source: postlfs/security/linux-pam.xml@ c03a8bd

10.0 10.1 11.0 11.1 11.2 11.3 12.0 12.1 6.3 6.3-rc1 6.3-rc2 6.3-rc3 7.10 7.4 7.5 7.6 7.6-blfs 7.6-systemd 7.7 7.8 7.9 8.0 8.1 8.2 8.3 8.4 9.0 9.1 basic bdubbs/svn elogind gnome kde5-13430 kde5-14269 kde5-14686 kea ken/TL2024 ken/inkscape-core-mods ken/tuningfonts krejzi/svn lazarus lxqt nosym perl-modules plabs/newcss plabs/python-mods python3.11 qt5new rahul/power-profiles-daemon renodr/vulkan-addition systemd-11177 systemd-13485 trunk upgradedb xry111/intltool xry111/llvm18 xry111/soup3 xry111/test-20220226 xry111/xf86-video-removal
Last change on this file since c03a8bd was c03a8bd, checked in by Randy McMurchy <randy@…>, 17 years ago

Updated to Linux-PAM-0.99.7.1

git-svn-id: svn://svn.linuxfromscratch.org/BLFS/trunk/BOOK@6645 af4574ff-66df-0310-9fd7-8a98e5e911e0
  • Property mode set to 100644
File size: 11.1 KB
Line 
1<?xml version="1.0" encoding="ISO-8859-1"?>
2<!DOCTYPE sect1 PUBLIC "-//OASIS//DTD DocBook XML V4.4//EN"
3 "http://www.oasis-open.org/docbook/xml/4.4/docbookx.dtd" [
4 <!ENTITY % general-entities SYSTEM "../../general.ent">
5 %general-entities;
6
7 <!ENTITY linux-pam-download-http "http://www.kernel.org/pub/linux/libs/pam/pre/library/Linux-PAM-&linux-pam-version;.tar.bz2">
8 <!ENTITY linux-pam-download-ftp "ftp://ftp.kernel.org/pub/linux/libs/pam/pre/library/Linux-PAM-&linux-pam-version;.tar.bz2">
9 <!ENTITY linux-pam-md5sum "385458dfb4633071594e255a6ebec9da">
10 <!ENTITY linux-pam-size "872 KB">
11 <!ENTITY linux-pam-buildsize "18 MB">
12 <!ENTITY linux-pam-time "0.5 SBU">
13 <!ENTITY linux-pam-docs-download "http://www.kernel.org/pub/linux/libs/pam/pre/doc/Linux-PAM-&linux-pam-version;-docs.tar.bz2">
14]>
15
16<sect1 id="linux-pam" xreflabel="Linux-PAM-&linux-pam-version;">
17 <?dbhtml filename="linux-pam.html"?>
18
19 <sect1info>
20 <othername>$LastChangedBy$</othername>
21 <date>$Date$</date>
22 </sect1info>
23
24 <title>Linux-PAM-&linux-pam-version;</title>
25
26 <indexterm zone="linux-pam">
27 <primary sortas="a-Linux-PAM">Linux-PAM</primary>
28 </indexterm>
29
30 <sect2 role="package">
31 <title>Introduction to Linux-PAM</title>
32
33 <para>The <application>Linux-PAM</application> package contains
34 Pluggable Authentication Modules. This is useful to enable the
35 local system administrator to choose how applications authenticate
36 users.</para>
37
38 <bridgehead renderas="sect3">Package Information</bridgehead>
39 <itemizedlist spacing="compact">
40 <listitem>
41 <para>Download (HTTP): <ulink url="&linux-pam-download-http;"/></para>
42 </listitem>
43 <listitem>
44 <para>Download (FTP): <ulink url="&linux-pam-download-ftp;"/></para>
45 </listitem>
46 <listitem>
47 <para>Download MD5 sum: &linux-pam-md5sum;</para>
48 </listitem>
49 <listitem>
50 <para>Download size: &linux-pam-size;</para>
51 </listitem>
52 <listitem>
53 <para>Estimated disk space required: &linux-pam-buildsize;</para>
54 </listitem>
55 <listitem>
56 <para>Estimated build time: &linux-pam-time;</para>
57 </listitem>
58 </itemizedlist>
59
60 <bridgehead renderas="sect3">Additional Downloads</bridgehead>
61 <itemizedlist spacing='compact'>
62 <listitem>
63 <para>Optional documentation:
64 <ulink url="&linux-pam-docs-download;"/></para>
65 </listitem>
66 </itemizedlist>
67
68 <bridgehead renderas="sect3">Linux-PAM Dependencies</bridgehead>
69
70 <bridgehead renderas="sect4">Optional</bridgehead>
71 <para role="optional"><xref linkend="cracklib"/> and
72 <!-- <xref linkend="db"/> (for the pam_userdb module), -->
73 <ulink url="http://www.prelude-ids.org/">Prelude</ulink></para>
74
75 <bridgehead renderas="sect4">Optional (To {,Re}build the Documentation)</bridgehead>
76 <para role="optional"><xref linkend="libxslt"/>,
77 <xref linkend="DocBook"/>,
78 <xref linkend="docbook-xsl"/>,
79 <xref linkend="w3m"/>, and
80 <xref linkend="fop"/></para>
81
82 <para condition="html" role="usernotes">User Notes:
83 <ulink url="&blfs-wiki;/linux-pam"/></para>
84
85 </sect2>
86
87 <sect2 role="installation">
88 <title>Installation of Linux-PAM</title>
89
90 <para>If you downloaded the documentation, unpack the tarball from the
91 same top-level directory you unpacked the source tarball from. The files
92 will unpack into the correct directories of the source tree.</para>
93
94 <para>Install <application>Linux-PAM</application> by
95 running the following commands:</para>
96
97<screen><userinput>./configure --libdir=/usr/lib \
98 --sbindir=/lib/security \
99 --enable-securedir=/lib/security \
100 --docdir=/usr/share/doc/Linux-PAM-&linux-pam-version; \
101 --enable-read-both-confs &amp;&amp;
102make</userinput></screen>
103
104 <para>To test the results, issue <command>make check</command>.</para>
105
106 <!-- <para>The test suite will not provide meaningful results until the package
107 has been installed and configured. If, after installing the package and
108 creating a minimum configuration as shown below in the 'other' example,
109 you wish to run the tests, issue <command>make check</command>.</para>
110
111 <tip>
112 <para>Don't delete the <application>Linux-PAM</application> source tree
113 until after you reinstall the <application>Shadow</application> package.
114 The reinstallation of the Shadow package includes much more stringent
115 security for the PAM configuration, and you can run the
116 <application>Linux-PAM</application> test suite after completing the
117 <application>Shadow</application> instructions to test the new setup. All
118 the tests should pass.</para>
119 </tip> -->
120
121 <para>Now, as the <systemitem class="username">root</systemitem> user:</para>
122
123<screen role="root"><userinput>make install &amp;&amp;
124chmod -v 4755 /lib/security/unix_chkpwd &amp;&amp;
125mv -v /lib/security/pam_tally /sbin &amp;&amp;
126mv -v /usr/lib/libpam*.so.0* /lib &amp;&amp;
127ln -v -sf ../../lib/libpam.so.0.81.6 /usr/lib/libpam.so &amp;&amp;
128ln -v -sf ../../lib/libpamc.so.0.81.0 /usr/lib/libpamc.so &amp;&amp;
129ln -v -sf ../../lib/libpam_misc.so.0.81.2 /usr/lib/libpam_misc.so</userinput></screen>
130
131 <!-- <para>If you downloaded the documentation, install it using the following
132 command:</para>
133
134<screen role="root"><userinput>for DOCTYPE in html pdf ps txts
135do
136 cp -v -R doc/$DOCTYPE /usr/share/doc/Linux-PAM-&linux-pam-version;
137done</userinput></screen> -->
138
139 </sect2>
140
141 <sect2 role="commands">
142 <title>Command Explanations</title>
143
144 <para><parameter>--libdir=/usr/lib</parameter>: This parameter results in
145 the libraries being installed in
146 <filename class='directory'>/usr/lib</filename>.</para>
147
148 <para><parameter>--sbindir=/lib/security</parameter>: This parameter
149 results in two executables, one which is not intended to be run from the
150 command line, being installed in the same directory as the PAM modules.
151 One of the executables is later moved to the
152 <filename class='directory'>/sbin</filename> directory.</para>
153
154 <para><parameter>--enable-securedir=/lib/security</parameter>: This
155 parameter results in the PAM modules being installed in
156 <filename class='directory'>/lib/security</filename>.</para>
157
158 <para><parameter>--docdir=...</parameter>: This parameter results in
159 the documentation being installed in a versioned directory name.</para>
160
161 <para><parameter>--enable-read-both-confs</parameter>: This parameter
162 allows the local administrator to choose which configuration file setup to
163 use.</para>
164
165 <para><command>chmod -v 4755 /lib/security/unix_chkpwd</command>:
166 The <command>unix_chkpwd</command> password-helper program must be setuid
167 so that non-<systemitem class="username">root</systemitem> processes can
168 access the shadow-password file.</para>
169
170 <para><command>mv -v /lib/security/pam_tally /sbin</command>: The
171 <command>pam_tally</command> program is designed to be run by the system
172 administrator, possibly in single-user mode, so it is moved to the
173 appropriate directory.</para>
174
175 <para><command>mv -v /usr/lib/libpam*.so.0* /lib</command>: This command
176 moves the dynamic libraries to <filename class='directory'>/lib</filename>
177 as they may be required in single user mode.</para>
178
179 <para><command>ln -v -sf ...</command>: These commands recreate the
180 <filename class='symlink'>.so</filename> symlinks as the libraries they
181 pointed to were moved to <filename class='directory'>/lib</filename>.</para>
182
183 </sect2>
184
185 <sect2 role="configuration">
186 <title>Configuring Linux-PAM</title>
187
188 <sect3 id="pam-config">
189 <title>Config Files</title>
190
191 <para><filename>/etc/security/*</filename> and
192 <filename>/etc/pam.d/*</filename> or
193 <filename>/etc/pam.conf</filename></para>
194
195 <indexterm zone="linux-pam pam-config">
196 <primary sortas="e-etc-security">/etc/security/*</primary>
197 </indexterm>
198
199 <indexterm zone="linux-pam pam-config">
200 <primary sortas="e-etc-pam.d">/etc/pam.d/*</primary>
201 </indexterm>
202
203 <indexterm zone="linux-pam pam-config">
204 <primary sortas="e-etc-pam.conf">/etc/pam.conf</primary>
205 </indexterm>
206
207 </sect3>
208
209 <sect3>
210 <title>Configuration Information</title>
211
212 <para>Configuration information is placed in
213 <filename class='directory'>/etc/pam.d/</filename> or
214 <filename>/etc/pam.conf</filename> depending on system administrator
215 preference. Below are example files of each type:</para>
216
217<screen><literal># Begin /etc/pam.d/other
218
219auth required pam_unix.so nullok
220account required pam_unix.so
221session required pam_unix.so
222password required pam_unix.so nullok
223
224# End /etc/pam.d/other
225
226# Begin /etc/pam.conf
227
228other auth required pam_unix.so nullok
229other account required pam_unix.so
230other session required pam_unix.so
231other password required pam_unix.so nullok
232
233# End /etc/pam.conf</literal></screen>
234
235 <para>The <application>PAM</application> man page
236 (<command>man pam</command>) provides a good starting point for
237 descriptions of fields and allowable entries. The <ulink
238 url="http://www.kernel.org/pub/linux/libs/pam/Linux-PAM-html/pam.html">
239 Linux-PAM System Administrators' Guide</ulink>
240 is recommended for additional information.</para>
241
242 <para>Refer to <ulink
243 url="http://www.kernel.org/pub/linux/libs/pam/modules.html"/>
244 for a list of various modules available.</para>
245
246 <important>
247 <para>You should now reinstall the <xref linkend="shadow"/>
248 package.</para>
249 </important>
250
251 </sect3>
252
253 </sect2>
254
255 <sect2 role="content">
256 <title>Contents</title>
257
258 <segmentedlist>
259 <segtitle>Installed Program</segtitle>
260 <segtitle>Installed Libraries</segtitle>
261 <segtitle>Installed Directories</segtitle>
262
263 <seglistitem>
264 <seg>pam_tally</seg>
265 <seg>libpam.{so,a}, libpamc.{so,a}, and libpam_misc.{so,a}</seg>
266 <seg>/etc/pam.d, /etc/security, /lib/security and
267 /usr/include/security</seg>
268 </seglistitem>
269 </segmentedlist>
270
271 <variablelist>
272 <bridgehead renderas="sect3">Short Descriptions</bridgehead>
273 <?dbfo list-presentation="list"?>
274 <?dbhtml list-presentation="table"?>
275
276 <varlistentry id="pam_tally">
277 <term><command>pam_tally</command></term>
278 <listitem>
279 <para>is used to view or manipulate the <filename>faillog</filename>
280 file.</para>
281 <indexterm zone="linux-pam pam_tally">
282 <primary sortas="b-pam_tally">pam_tally</primary>
283 </indexterm>
284 </listitem>
285 </varlistentry>
286
287 <varlistentry id="libpam">
288 <term><filename class='libraryfile'>libpam.{so,a}</filename></term>
289 <listitem>
290 <para>provides the interfaces between applications and the
291 PAM modules.</para>
292 <indexterm zone="linux-pam libpam">
293 <primary sortas="c-libpam">libpam.{so,a}</primary>
294 </indexterm>
295 </listitem>
296 </varlistentry>
297
298 </variablelist>
299
300 </sect2>
301
302</sect1>
Note: See TracBrowser for help on using the repository browser.