 40 | The <application>Linux PAM</application> package contains
|
---|
| 41 | Pluggable Authentication Modules used to enable the local
|
---|
| 42 | system administrator to choose how applications authenticate
|
---|
| 43 | users.
|
---|
| 44 | </para>
|
---|
[c7eb655] | 45 |
|
---|
[38489aa0] | 46 | &lfs84_checked;
|
---|
[f4797d2] | 47 |
|
---|
[c7eb655] | 48 | <bridgehead renderas="sect3">Package Information</bridgehead>
|
---|
| 49 | <itemizedlist spacing="compact">
|
---|
| 50 | <listitem>
|
---|
[db248d06] | 51 | <para>
|
---|
| 52 | Download (HTTP): <ulink url="&linux-pam-download-http;"/>
|
---|
| 53 | </para>
|
---|
[c7eb655] | 54 | </listitem>
|
---|
| 55 | <listitem>
|
---|
[db248d06] | 56 | <para>
|
---|
| 57 | Download (FTP): <ulink url="&linux-pam-download-ftp;"/>
|
---|
| 58 | </para>
|
---|
[c7eb655] | 59 | </listitem>
|
---|
| 60 | <listitem>
|
---|
[db248d06] | 61 | <para>
|
---|
| 62 | Download MD5 sum: &linux-pam-md5sum;
|
---|
| 63 | </para>
|
---|
[c7eb655] | 64 | </listitem>
|
---|
| 65 | <listitem>
|
---|
[db248d06] | 66 | <para>
|
---|
| 67 | Download size: &linux-pam-size;
|
---|
| 68 | </para>
|
---|
[c7eb655] | 69 | </listitem>
|
---|
| 70 | <listitem>
|
---|
[db248d06] | 71 | <para>
|
---|
| 72 | Estimated disk space required: &linux-pam-buildsize;
|
---|
| 73 | </para>
|
---|
[c7eb655] | 74 | </listitem>
|
---|
| 75 | <listitem>
|
---|
[db248d06] | 76 | <para>
|
---|
| 77 | Estimated build time: &linux-pam-time;
|
---|
| 78 | </para>
|
---|
[c7eb655] | 79 | </listitem>
|
---|
| 80 | </itemizedlist>
|
---|
| 81 |
|
---|
| 82 | <bridgehead renderas="sect3">Additional Downloads</bridgehead>
|
---|
[db248d06] | 83 | <itemizedlist spacing="compact">
|
---|
[07f0c976] | 84 | <title>Optional Documentation</title>
|
---|
[c7eb655] | 85 | <listitem>
|
---|
[db248d06] | 86 | <para>
|
---|
| 87 | Download (HTTP): <ulink url="&linux-pam-docs-download;"/>
|
---|
| 88 | </para>
|
---|
[903f671] | 89 | </listitem>
|
---|
| 90 | <listitem>
|
---|
[db248d06] | 91 | <para>
|
---|
| 92 | Download MD5 sum: &linux-pam-docs-md5sum;
|
---|
| 93 | </para>
|
---|
[903f671] | 94 | </listitem>
|
---|
| 95 | <listitem>
|
---|
[db248d06] | 96 | <para>
|
---|
| 97 | Download size &linux-pam-docs-size;
|
---|
| 98 | </para>
|
---|
[6576f3e] | 99 | </listitem>
|
---|
| 100 | </itemizedlist>
|
---|
| 101 |
|
---|
[db248d06] | 102 | <bridgehead renderas="sect3">Linux PAM Dependencies</bridgehead>
|
---|
[c7eb655] | 103 |
|
---|
| 104 | <bridgehead renderas="sect4">Optional</bridgehead>
|
---|
[db248d06] | 105 | <para role="optional">
|
---|
| 106 | <xref linkend="db"/>,
|
---|
| 107 | <xref linkend="cracklib"/>,
|
---|
| 108 | <xref linkend="libtirpc"/> and
|
---|
[18f18c2] | 109 | <ulink url="http://www.prelude-siem.org">Prelude</ulink>
|
---|
[db248d06] | 110 | </para>
|
---|
| 111 |
|
---|
| 112 | <bridgehead renderas="sect4">Optional (To Rebuild the Documentation)</bridgehead>
|
---|
| 113 | <para role="optional">
|
---|
| 114 | <xref linkend="DocBook"/>,
|
---|
| 115 | <xref linkend="docbook-xsl"/>,
|
---|
| 116 | <xref linkend="fop"/>,
|
---|
[5ffb9f5] | 117 | <xref linkend="libxslt"/> and either
|
---|
[1eac9eb] | 118 | <xref linkend="lynx"/> or
|
---|
| 119 | <ulink url="&w3m-url;">W3m</ulink>
|
---|
[db248d06] | 120 | </para>
|
---|
[c7eb655] | 121 |
|
---|
[3597eb6] | 122 | <para condition="html" role="usernotes">User Notes:
|
---|
[db248d06] | 123 | <ulink url="&blfs-wiki;/linux-pam"/>
|
---|
| 124 | </para>
|
---|
[c7eb655] | 125 | </sect2>
|
---|
| 126 |
|
---|
| 127 | <sect2 role="installation">
|
---|
[db248d06] | 128 | <title>Installation of Linux PAM</title>
|
---|
[c7eb655] | 129 |
|
---|
[db248d06] | 130 | <para>
|
---|
| 131 | If you downloaded the documentation, unpack the tarball by issuing
|
---|
| 132 | the following command.
|
---|
| 133 | </para>
|
---|
[903f671] | 134 |
|
---|
[f330e62] | 135 | <screen><userinput>tar -xf ../Linux-PAM-&linux-pam-docs-version;-docs.tar.xz --strip-components=1</userinput></screen>
|
---|
[ccb8b2d] | 136 |
|
---|
[1eac9eb] | 137 | <para>
|
---|
| 138 | If you instead want to regenerate the documentation, fix the
|
---|
| 139 | <command>configure</command> script so that it detects lynx if installed:
|
---|
| 140 | </para>
|
---|
| 141 |
|
---|
| 142 | <screen><userinput>sed -e 's/dummy links/dummy lynx/' \
|
---|
| 143 | -e 's/-no-numbering -no-references/-force-html -nonumbers -stdin/' \
|
---|
| 144 | -i configure</userinput></screen>
|
---|
| 145 |
|
---|
[db248d06] | 146 | <para>
|
---|
| 147 | Install <application>Linux PAM</application> by
|
---|
| 148 | running the following commands:
|
---|
| 149 | </para>
|
---|
[c7eb655] | 150 |
|
---|
[5ffb9f5] | 151 | <screen><userinput>./configure --prefix=/usr \
|
---|
| 152 | --sysconfdir=/etc \
|
---|
| 153 | --libdir=/usr/lib \
|
---|
[5ae7a99] | 154 | --enable-securedir=/lib/security \
|
---|
[7cadfea] | 155 | --docdir=/usr/share/doc/Linux-PAM-&linux-pam-version; &&
|
---|
[c7eb655] | 156 | make</userinput></screen>
|
---|
[17fb537e] | 157 |
|
---|
[db248d06] | 158 | <para>
|
---|
[5c6a906] | 159 | To test the results, a suitable <filename>/etc/pam.d/other</filename>
|
---|
| 160 | configuration file must exist.
|
---|
| 161 | </para>
|
---|
| 162 |
|
---|
| 163 | <caution>
|
---|
| 164 | <title>Reinstallation or upgrade of Linux PAM</title>
|
---|
| 165 | <para>
|
---|
| 166 | If you have a system with Linux PAM installed and working, be careful
|
---|
| 167 | when modifying the files in
|
---|
| 168 | <filename class="directory">/etc/pam.d</filename>, since your system
|
---|
| 169 | may become totally unusable. If you want to run the tests, you do not
|
---|
| 170 | need to create another <filename>/etc/pam.d/other</filename> file. The
|
---|
| 171 | installed one can be used for that purpose.
|
---|
| 172 | </para>
|
---|
| 173 |
|
---|
| 174 | <para>
|
---|
| 175 | You should also be aware that <command>make install</command>
|
---|
| 176 | overwrites the configuration files in
|
---|
| 177 | <filename class="directory">/etc/security</filename> as well as
|
---|
[af5d034] | 178 | <filename>/etc/environment</filename>. In case you
|
---|
[7f92f72] | 179 | have modified those files, be sure to back them up.
|
---|
[5c6a906] | 180 | </para>
|
---|
| 181 | </caution>
|
---|
| 182 |
|
---|
| 183 | <para>
|
---|
| 184 | For a first installation, create the configuration file by issuing the
|
---|
| 185 | following commands as the <systemitem class="username">root</systemitem>
|
---|
| 186 | user:
|
---|
[db248d06] | 187 | </para>
|
---|
[903f671] | 188 |
|
---|
| 189 | <screen role="root"><userinput>install -v -m755 -d /etc/pam.d &&
|
---|
[c03a8bd] | 190 |
|
---|
[903f671] | 191 | cat > /etc/pam.d/other << "EOF"
|
---|
| 192 | auth required pam_deny.so
|
---|
| 193 | account required pam_deny.so
|
---|
| 194 | password required pam_deny.so
|
---|
| 195 | session required pam_deny.so
|
---|
| 196 | EOF</userinput></screen>
|
---|
[1ad238d8] | 197 |
|
---|
[db248d06] | 198 | <para>
|
---|
| 199 | Now run the tests by issuing <command>make check</command>.
|
---|
[5c6a906] | 200 | Ensure there are no errors produced by the tests before continuing the
|
---|
[f3429309] | 201 | installation. Note that the checks are quite long. It may be useful to
|
---|
[faee06a] | 202 | redirect the output to a log file in order to inspect it thoroughly.
|
---|
[db248d06] | 203 | </para>
|
---|
[903f671] | 204 |
|
---|
[db248d06] | 205 | <para>
|
---|
[5c6a906] | 206 | Only in case of a first installation, remove the configuration file
|
---|
| 207 | created earlier by issuing the following command as the
|
---|
[db248d06] | 208 | <systemitem class="username">root</systemitem> user:
|
---|
| 209 | </para>
|
---|
[903f671] | 210 |
|
---|
[74f20a1] | 211 | <screen role="root"><userinput>rm -fv /etc/pam.d/*</userinput></screen>
|
---|
[f691f2b] | 212 |
|
---|
[db248d06] | 213 | <para>
|
---|
| 214 | Now, as the <systemitem class="username">root</systemitem>
|
---|
| 215 | user:
|
---|
| 216 | </para>
|
---|
[17fb537e] | 217 |
|
---|
[c7eb655] | 218 | <screen role="root"><userinput>make install &&
|
---|
[5ae7a99] | 219 | chmod -v 4755 /sbin/unix_chkpwd &&
|
---|
| 220 |
|
---|
| 221 | for file in pam pam_misc pamc
|
---|
| 222 | do
|
---|
| 223 | mv -v /usr/lib/lib${file}.so.* /lib &&
|
---|
| 224 | ln -sfv ../../lib/$(readlink /usr/lib/lib${file}.so) /usr/lib/lib${file}.so
|
---|
| 225 | done</userinput></screen>
|
---|
| 226 |
|
---|
[c7eb655] | 227 | </sect2>
|
---|
[b4b71892] | 228 |
|
---|
[c7eb655] | 229 | <sect2 role="commands">
|
---|
| 230 | <title>Command Explanations</title>
|
---|
[b4b71892] | 231 |
|
---|
[db248d06] | 232 | <para>
|
---|
[5ae7a99] | 233 | <parameter>--enable-securedir=/lib/security</parameter>:
|
---|
| 234 | This switch sets install location for the
|
---|
| 235 | <application>PAM</application> modules.
|
---|
| 236 | </para>
|
---|
| 237 |
|
---|
[5ffb9f5] | 238 | <para>
|
---|
[1eac9eb] | 239 | <option>--disable-regenerate-docu</option> : If the needed dependencies
|
---|
| 240 | (<xref linkend="DocBook"/>, <xref linkend="docbook-xsl"/>, <xref
|
---|
| 241 | linkend="libxslt"/>, and <xref linkend="lynx"/> or <ulink
|
---|
| 242 | url="&w3m-url;">W3m</ulink>) are installed, the manual pages, and the
|
---|
| 243 | html and text documentations are (re)generated and installed.
|
---|
| 244 | Furthermore, if <xref linkend="fop"/> is installed, the PDF
|
---|
| 245 | documentation is generated and installed. Use this switch if you do not
|
---|
| 246 | want to rebuild the documentation.
|
---|
[5ffb9f5] | 247 | </para>
|
---|
| 248 |
|
---|
[db248d06] | 249 | <para>
|
---|
[30004ce9] | 250 | <command>chmod -v 4755 /sbin/unix_chkpwd</command>:
|
---|
[db248d06] | 251 | The <command>unix_chkpwd</command> helper program must be setuid
|
---|
| 252 | so that non-<systemitem class="username">root</systemitem>
|
---|
| 253 | processes can access the shadow file.
|
---|
| 254 | </para>
|
---|
| 255 |
|
---|
[c7eb655] | 256 | </sect2>
|
---|
[b4b71892] | 257 |
|
---|
[c7eb655] | 258 | <sect2 role="configuration">
|
---|
| 259 | <title>Configuring Linux-PAM</title>
|
---|
[b4b71892] | 260 |
|
---|
[c7eb655] | 261 | <sect3 id="pam-config">
|
---|
| 262 | <title>Config Files</title>
|
---|
[b4b71892] | 263 |
|
---|
[db248d06] | 264 | <para>
|
---|
| 265 | <filename>/etc/security/*</filename> and
|
---|
| 266 | <filename>/etc/pam.d/*</filename>
|
---|
| 267 | </para>
|
---|
[b4b71892] | 268 |
|
---|
[6603f8b] | 269 | <indexterm zone="linux-pam pam-config">
|
---|
[c7eb655] | 270 | <primary sortas="e-etc-security">/etc/security/*</primary>
|
---|
| 271 | </indexterm>
|
---|
[b4b71892] | 272 |
|
---|
[6603f8b] | 273 | <indexterm zone="linux-pam pam-config">
|
---|
[c7eb655] | 274 | <primary sortas="e-etc-pam.d">/etc/pam.d/*</primary>
|
---|
| 275 | </indexterm>
|
---|
| 276 |
|
---|
| 277 | </sect3>
|
---|
| 278 |
|
---|
| 279 | <sect3>
|
---|
| 280 | <title>Configuration Information</title>
|
---|
| 281 |
|
---|
[db248d06] | 282 | <para>
|
---|
| 283 | Configuration information is placed in
|
---|
| 284 | <filename class="directory">/etc/pam.d/</filename>.
|
---|
| 285 | Below is an example file:
|
---|
| 286 | </para>
|
---|
[c7eb655] | 287 |
|
---|
| 288 | <screen><literal># Begin /etc/pam.d/other
|
---|
[b4b71892] | 289 |
|
---|
| 290 | auth required pam_unix.so nullok
|
---|
| 291 | account required pam_unix.so
|
---|
| 292 | session required pam_unix.so
|
---|
| 293 | password required pam_unix.so nullok
|
---|
| 294 |
|
---|
[db248d06] | 295 | # End /etc/pam.d/other</literal></screen>
|
---|
[b4b71892] | 296 |
|
---|
[78b5501] | 297 | <para>Now set up some generic files. As root:</para>
|
---|
| 298 |
|
---|
[2ec7beca] | 299 | <screen role="root"><userinput>install -vdm755 /etc/pam.d &&
|
---|
| 300 | cat > /etc/pam.d/system-account << "EOF" &&
|
---|
[78b5501] | 301 | <literal># Begin /etc/pam.d/system-account
|
---|
| 302 |
|
---|
| 303 | account required pam_unix.so
|
---|
| 304 |
|
---|
| 305 | # End /etc/pam.d/system-account</literal>
|
---|
| 306 | EOF
|
---|
| 307 |
|
---|
[2ec7beca] | 308 | cat > /etc/pam.d/system-auth << "EOF" &&
|
---|
[78b5501] | 309 | <literal># Begin /etc/pam.d/system-auth
|
---|
| 310 |
|
---|
| 311 | auth required pam_unix.so
|
---|
| 312 |
|
---|
| 313 | # End /etc/pam.d/system-auth</literal>
|
---|
| 314 | EOF
|
---|
| 315 |
|
---|
| 316 | cat > /etc/pam.d/system-session << "EOF"
|
---|
| 317 | <literal># Begin /etc/pam.d/system-session
|
---|
| 318 |
|
---|
| 319 | session required pam_unix.so
|
---|
| 320 |
|
---|
| 321 | # End /etc/pam.d/system-session</literal>
|
---|
| 322 | EOF</userinput></screen>
|
---|
| 323 |
|
---|
[45db70f] | 324 | <para>The remaining generic file depends on whether <xref linkend="cracklib"/>
|
---|
[78b5501] | 325 | is installed. If it is installed, use:</para>
|
---|
| 326 |
|
---|
| 327 | <screen role="root"><userinput>cat > /etc/pam.d/system-password << "EOF"
|
---|
| 328 | <literal># Begin /etc/pam.d/system-password
|
---|
| 329 |
|
---|
| 330 | # check new passwords for strength (man pam_cracklib)
|
---|
[62066a54] | 331 | password required pam_cracklib.so authtok_type=UNIX retry=1 difok=5 \
|
---|
| 332 | minlen=9 dcredit=1 ucredit=1 \
|
---|
| 333 | lcredit=1 ocredit=1 minclass=0 \
|
---|
[a5660ad] | 334 | maxrepeat=0 maxsequence=0 \
|
---|
[62066a54] | 335 | maxclassrepeat=0 \
|
---|
| 336 | dictpath=/lib/cracklib/pw_dict
|
---|
[78b5501] | 337 | # use sha512 hash for encryption, use shadow, and use the
|
---|
| 338 | # authentication token (chosen password) set by pam_cracklib
|
---|
| 339 | # above (or any previous modules)
|
---|
[62066a54] | 340 | password required pam_unix.so sha512 shadow use_authtok
|
---|
[78b5501] | 341 |
|
---|
| 342 | # End /etc/pam.d/system-password</literal>
|
---|
| 343 | EOF</userinput></screen>
|
---|
[f3429309] | 344 |
|
---|
[78b5501] | 345 | <note>
|
---|
| 346 | <para>
|
---|
| 347 | In its default configuration, pam_cracklib will
|
---|
| 348 | allow multiple case passwords as short as 6 characters, even with
|
---|
| 349 | the <parameter>minlen</parameter> value set to 11. You should review
|
---|
| 350 | the pam_cracklib(8) man page and determine if these default values
|
---|
| 351 | are acceptable for the security of your system.
|
---|
| 352 | </para>
|
---|
| 353 | </note>
|
---|
| 354 |
|
---|
[f3429309] | 355 | <para>If <xref linkend="cracklib"/> is <emphasis>NOT</emphasis> installed,
|
---|
[78b5501] | 356 | use:</para>
|
---|
| 357 |
|
---|
| 358 | <screen role="root"><userinput>cat > /etc/pam.d/system-password << "EOF"
|
---|
| 359 | <literal># Begin /etc/pam.d/system-password
|
---|
| 360 |
|
---|
| 361 | # use sha512 hash for encryption, use shadow, and try to use any previously
|
---|
| 362 | # defined authentication token (chosen password) set by any prior module
|
---|
| 363 | password required pam_unix.so sha512 shadow try_first_pass
|
---|
| 364 |
|
---|
| 365 | # End /etc/pam.d/system-password</literal>
|
---|
[74f20a1] | 366 | EOF</userinput></screen>
|
---|
[f3429309] | 367 |
|
---|
[74f20a1] | 368 | <para>Now add a restrictive <filename>/etc/pam.d/other</filename>
|
---|
| 369 | configuration file. With this file, programs that are PAM aware will not
|
---|
| 370 | run unless a configuration file specifically for that application is
|
---|
| 371 | created.</para>
|
---|
| 372 |
|
---|
| 373 | <screen role="root"><userinput>cat > /etc/pam.d/other << "EOF"
|
---|
| 374 | <literal># Begin /etc/pam.d/other
|
---|
| 375 |
|
---|
| 376 | auth required pam_warn.so
|
---|
| 377 | auth required pam_deny.so
|
---|
| 378 | account required pam_warn.so
|
---|
| 379 | account required pam_deny.so
|
---|
| 380 | password required pam_warn.so
|
---|
| 381 | password required pam_deny.so
|
---|
| 382 | session required pam_warn.so
|
---|
| 383 | session required pam_deny.so
|
---|
| 384 |
|
---|
| 385 | # End /etc/pam.d/other</literal>
|
---|
[78b5501] | 386 | EOF</userinput></screen>
|
---|
| 387 |
|
---|
[db248d06] | 388 | <para>
|
---|
| 389 | The <application>PAM</application> man page (<command>man
|
---|
| 390 | pam</command>) provides a good starting point for descriptions
|
---|
| 391 | of fields and allowable entries. The <ulink
|
---|
[f22f1ef3] | 392 | url="http://www.linux-pam.org/Linux-PAM-html/Linux-PAM_SAG.html">Linux-PAM
|
---|
[db248d06] | 393 | System Administrators' Guide</ulink> is recommended for additional
|
---|
| 394 | information.
|
---|
| 395 | </para>
|
---|
[7eaa8018] | 396 | <!-- No longer there
|
---|
[db248d06] | 397 | <para>
|
---|
| 398 | Refer to <ulink url="&debian-pam-docs;/modules.html"/> for a list
|
---|
| 399 | of various third-party modules available.
|
---|
| 400 | </para>
|
---|
[7eaa8018] | 401 | -->
|
---|
[ccb8b2d] | 402 | <important>
|
---|
[db248d06] | 403 | <para>
|
---|
| 404 | You should now reinstall the <xref linkend="shadow"/>
|
---|
[f586237] | 405 | <phrase revision="sysv">package.</phrase>
|
---|
| 406 | <phrase revision="systemd"> and <xref linkend="systemd"/>
|
---|
| 407 | packages.</phrase>
|
---|
[db248d06] | 408 | </para>
|
---|
[ccb8b2d] | 409 | </important>
|
---|
[db248d06] | 410 |
|
---|
[c7eb655] | 411 | </sect3>
|
---|
[db248d06] | 412 |
|
---|
[c7eb655] | 413 | </sect2>
|
---|
| 414 |
|
---|
| 415 | <sect2 role="content">
|
---|
| 416 | <title>Contents</title>
|
---|
| 417 |
|
---|
| 418 | <segmentedlist>
|
---|
[ccb8b2d] | 419 | <segtitle>Installed Program</segtitle>
|
---|
[c7eb655] | 420 | <segtitle>Installed Libraries</segtitle>
|
---|
| 421 | <segtitle>Installed Directories</segtitle>
|
---|
| 422 |
|
---|
| 423 | <seglistitem>
|
---|
[db248d06] | 424 | <seg>
|
---|
| 425 | mkhomedir_helper, pam_tally, pam_tally2,
|
---|
| 426 | pam_timestamp_check, unix_chkpwd and
|
---|
| 427 | unix_update
|
---|
| 428 | </seg>
|
---|
| 429 | <seg>
|
---|
| 430 | libpam.so, libpamc.so and libpam_misc.so
|
---|
| 431 | </seg>
|
---|
| 432 | <seg>
|
---|
| 433 | /etc/security,
|
---|
| 434 | /lib/security,
|
---|
| 435 | /usr/include/security and
|
---|
| 436 | /usr/share/doc/Linux-PAM-&linux-pam-version;
|
---|
| 437 | </seg>
|
---|
[c7eb655] | 438 | </seglistitem>
|
---|
| 439 | </segmentedlist>
|
---|
| 440 |
|
---|
| 441 | <variablelist>
|
---|
| 442 | <bridgehead renderas="sect3">Short Descriptions</bridgehead>
|
---|
| 443 | <?dbfo list-presentation="list"?>
|
---|
| 444 | <?dbhtml list-presentation="table"?>
|
---|
| 445 |
|
---|
[db248d06] | 446 | <varlistentry id="mkhomedir_helper">
|
---|
| 447 | <term><command>mkhomedir_helper</command></term>
|
---|
| 448 | <listitem>
|
---|
| 449 | <para>
|
---|
| 450 | is a helper binary that creates home directories.
|
---|
| 451 | </para>
|
---|
| 452 | <indexterm zone="linux-pam mkhomedir_helper">
|
---|
| 453 | <primary sortas="b-mkhomedir_helper">mkhomedir_helper</primary>
|
---|
| 454 | </indexterm>
|
---|
| 455 | </listitem>
|
---|
| 456 | </varlistentry>
|
---|
| 457 |
|
---|
[c7eb655] | 458 | <varlistentry id="pam_tally">
|
---|
| 459 | <term><command>pam_tally</command></term>
|
---|
| 460 | <listitem>
|
---|
[db248d06] | 461 | <para>
|
---|
| 462 | is used to interrogate and manipulate the login counter file.
|
---|
| 463 | </para>
|
---|
[6603f8b] | 464 | <indexterm zone="linux-pam pam_tally">
|
---|
[c7eb655] | 465 | <primary sortas="b-pam_tally">pam_tally</primary>
|
---|
| 466 | </indexterm>
|
---|
| 467 | </listitem>
|
---|
| 468 | </varlistentry>
|
---|
| 469 |
|
---|
[db248d06] | 470 | <varlistentry id="pam_tally2">
|
---|
| 471 | <term><command>pam_tally2</command></term>
|
---|
| 472 | <listitem>
|
---|
| 473 | <para>
|
---|
| 474 | is used to interrogate and manipulate the login counter file, but
|
---|
| 475 | does not have some limitations that <command>pam_tally</command>
|
---|
| 476 | does.
|
---|
| 477 | </para>
|
---|
| 478 | <indexterm zone="linux-pam pam_tally2">
|
---|
| 479 | <primary sortas="b-pam_tally2">pam_tally2</primary>
|
---|
| 480 | </indexterm>
|
---|
| 481 | </listitem>
|
---|
| 482 | </varlistentry>
|
---|
| 483 |
|
---|
| 484 | <varlistentry id="pam_timestamp_check">
|
---|
| 485 | <term><command>pam_timestamp_check</command></term>
|
---|
| 486 | <listitem>
|
---|
| 487 | <para>
|
---|
| 488 | is used to check if the default timestamp is valid
|
---|
| 489 | </para>
|
---|
| 490 | <indexterm zone="linux-pam pam_timestamp_check">
|
---|
| 491 | <primary sortas="b-pam_timestamp_check">pam_timestamp_check</primary>
|
---|
| 492 | </indexterm>
|
---|
| 493 | </listitem>
|
---|
| 494 | </varlistentry>
|
---|
| 495 |
|
---|
| 496 | <varlistentry id="unix_chkpwd">
|
---|
| 497 | <term><command>unix_chkpwd</command></term>
|
---|
| 498 | <listitem>
|
---|
| 499 | <para>
|
---|
| 500 | is a helper binary that verifies the password of the current user.
|
---|
| 501 | </para>
|
---|
| 502 | <indexterm zone="linux-pam unix_chkpwd">
|
---|
| 503 | <primary sortas="b-unix_chkpwd">unix_chkpwd</primary>
|
---|
| 504 | </indexterm>
|
---|
| 505 | </listitem>
|
---|
| 506 | </varlistentry>
|
---|
| 507 |
|
---|
| 508 | <varlistentry id="unix_update">
|
---|
| 509 | <term><command>unix_update</command></term>
|
---|
| 510 | <listitem>
|
---|
| 511 | <para>
|
---|
| 512 | is a helper binary that updates the password of a given user.
|
---|
| 513 | </para>
|
---|
| 514 | <indexterm zone="linux-pam unix_update">
|
---|
| 515 | <primary sortas="b-unix_update">unix_update</primary>
|
---|
| 516 | </indexterm>
|
---|
| 517 | </listitem>
|
---|
| 518 | </varlistentry>
|
---|
| 519 |
|
---|
[c7eb655] | 520 | <varlistentry id="libpam">
|
---|
[db248d06] | 521 | <term><filename class="libraryfile">libpam.so</filename></term>
|
---|
[c7eb655] | 522 | <listitem>
|
---|
[db248d06] | 523 | <para>
|
---|
| 524 | provides the interfaces between applications and the
|
---|
| 525 | PAM modules.
|
---|
| 526 | </para>
|
---|
[6603f8b] | 527 | <indexterm zone="linux-pam libpam">
|
---|
[db248d06] | 528 | <primary sortas="c-libpam">libpam.so</primary>
|
---|
[c7eb655] | 529 | </indexterm>
|
---|
| 530 | </listitem>
|
---|
| 531 | </varlistentry>
|
---|
[db248d06] | 532 |
|
---|
[c7eb655] | 533 | </variablelist>
|
---|
[db248d06] | 534 |
|
---|
[c7eb655] | 535 | </sect2>
|
---|
[db248d06] | 536 |
|
---|
[3c52f859] | 537 | </sect1>
|
---|