source: postlfs/security/linux-pam.xml@ 5ae7a99

10.0 10.1 11.0 11.1 7.10 7.5 7.6 7.6-blfs 7.6-systemd 7.7 7.8 7.9 8.0 8.1 8.2 8.3 8.4 9.0 9.1 basic bdubbs/svn elogind gnome kde5-13430 kde5-14269 kde5-14686 krejzi/svn lazarus nosym perl-modules qt5new systemd-11177 systemd-13485 trunk upgradedb xry111/intltool xry111/test-20220226
Last change on this file since 5ae7a99 was 5ae7a99, checked in by Fernando de Oliveira <fernando@…>, 8 years ago

Some fixes from received patch. Thanks.

git-svn-id: svn://svn.linuxfromscratch.org/BLFS/trunk/BOOK@12447 af4574ff-66df-0310-9fd7-8a98e5e911e0

  • Property mode set to 100644
File size: 12.0 KB
Line 
1<?xml version="1.0" encoding="ISO-8859-1"?>
2<!DOCTYPE sect1 PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
3 "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
4 <!ENTITY % general-entities SYSTEM "../../general.ent">
5 %general-entities;
6
7 <!ENTITY linux-pam-download-http "http://linux-pam.org/library/Linux-PAM-&linux-pam-version;.tar.bz2">
8 <!ENTITY linux-pam-download-ftp " ">
9 <!ENTITY linux-pam-md5sum "35b6091af95981b1b2cd60d813b5e4ee">
10 <!ENTITY linux-pam-size "1.1 MB">
11 <!ENTITY linux-pam-buildsize "22 MB">
12 <!ENTITY linux-pam-time "0.3 SBU">
13
14 <!ENTITY linux-pam-docs-download "http://linux-pam.org/documentation/Linux-PAM-&linux-pam-version;-docs.tar.bz2">
15 <!ENTITY linux-pam-docs-md5sum "730895d1c6e1c706dc5ffe2419f9b3f5">
16 <!ENTITY linux-pam-docs-size "148 KB">
17 <!ENTITY debian-pam-docs "http://debian.securedservers.com/kernel/pub/linux/libs/pam">
18]>
19
20<sect1 id="linux-pam" xreflabel="Linux-PAM-&linux-pam-version;">
21 <?dbhtml filename="linux-pam.html"?>
22
23 <sect1info>
24 <othername>$LastChangedBy$</othername>
25 <date>$Date$</date>
26 </sect1info>
27
28 <title>Linux-PAM-&linux-pam-version;</title>
29
30 <indexterm zone="linux-pam">
31 <primary sortas="a-Linux-PAM">Linux-PAM</primary>
32 </indexterm>
33
34 <sect2 role="package">
35 <title>Introduction to Linux PAM</title>
36
37 <para>
38 The <application>Linux PAM</application> package contains
39 Pluggable Authentication Modules used to enable the local
40 system administrator to choose how applications authenticate
41 users.
42 </para>
43
44 &lfs74_checked;
45
46 <bridgehead renderas="sect3">Package Information</bridgehead>
47 <itemizedlist spacing="compact">
48 <listitem>
49 <para>
50 Download (HTTP): <ulink url="&linux-pam-download-http;"/>
51 </para>
52 </listitem>
53 <listitem>
54 <para>
55 Download (FTP): <ulink url="&linux-pam-download-ftp;"/>
56 </para>
57 </listitem>
58 <listitem>
59 <para>
60 Download MD5 sum: &linux-pam-md5sum;
61 </para>
62 </listitem>
63 <listitem>
64 <para>
65 Download size: &linux-pam-size;
66 </para>
67 </listitem>
68 <listitem>
69 <para>
70 Estimated disk space required: &linux-pam-buildsize;
71 </para>
72 </listitem>
73 <listitem>
74 <para>
75 Estimated build time: &linux-pam-time;
76 </para>
77 </listitem>
78 </itemizedlist>
79
80 <bridgehead renderas="sect3">Additional Downloads</bridgehead>
81 <itemizedlist spacing="compact">
82 <title>Optional Documentation</title>
83 <listitem>
84 <para>
85 Download (HTTP): <ulink url="&linux-pam-docs-download;"/>
86 </para>
87 </listitem>
88 <listitem>
89 <para>
90 Download MD5 sum: &linux-pam-docs-md5sum;
91 </para>
92 </listitem>
93 <listitem>
94 <para>
95 Download size &linux-pam-docs-size;
96 </para>
97 </listitem>
98 </itemizedlist>
99
100 <bridgehead renderas="sect3">Linux PAM Dependencies</bridgehead>
101
102 <bridgehead renderas="sect4">Optional</bridgehead>
103 <para role="optional">
104 <xref linkend="db"/>,
105 <xref linkend="cracklib"/>,
106 <xref linkend="libtirpc"/> and
107 <ulink url="http://www.prelude-ids.org/">Prelude</ulink>
108 </para>
109
110 <bridgehead renderas="sect4">Optional (To Rebuild the Documentation)</bridgehead>
111 <para role="optional">
112 <xref linkend="DocBook"/>,
113 <xref linkend="docbook-xsl"/>,
114 <xref linkend="fop"/>,
115 <xref linkend="libxslt"/> and
116 <xref linkend="w3m"/>
117 </para>
118
119 <para condition="html" role="usernotes">User Notes:
120 <ulink url="&blfs-wiki;/linux-pam"/>
121 </para>
122 </sect2>
123
124 <sect2 role="installation">
125 <title>Installation of Linux PAM</title>
126
127 <para>
128 If you downloaded the documentation, unpack the tarball by issuing
129 the following command.
130 </para>
131
132<screen><userinput>tar -xf ../Linux-PAM-&linux-pam-version;-docs.tar.bz2 --strip-components=1</userinput></screen>
133
134 <para>
135 Install <application>Linux PAM</application> by
136 running the following commands:
137 </para>
138
139<screen><userinput>./configure --prefix=/usr \
140 --sysconfdir=/etc \
141 --libdir=/usr/lib \
142 --enable-securedir=/lib/security \
143 --docdir=/usr/share/doc/Linux-PAM-&linux-pam-version; \
144 --disable-nis &amp;&amp;
145make</userinput></screen>
146
147 <para>
148 To test the results, a configuration file must be created. This file
149 will be removed after the tests have completed. Ensure there are no errors
150 produced by the tests before continuing the installation. First create the
151 configuration file by issuing the following commands as the
152 <systemitem class="username">root</systemitem> user:
153 </para>
154
155<screen role="root"><userinput>install -v -m755 -d /etc/pam.d &amp;&amp;
156
157cat &gt; /etc/pam.d/other &lt;&lt; "EOF"
158auth required pam_deny.so
159account required pam_deny.so
160password required pam_deny.so
161session required pam_deny.so
162EOF</userinput></screen>
163
164 <para>
165 Now run the tests by issuing <command>make check</command>.
166 </para>
167
168 <para>
169 Remove the configuration file created earlier by issuing the
170 following command as the
171 <systemitem class="username">root</systemitem> user:
172 </para>
173
174<screen role="root"><userinput>rm -rfv /etc/pam.d</userinput></screen>
175
176 <para>
177 Now, as the <systemitem class="username">root</systemitem>
178 user:
179 </para>
180
181<screen role="root"><userinput>make install &amp;&amp;
182chmod -v 4755 /sbin/unix_chkpwd &amp;&amp;
183
184for file in pam pam_misc pamc
185do
186 mv -v /usr/lib/lib${file}.so.* /lib &amp;&amp;
187 ln -sfv ../../lib/$(readlink /usr/lib/lib${file}.so) /usr/lib/lib${file}.so
188done</userinput></screen>
189
190 </sect2>
191
192 <sect2 role="commands">
193 <title>Command Explanations</title>
194
195 <para>
196 <parameter>--enable-securedir=/lib/security</parameter>:
197 This switch sets install location for the
198 <application>PAM</application> modules.
199 </para>
200
201 <para>
202 <option>--disable-nis</option>: This switch disables building
203 of the Network Information Service/Yellow Pages support in
204 pam_unix and pam_access modules. Remove it if you have installed
205 <xref linkend="libtirpc"/>.
206 </para>
207
208 <para>
209 <command>chmod -v 4755 /sbin/unix_chkpwd</command>:
210 The <command>unix_chkpwd</command> helper program must be setuid
211 so that non-<systemitem class="username">root</systemitem>
212 processes can access the shadow file.
213 </para>
214
215 </sect2>
216
217 <sect2 role="configuration">
218 <title>Configuring Linux-PAM</title>
219
220 <sect3 id="pam-config">
221 <title>Config Files</title>
222
223 <para>
224 <filename>/etc/security/*</filename> and
225 <filename>/etc/pam.d/*</filename>
226 </para>
227
228 <indexterm zone="linux-pam pam-config">
229 <primary sortas="e-etc-security">/etc/security/*</primary>
230 </indexterm>
231
232 <indexterm zone="linux-pam pam-config">
233 <primary sortas="e-etc-pam.d">/etc/pam.d/*</primary>
234 </indexterm>
235
236 </sect3>
237
238 <sect3>
239 <title>Configuration Information</title>
240
241 <para>
242 Configuration information is placed in
243 <filename class="directory">/etc/pam.d/</filename>.
244 Below is an example file:
245 </para>
246
247<screen><literal># Begin /etc/pam.d/other
248
249auth required pam_unix.so nullok
250account required pam_unix.so
251session required pam_unix.so
252password required pam_unix.so nullok
253
254# End /etc/pam.d/other</literal></screen>
255
256 <para>
257 The <application>PAM</application> man page (<command>man
258 pam</command>) provides a good starting point for descriptions
259 of fields and allowable entries. The <ulink
260 url="http://www.linux-pam.org/Linux-PAM-html/Linux-PAM_SAG.html">Linux-PAM
261 System Administrators' Guide</ulink> is recommended for additional
262 information.
263 </para>
264
265 <para>
266 Refer to <ulink url="&debian-pam-docs;/modules.html"/> for a list
267 of various third-party modules available.
268 </para>
269
270 <important>
271 <para>
272 You should now reinstall the <xref linkend="shadow"/>
273 package.
274 </para>
275 </important>
276
277 </sect3>
278
279 </sect2>
280
281 <sect2 role="content">
282 <title>Contents</title>
283
284 <segmentedlist>
285 <segtitle>Installed Program</segtitle>
286 <segtitle>Installed Libraries</segtitle>
287 <segtitle>Installed Directories</segtitle>
288
289 <seglistitem>
290 <seg>
291 mkhomedir_helper, pam_tally, pam_tally2,
292 pam_timestamp_check, unix_chkpwd and
293 unix_update
294 </seg>
295 <seg>
296 libpam.so, libpamc.so and libpam_misc.so
297 </seg>
298 <seg>
299 /etc/security,
300 /lib/security,
301 /usr/include/security and
302 /usr/share/doc/Linux-PAM-&linux-pam-version;
303 </seg>
304 </seglistitem>
305 </segmentedlist>
306
307 <variablelist>
308 <bridgehead renderas="sect3">Short Descriptions</bridgehead>
309 <?dbfo list-presentation="list"?>
310 <?dbhtml list-presentation="table"?>
311
312 <varlistentry id="mkhomedir_helper">
313 <term><command>mkhomedir_helper</command></term>
314 <listitem>
315 <para>
316 is a helper binary that creates home directories.
317 </para>
318 <indexterm zone="linux-pam mkhomedir_helper">
319 <primary sortas="b-mkhomedir_helper">mkhomedir_helper</primary>
320 </indexterm>
321 </listitem>
322 </varlistentry>
323
324 <varlistentry id="pam_tally">
325 <term><command>pam_tally</command></term>
326 <listitem>
327 <para>
328 is used to interrogate and manipulate the login counter file.
329 </para>
330 <indexterm zone="linux-pam pam_tally">
331 <primary sortas="b-pam_tally">pam_tally</primary>
332 </indexterm>
333 </listitem>
334 </varlistentry>
335
336 <varlistentry id="pam_tally2">
337 <term><command>pam_tally2</command></term>
338 <listitem>
339 <para>
340 is used to interrogate and manipulate the login counter file, but
341 does not have some limitations that <command>pam_tally</command>
342 does.
343 </para>
344 <indexterm zone="linux-pam pam_tally2">
345 <primary sortas="b-pam_tally2">pam_tally2</primary>
346 </indexterm>
347 </listitem>
348 </varlistentry>
349
350 <varlistentry id="pam_timestamp_check">
351 <term><command>pam_timestamp_check</command></term>
352 <listitem>
353 <para>
354 is used to check if the default timestamp is valid
355 </para>
356 <indexterm zone="linux-pam pam_timestamp_check">
357 <primary sortas="b-pam_timestamp_check">pam_timestamp_check</primary>
358 </indexterm>
359 </listitem>
360 </varlistentry>
361
362 <varlistentry id="unix_chkpwd">
363 <term><command>unix_chkpwd</command></term>
364 <listitem>
365 <para>
366 is a helper binary that verifies the password of the current user.
367 </para>
368 <indexterm zone="linux-pam unix_chkpwd">
369 <primary sortas="b-unix_chkpwd">unix_chkpwd</primary>
370 </indexterm>
371 </listitem>
372 </varlistentry>
373
374 <varlistentry id="unix_update">
375 <term><command>unix_update</command></term>
376 <listitem>
377 <para>
378 is a helper binary that updates the password of a given user.
379 </para>
380 <indexterm zone="linux-pam unix_update">
381 <primary sortas="b-unix_update">unix_update</primary>
382 </indexterm>
383 </listitem>
384 </varlistentry>
385
386 <varlistentry id="libpam">
387 <term><filename class="libraryfile">libpam.so</filename></term>
388 <listitem>
389 <para>
390 provides the interfaces between applications and the
391 PAM modules.
392 </para>
393 <indexterm zone="linux-pam libpam">
394 <primary sortas="c-libpam">libpam.so</primary>
395 </indexterm>
396 </listitem>
397 </varlistentry>
398
399 </variablelist>
400
401 </sect2>
402
403</sect1>
Note: See TracBrowser for help on using the repository browser.