source: postlfs/security/linux-pam.xml@ 2605bb1

10.0 10.1 11.0 11.1 11.2 11.3 12.0 12.1 12.2 7.10 7.4 7.5 7.6 7.6-blfs 7.6-systemd 7.7 7.8 7.9 8.0 8.1 8.2 8.3 8.4 9.0 9.1 basic bdubbs/svn elogind gimp3 gnome kde5-13430 kde5-14269 kde5-14686 kea ken/TL2024 ken/inkscape-core-mods ken/tuningfonts krejzi/svn lazarus lxqt nosym perl-modules plabs/newcss plabs/python-mods python3.11 qt5new rahul/power-profiles-daemon renodr/vulkan-addition systemd-11177 systemd-13485 trunk upgradedb xry111/for-12.3 xry111/intltool xry111/llvm18 xry111/soup3 xry111/spidermonkey128 xry111/test-20220226 xry111/xf86-video-removal
Last change on this file since 2605bb1 was 2605bb1, checked in by Andrew Benton <andy@…>, 13 years ago

postfix-2.9.1

git-svn-id: svn://svn.linuxfromscratch.org/BLFS/trunk/BOOK@9624 af4574ff-66df-0310-9fd7-8a98e5e911e0

  • Property mode set to 100644
File size: 10.8 KB
Line 
1<?xml version="1.0" encoding="ISO-8859-1"?>
2<!DOCTYPE sect1 PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
3 "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
4 <!ENTITY % general-entities SYSTEM "../../general.ent">
5 %general-entities;
6
7 <!ENTITY linux-pam-download-http "https://fedorahosted.org/releases/l/i/linux-pam/Linux-PAM-&linux-pam-version;.tar.bz2">
8 <!ENTITY linux-pam-download-ftp " ">
9 <!ENTITY linux-pam-md5sum "927ee5585bdec5256c75117e9348aa47">
10 <!ENTITY linux-pam-size "1.1 MB">
11 <!ENTITY linux-pam-buildsize "28 MB (includes installing the optional documentation)">
12 <!ENTITY linux-pam-time "0.3 SBU">
13
14 <!ENTITY linux-pam-docs-download "https://fedorahosted.org/releases/l/i/linux-pam/Linux-PAM-&linux-pam-version;-docs.tar.bz2">
15 <!ENTITY linux-pam-docs-md5sum "987e14ddce375ec7ddd2b91fbc2bd46d">
16 <!ENTITY linux-pam-docs-size "487 KB">
17 <!ENTITY debian-pam-docs "http://debian.securedservers.com/kernel/pub/linux/libs/pam">
18]>
19
20<sect1 id="linux-pam" xreflabel="Linux-PAM-&linux-pam-version;">
21 <?dbhtml filename="linux-pam.html"?>
22
23 <sect1info>
24 <othername>$LastChangedBy$</othername>
25 <date>$Date$</date>
26 </sect1info>
27
28 <title>Linux-PAM-&linux-pam-version;</title>
29
30 <indexterm zone="linux-pam">
31 <primary sortas="a-Linux-PAM">Linux-PAM</primary>
32 </indexterm>
33
34 <sect2 role="package">
35 <title>Introduction to Linux-PAM</title>
36
37 <para>The <application>Linux-PAM</application> package contains
38 Pluggable Authentication Modules. This is useful to enable the
39 local system administrator to choose how applications authenticate
40 users.</para>
41
42 &lfs70_checked;
43
44 <bridgehead renderas="sect3">Package Information</bridgehead>
45 <itemizedlist spacing="compact">
46 <listitem>
47 <para>Download (HTTP): <ulink url="&linux-pam-download-http;"/></para>
48 </listitem>
49 <listitem>
50 <para>Download (FTP): <ulink url="&linux-pam-download-ftp;"/></para>
51 </listitem>
52 <listitem>
53 <para>Download MD5 sum: &linux-pam-md5sum;</para>
54 </listitem>
55 <listitem>
56 <para>Download size: &linux-pam-size;</para>
57 </listitem>
58 <listitem>
59 <para>Estimated disk space required: &linux-pam-buildsize;</para>
60 </listitem>
61 <listitem>
62 <para>Estimated build time: &linux-pam-time;</para>
63 </listitem>
64 </itemizedlist>
65
66 <bridgehead renderas="sect3">Additional Downloads</bridgehead>
67 <itemizedlist spacing='compact'>
68 <title>Optional Documentation</title>
69 <listitem>
70 <para>Download (HTTP): <ulink url="&linux-pam-docs-download;"/></para>
71 </listitem>
72 <listitem>
73 <para>Download MD5 sum: &linux-pam-docs-md5sum;</para>
74 </listitem>
75 <listitem>
76 <para>Download size &linux-pam-docs-size;</para>
77 </listitem>
78 </itemizedlist>
79
80 <bridgehead renderas="sect3">Linux-PAM Dependencies</bridgehead>
81
82 <bridgehead renderas="sect4">Optional</bridgehead>
83 <para role="optional"><xref linkend="cracklib"/>,
84 <xref linkend="libtirpc"/>, <xref linkend="x-window-system"/>,
85 <xref linkend="db"/> (for the pam_userdb module), and
86 <ulink url="http://www.prelude-ids.org/">Prelude</ulink></para>
87
88 <bridgehead renderas="sect4">Optional (To {,Re}build the Documentation)</bridgehead>
89 <para role="optional"><xref linkend="libxslt"/>,
90 <xref linkend="DocBook"/>,
91 <xref linkend="docbook-xsl"/>,
92 <xref linkend="w3m"/>, and
93 <xref linkend="fop"/></para>
94
95 <para condition="html" role="usernotes">User Notes:
96 <ulink url="&blfs-wiki;/linux-pam"/></para>
97 </sect2>
98
99 <sect2 role="installation">
100 <title>Installation of Linux-PAM</title>
101
102 <para>If you downloaded the documentation, unpack the tarball by issuing
103 the following command.</para>
104
105<screen><userinput>tar -xf ../Linux-PAM-&linux-pam-version;-docs.tar.bz2 --strip-components=1</userinput></screen>
106
107 <para>Install <application>Linux-PAM</application> by
108 running the following commands:</para>
109
110<screen><userinput>./configure --sbindir=/lib/security \
111 --docdir=/usr/share/doc/Linux-PAM-&linux-pam-version; \
112 --disable-nis \
113 --enable-read-both-confs &amp;&amp;
114make</userinput></screen>
115
116 <para>To test the results, a configuration file must be created. This file
117 will be removed after the tests have completed. Ensure there are no errors
118 produced by the tests before continuing the installation. First create the
119 configuration file by issuing the following commands as the
120 <systemitem class="username">root</systemitem> user:</para>
121
122<screen role="root"><userinput>install -v -m755 -d /etc/pam.d &amp;&amp;
123
124cat &gt; /etc/pam.d/other &lt;&lt; "EOF"
125auth required pam_deny.so
126account required pam_deny.so
127password required pam_deny.so
128session required pam_deny.so
129EOF</userinput></screen>
130
131 <para>Now run the tests by issuing <command>make check</command>.</para>
132
133 <para>Remove the configuration file created earlier by issuing the
134 following command as the
135 <systemitem class="username">root</systemitem> user:</para>
136
137<screen role="root"><userinput>rm -rfv /etc/pam.d</userinput></screen>
138
139 <para>Now, as the <systemitem class="username">root</systemitem>
140 user:</para>
141
142<screen role="root"><userinput>make install &amp;&amp;
143chmod -v 4755 /lib/security/unix_chkpwd &amp;&amp;
144mv -v /lib/security/pam_tally /sbin</userinput></screen>
145 </sect2>
146
147 <sect2 role="commands">
148 <title>Command Explanations</title>
149
150 <para><parameter>--sbindir=/lib/security</parameter>: This parameter
151 results in three executables, two of which are not intended to be run from
152 the command line, being installed in the same directory as the PAM modules.
153 The other executable is later moved to the
154 <filename class="directory">/sbin</filename> directory.</para>
155
156 <para><parameter>--docdir=...</parameter>: This parameter results in
157 the documentation being installed in a versioned directory name.</para>
158
159 <para><parameter>--disable-nis</parameter>: This option disables building
160 Network Information Service/Yellow Pages support in pam_unix and pam_access.
161 The RPC implementation in glibc (on which NIS/YP depends) is deprecated.
162 However, the same functionality is provided by
163 <application>Libtirpc</application> so if you've installed
164 <xref linkend="libtirpc"/> you can remove the
165 <parameter>--disable-nis</parameter> option.</para>
166
167 <para><parameter>--enable-read-both-confs</parameter>: This parameter
168 allows the local administrator to choose which configuration file setup to
169 use.</para>
170
171 <para><command>chmod -v 4755 /lib/security/unix_chkpwd</command>:
172 The <command>unix_chkpwd</command> password-helper program must be setuid
173 so that non-<systemitem class="username">root</systemitem> processes can
174 access the shadow-password file.</para>
175
176 <para><command>mv -v /lib/security/pam_tally /sbin</command>: The
177 <command>pam_tally</command> program is designed to be run by the system
178 administrator, possibly in single-user mode, so it is moved to the
179 appropriate directory.</para>
180 </sect2>
181
182 <sect2 role="configuration">
183 <title>Configuring Linux-PAM</title>
184
185 <sect3 id="pam-config">
186 <title>Config Files</title>
187
188 <para><filename>/etc/security/*</filename> and
189 <filename>/etc/pam.d/*</filename> or
190 <filename>/etc/pam.conf</filename></para>
191
192 <indexterm zone="linux-pam pam-config">
193 <primary sortas="e-etc-security">/etc/security/*</primary>
194 </indexterm>
195
196 <indexterm zone="linux-pam pam-config">
197 <primary sortas="e-etc-pam.d">/etc/pam.d/*</primary>
198 </indexterm>
199
200 <indexterm zone="linux-pam pam-config">
201 <primary sortas="e-etc-pam.conf">/etc/pam.conf</primary>
202 </indexterm>
203 </sect3>
204
205 <sect3>
206 <title>Configuration Information</title>
207
208 <para>Configuration information is placed in
209 <filename class="directory">/etc/pam.d/</filename> or
210 <filename>/etc/pam.conf</filename> depending on system administrator
211 preference. Below are example files of each type:</para>
212
213<screen><literal># Begin /etc/pam.d/other
214
215auth required pam_unix.so nullok
216account required pam_unix.so
217session required pam_unix.so
218password required pam_unix.so nullok
219
220# End /etc/pam.d/other
221
222# Begin /etc/pam.conf
223
224other auth required pam_unix.so nullok
225other account required pam_unix.so
226other session required pam_unix.so
227other password required pam_unix.so nullok
228
229# End /etc/pam.conf</literal></screen>
230
231 <para>The <application>PAM</application> man page (<command>man
232 pam</command>) provides a good starting point for descriptions of fields
233 and allowable entries. The <ulink
234 url="&debian-pam-docs;/Linux-PAM-html/Linux-PAM_SAG.html"> Linux-PAM
235 System Administrators' Guide</ulink> is recommended for additional
236 information.</para>
237
238 <para>Refer to <ulink url="&debian-pam-docs;/modules.html"/> for a list
239 of various third-party modules available.</para>
240
241 <important>
242 <para>You should now reinstall the <xref linkend="shadow"/>
243 package.</para>
244 </important>
245 </sect3>
246 </sect2>
247
248 <sect2 role="content">
249 <title>Contents</title>
250
251 <segmentedlist>
252 <segtitle>Installed Program</segtitle>
253 <segtitle>Installed Libraries</segtitle>
254 <segtitle>Installed Directories</segtitle>
255
256 <seglistitem>
257 <seg>pam_tally</seg>
258 <seg>libpam.{so,a}, libpamc.{so,a}, libpam_misc.{so,a} and
259 numerous PAM modules</seg>
260 <seg>/etc/security, /lib/security, /usr/include/security,
261 /usr/share/doc/Linux-PAM-&linux-pam-version;,
262 and /var/run/sepermit</seg>
263 </seglistitem>
264 </segmentedlist>
265
266 <variablelist>
267 <bridgehead renderas="sect3">Short Descriptions</bridgehead>
268 <?dbfo list-presentation="list"?>
269 <?dbhtml list-presentation="table"?>
270
271 <varlistentry id="pam_tally">
272 <term><command>pam_tally</command></term>
273 <listitem>
274 <para>is used to view or manipulate the <filename>faillog</filename>
275 file.</para>
276 <indexterm zone="linux-pam pam_tally">
277 <primary sortas="b-pam_tally">pam_tally</primary>
278 </indexterm>
279 </listitem>
280 </varlistentry>
281
282 <varlistentry id="libpam">
283 <term><filename class="libraryfile">libpam.{so,a}</filename></term>
284 <listitem>
285 <para>provides the interfaces between applications and the
286 PAM modules.</para>
287 <indexterm zone="linux-pam libpam">
288 <primary sortas="c-libpam">libpam.{so,a}</primary>
289 </indexterm>
290 </listitem>
291 </varlistentry>
292 </variablelist>
293 </sect2>
294</sect1>
Note: See TracBrowser for help on using the repository browser.