source: postlfs/security/shadow.xml@ 6eebe9c

6.3 6.3-rc3
Last change on this file since 6eebe9c was 02fb2bc, checked in by DJ Lucas <dj@…>, 14 years ago

Fixed pam_xauth.so module name in shadow.

git-svn-id: svn://svn.linuxfromscratch.org/BLFS/branches/6.3/BOOK@7481 af4574ff-66df-0310-9fd7-8a98e5e911e0

  • Property mode set to 100644
File size: 23.7 KB
Line 
1<?xml version="1.0" encoding="ISO-8859-1"?>
2<!DOCTYPE sect1 PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
3 "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
4 <!ENTITY % general-entities SYSTEM "../../general.ent">
5 %general-entities;
6
7 <!-- <!ENTITY shadow-download-http "http://ftp.pld.org.pl/software/shadow/old/shadow-&shadow-version;.tar.bz2"> -->
8 <!-- <!ENTITY shadow-download-ftp "ftp://ftp.pld.org.pl/software/shadow/shadow-&shadow-version;.tar.bz2"> -->
9 <!-- <!ENTITY shadow-download-http "http://cross-lfs.org/files/packages/svn/shadow-&shadow-version;.tar.bz2"> -->
10 <!ENTITY shadow-download-http "http://anduin.linuxfromscratch.org/sources/LFS/lfs-packages/development/shadow-&shadow-version;.tar.bz2">
11 <!ENTITY shadow-download-ftp " ">
12 <!ENTITY shadow-md5sum "e7751d46ecf219c07ae0b028ab3335c6">
13 <!ENTITY shadow-size "1.5 MB">
14 <!ENTITY shadow-buildsize "18 MB">
15 <!ENTITY shadow-time "0.3 SBU">
16]>
17
18<sect1 id="shadow" xreflabel="Shadow-&shadow-version;">
19 <?dbhtml filename="shadow.html"?>
20
21 <sect1info>
22 <othername>$LastChangedBy$</othername>
23 <date>$Date$</date>
24 </sect1info>
25
26 <title>Shadow-&shadow-version;</title>
27
28 <indexterm zone="shadow">
29 <primary sortas="a-Shadow">Shadow</primary>
30 </indexterm>
31
32 <sect2 role="package">
33 <title>Introduction to Shadow</title>
34
35 <para><application>Shadow</application> was indeed installed in LFS and
36 there is no reason to reinstall it unless you installed
37 <application>CrackLib</application> or
38 <application>Linux-PAM</application> after your LFS system was completed.
39 If you have installed <application>CrackLib</application> after LFS, then
40 reinstalling <application>Shadow</application> will enable strong password
41 support. If you have installed <application>Linux-PAM</application>,
42 reinstalling <application>Shadow</application> will allow programs such as
43 <command>login</command> and <command>su</command> to utilize PAM.</para>
44
45 <bridgehead renderas="sect3">Package Information</bridgehead>
46 <itemizedlist spacing="compact">
47 <listitem>
48 <para>Download (HTTP): <ulink url="&shadow-download-http;"/></para>
49 </listitem>
50 <listitem>
51 <para>Download (FTP): <ulink url="&shadow-download-ftp;"/></para>
52 </listitem>
53 <listitem>
54 <para>Download MD5 sum: &shadow-md5sum;</para>
55 </listitem>
56 <listitem>
57 <para>Download size: &shadow-size;</para>
58 </listitem>
59 <listitem>
60 <para>Estimated disk space required: &shadow-buildsize;</para>
61 </listitem>
62 <listitem>
63 <para>Estimated build time: &shadow-time;</para>
64 </listitem>
65 </itemizedlist>
66
67 <bridgehead renderas="sect3">Additional Downloads</bridgehead>
68 <itemizedlist spacing='compact'>
69 <listitem>
70 <para>Required patch: <ulink
71 url="&patch-root;/shadow-&shadow-version;-useradd_fix-2.patch"/></para>
72 </listitem>
73 </itemizedlist>
74
75 <bridgehead renderas="sect3">Shadow Dependencies</bridgehead>
76
77 <bridgehead renderas="sect4">Required</bridgehead>
78 <para role="required"><xref linkend="linux-pam"/> and/or
79 <xref linkend="cracklib"/></para>
80
81 <para condition="html" role="usernotes">User Notes:
82 <ulink url="&blfs-wiki;/shadow"/></para>
83
84 </sect2>
85
86 <sect2 role="installation">
87 <title>Installation of Shadow</title>
88
89 <important>
90 <para>The installation shown below is for a situation where
91 <application>Linux-PAM</application> has been installed (with or
92 without a <application>CrackLib</application> installation) and
93 <application>Shadow</application> is being reinstalled to support the
94 <application>Linux-PAM</application> installation. If you are
95 reinstalling <application>Shadow</application> to provide strong
96 password support via the <application>CrackLib</application> library
97 and you have not installed <application>Linux-PAM</application>, ensure
98 you add the <parameter>--with-libcrack</parameter> parameter to the
99 <command>configure</command> script below.</para>
100 </important>
101
102 <para>Reinstall <application>Shadow</application> by running the following
103 commands:</para>
104
105<screen><userinput>patch -Np1 -i ../shadow-&shadow-version;-useradd_fix-2.patch &amp;&amp;
106
107./configure --libdir=/lib \
108 --sysconfdir=/etc \
109 --enable-shared \
110 --without-selinux &amp;&amp;
111
112sed -i 's/groups$(EXEEXT) //' src/Makefile &amp;&amp;
113find man -name Makefile -exec sed -i 's/groups\.1 / /' {} \; &amp;&amp;
114sed -i -e 's/ ko//' -e 's/ zh_CN zh_TW//' man/Makefile &amp;&amp;
115
116for i in de es fi fr id it pt_BR; do
117 convert-mans UTF-8 ISO-8859-1 man/${i}/*.?
118done &amp;&amp;
119
120for i in cs hu pl; do
121 convert-mans UTF-8 ISO-8859-2 man/${i}/*.?
122done &amp;&amp;
123
124convert-mans UTF-8 EUC-JP man/ja/*.? &amp;&amp;
125convert-mans UTF-8 KOI8-R man/ru/*.? &amp;&amp;
126convert-mans UTF-8 ISO-8859-9 man/tr/*.? &amp;&amp;
127
128make</userinput></screen>
129
130 <para>This package does not come with a test suite.</para>
131
132 <para>Now, as the <systemitem class="username">root</systemitem> user:</para>
133
134<screen role="root"><userinput>make install &amp;&amp;
135mv -v /usr/bin/passwd /bin &amp;&amp;
136mv -v /lib/libshadow.*a /usr/lib &amp;&amp;
137rm -v /lib/libshadow.so &amp;&amp;
138ln -v -sf ../../lib/libshadow.so.0 /usr/lib/libshadow.so</userinput></screen>
139
140 </sect2>
141
142 <sect2 role="commands">
143 <title>Command Explanations</title>
144
145 <!-- Removed the -with-libpam and -without-libcrack options from the
146 default as these are the defaults. Pam will automatically be picked
147 up if it is installed, and CrackLib won't be used unless specifically
148 requested via -with-libcrack
149 <para><parameter>-without-libcrack</parameter>: This switch tells
150 <application>Shadow</application> not to use
151 <filename class='libraryfile'>libcrack</filename>. This is desired as
152 <application>Linux-PAM</application> will provide
153 <filename class='libraryfile'>libcrack</filename> functionality.</para>
154 -->
155
156 <para><parameter>--without-selinux</parameter>: Support for selinux is
157 enabled by default, but selinux is not built in a base LFS system. The
158 <command>configure</command> script will fail if this option is not
159 used.</para>
160
161 <para><command>sed -i 's/groups$(EXEEXT) //' src/Makefile</command>: This
162 command is used to suppress the installation of the
163 <command>groups</command> program as the version from the
164 <application>Coreutils</application> package installed during LFS is
165 preferred.</para>
166
167 <para><command>find man -name Makefile -exec ... {} \;</command>: This
168 command is used to suppress the installation of the
169 <command>groups</command> man pages so the existing ones installed from
170 the <application>Coreutils</application> package are not replaced.</para>
171
172 <para><command>sed -i -e '...' -e '...' man/Makefile</command>: This
173 command disables the installation of Chinese and Korean manual pages, since
174 <application>Man-DB</application> cannot format them properly.</para>
175
176 <para><command>convert-mans ...</command>: These commands are used to
177 convert some of the man pages so that <application>Man-DB</application>
178 will display them in the expected encodings.</para>
179
180 <para><command>mv -v /usr/bin/passwd /bin</command>: The
181 <command>passwd</command> program may be needed during times when the
182 <filename class='directory'>/usr</filename> filesystem is not mounted so
183 it is moved into the root partition.</para>
184
185 <para><command>mv -v ...; rm -v ...; ln -v ...</command>: These commands
186 are used to move the <filename class='libraryfile'>libshadow</filename>
187 library to the root partition to support the moving of the
188 <command>passwd</command> program earlier.</para>
189
190 </sect2>
191
192 <sect2 role="configuration">
193 <title>Configuring Shadow</title>
194
195 <para><application>Shadow</application>'s stock configuration for the
196 <command>useradd</command> utility is not suitable for LFS systems. Use the
197 following commands as the <systemitem class="username">root</systemitem>
198 user to change the default home directory for new users and prevent the
199 creation of mail spool files:</para>
200
201<screen role="root"><userinput>useradd -D -b /home &amp;&amp;
202sed -i 's/yes/no/' /etc/default/useradd</userinput></screen>
203
204 </sect2>
205
206 <sect2 role="configuration">
207 <title>Configuring Linux-PAM to Work with Shadow</title>
208
209 <note>
210 <para>The rest of this page is devoted to configuring
211 <application>Shadow</application> to work properly with
212 <application>Linux-PAM</application>. If you do not have
213 <application>Linux-PAM</application> installed, and you reinstalled
214 <application>Shadow</application> to support strong passwords via
215 the <application>CrackLib</application> library, no further configuration
216 is required.</para>
217 </note>
218
219 <sect3 id="pam.d">
220 <title>Config Files</title>
221
222 <para><filename>/etc/pam.d/*</filename> or alternatively
223 <filename>/etc/pam.conf, /etc/login.defs and
224 /etc/security/*</filename></para>
225
226 <indexterm zone="shadow pam.d">
227 <primary sortas="e-etc-pam.d">/etc/pam.d/*</primary>
228 </indexterm>
229
230 <indexterm zone="shadow pam.d">
231 <primary sortas="e-etc-pam.conf">/etc/pam.conf</primary>
232 </indexterm>
233
234 <indexterm zone="shadow pam.d">
235 <primary sortas="e-etc-login.defs">/etc/login.defs</primary>
236 </indexterm>
237
238 <indexterm zone="shadow pam.d">
239 <primary sortas="e-etc-security">/etc/security/*</primary>
240 </indexterm>
241
242 </sect3>
243
244 <sect3>
245 <title>Configuration Information</title>
246
247 <para>Configuring your system to use <application>Linux-PAM</application>
248 can be a complex task. The information below will provide a basic setup
249 so that <application>Shadow</application>'s login and password
250 functionality will work effectively with
251 <application>Linux-PAM</application>. Review the information and links on
252 the <xref linkend="linux-pam"/> page for further configuration
253 information. For information specific to integrating
254 <application>Shadow</application>, <application>Linux-PAM</application>
255 and <application>CrackLib</application>, you can visit the following
256 links:</para>
257
258 <itemizedlist spacing="compact">
259 <listitem>
260 <para><ulink
261 url="http://www.kernel.org/pub/linux/libs/pam/Linux-PAM-html/pam-6.html#ss6.3"/></para>
262 </listitem>
263 <listitem>
264 <para><ulink
265 url="http://www.deer-run.com/~hal/sysadmin/pam_cracklib.html"/></para>
266 </listitem>
267 </itemizedlist>
268
269 <sect4 id="pam-login-defs">
270 <title>Configuring /etc/login.defs</title>
271
272 <para>The <command>login</command> program currently performs many
273 functions which <application>Linux-PAM</application> modules should
274 now handle. The following <command>sed</command> command will comment
275 out the appropriate lines in <filename>/etc/login.defs</filename>, and
276 stop <command>login</command> from performing these functions (a backup
277 file named <filename>/etc/login.defs.orig</filename> is also created
278 to preserve the original file's contents). Issue the following commands
279 as the <systemitem class="username">root</systemitem> user:</para>
280
281 <indexterm zone="shadow pam-login-defs">
282 <primary sortas="e-etc-login.defs">/etc/login.defs</primary>
283 </indexterm>
284
285<screen role="root"><userinput>install -v -m644 /etc/login.defs /etc/login.defs.orig &amp;&amp;
286for FUNCTION in LASTLOG_ENAB MAIL_CHECK_ENAB \
287 PORTTIME_CHECKS_ENAB CONSOLE \
288 MOTD_FILE NOLOGINS_FILE PASS_MIN_LEN \
289 SU_WHEEL_ONLY MD5_CRYPT_ENAB \
290 CONSOLE_GROUPS ENVIRON_FILE \
291 ULIMIT ENV_TZ ENV_HZ ENV_SUPATH \
292 ENV_PATH QMAIL_DIR MAIL_DIR MAIL_FILE \
293 CHFN_AUTH FAILLOG_ENAB QUOTAS_ENAB FTMP_FILE \
294 OBSCURE_CHECKS_ENAB CRACKLIB_DICTPATH \
295 PASS_CHANGE_TRIES PASS_ALWAYS_WARN ISSUE_FILE
296do
297 sed -i "s/^$FUNCTION/# &amp;/" /etc/login.defs
298done</userinput></screen>
299
300 <!-- Moved the commenting of these four parameters into the section
301 above. If PAM is installed, it complains if these are not commented
302 regardless if CrackLib is installed.
303
304 <para>If you have <application>CrackLib</application> installed,
305 also comment out four more lines using the following command as the
306 <systemitem class="username">root</systemitem> user:</para>
307
308<screen role="root"><userinput>for FUNCTION in OBSCURE_CHECKS_ENAB CRACKLIB_DICTPATH \
309 PASS_CHANGE_TRIES PASS_ALWAYS_WARN
310do
311 sed -i "s/^$FUNCTION/# &amp;/" /etc/login.defs
312done</userinput></screen>
313
314 -->
315
316 </sect4>
317
318 <sect4>
319 <title>Configuring the /etc/pam.d/ Files</title>
320
321 <para>As mentioned previously in the
322 <application>Linux-PAM</application> instructions,
323 <application>Linux-PAM</application> has two supported methods for
324 configuration. The commands below assume that you've chosen to use
325 a directory based configuration, where each program has its own
326 configuration file. You can optionally use a single
327 <filename>/etc/pam.conf</filename> configuration file by using the
328 text from the files below, and supplying the program name as an
329 additional first field for each line.</para>
330
331 <para>As the <systemitem class="username">root</systemitem> user,
332 create the <filename class="directory">/etc/pam.d</filename>
333 directory with the following command:</para>
334
335 <screen role="root"><userinput>install -v -d -m755 /etc/pam.d</userinput></screen>
336
337 <para>While still the <systemitem class="username">root</systemitem>
338 user, add the following <application>Linux-PAM</application>
339 configuration files to the
340 <filename class="directory">/etc/pam.d/</filename> directory (or
341 add the contents to the <filename>/etc/pam.conf</filename> file) with
342 the following commands:</para>
343
344 </sect4>
345
346 <sect4>
347 <title>'login' (with CrackLib)</title>
348
349<screen role="root"><userinput>cat &gt; /etc/pam.d/login &lt;&lt; "EOF"
350<literal># Begin /etc/pam.d/login
351
352auth requisite pam_nologin.so
353auth required pam_securetty.so
354auth required pam_unix.so
355account required pam_access.so
356account required pam_unix.so
357session required pam_env.so
358session required pam_motd.so
359session required pam_limits.so
360session optional pam_mail.so dir=/var/mail standard
361session optional pam_lastlog.so
362session required pam_unix.so
363password required pam_cracklib.so retry=3
364password required pam_unix.so md5 shadow use_authtok
365
366# End /etc/pam.d/login</literal>
367EOF</userinput></screen>
368
369 </sect4>
370
371 <sect4>
372 <title>'login' (without CrackLib)</title>
373
374<screen role="root"><userinput>cat &gt; /etc/pam.d/login &lt;&lt; "EOF"
375<literal># Begin /etc/pam.d/login
376
377auth requisite pam_nologin.so
378auth required pam_securetty.so
379auth required pam_env.so
380auth required pam_unix.so
381account required pam_access.so
382account required pam_unix.so
383session required pam_motd.so
384session required pam_limits.so
385session optional pam_mail.so dir=/var/mail standard
386session optional pam_lastlog.so
387session required pam_unix.so
388password required pam_unix.so md5 shadow
389
390# End /etc/pam.d/login</literal>
391EOF</userinput></screen>
392
393 </sect4>
394
395 <sect4>
396 <title>'passwd' (with CrackLib)</title>
397
398<screen role="root"><userinput>cat &gt; /etc/pam.d/passwd &lt;&lt; "EOF"
399<literal># Begin /etc/pam.d/passwd
400
401password required pam_cracklib.so type=Linux retry=1 \
402 difok=5 diffignore=23 minlen=9 \
403 dcredit=1 ucredit=1 lcredit=1 \
404 ocredit=1 \
405 dictpath=/lib/cracklib/pw_dict
406password required pam_unix.so md5 shadow use_authtok
407
408# End /etc/pam.d/passwd</literal>
409EOF</userinput></screen>
410
411 <note><para>In its default configuration, owing to credits,
412 pam_cracklib will allow multiple case passwords as short as 6
413 characters, even with the <parameter>minlen</parameter> value
414 set to 11. You should review the pam_cracklib(8) man page and
415 determine if these default values are acceptable for the security
416 of your system.</para></note>
417
418 </sect4>
419
420 <sect4>
421 <title>'passwd' (without CrackLib)</title>
422
423<screen role="root"><userinput>cat &gt; /etc/pam.d/passwd &lt;&lt; "EOF"
424<literal># Begin /etc/pam.d/passwd
425
426password required pam_unix.so md5 shadow
427
428# End /etc/pam.d/passwd</literal>
429EOF</userinput></screen>
430
431 </sect4>
432
433 <sect4>
434 <title>'su'</title>
435
436<screen role="root"><userinput>cat &gt; /etc/pam.d/su &lt;&lt; "EOF"
437<literal># Begin /etc/pam.d/su
438
439auth sufficient pam_rootok.so
440auth required pam_unix.so
441account required pam_unix.so
442session optional pam_mail.so dir=/var/mail standard
443session optional pam_xauth.so
444session required pam_env.so
445session required pam_unix.so
446
447# End /etc/pam.d/su</literal>
448EOF</userinput></screen>
449
450 </sect4>
451
452 <sect4>
453 <title>'chage'</title>
454
455<screen role="root"><userinput>cat &gt; /etc/pam.d/chage &lt;&lt; "EOF"
456<literal># Begin /etc/pam.d/chage
457
458auth sufficient pam_rootok.so
459auth required pam_unix.so
460account required pam_unix.so
461session required pam_unix.so
462password required pam_permit.so
463
464# End /etc/pam.d/chage</literal>
465EOF</userinput></screen>
466
467 </sect4>
468
469 <sect4>
470 <title>'chpasswd', 'chgpasswd', 'groupadd', 'groupdel', 'groupmems',
471 'groupmod', 'newusers', 'useradd', 'userdel', and 'usermod'</title>
472
473<screen role="root"><userinput>for PROGRAM in chpasswd chgpasswd groupadd groupdel groupmems \
474 groupmod newusers useradd userdel usermod
475do
476 install -v -m644 /etc/pam.d/chage /etc/pam.d/$PROGRAM
477 sed -i "s/chage/$PROGRAM/" /etc/pam.d/$PROGRAM
478done</userinput></screen>
479
480 <warning>
481 <para>At this point, you should do a simple test to see if
482 <application>Shadow</application> is working as expected. Open
483 another terminal and log in as a user, then <command>su</command> to
484 <systemitem class="username">root</systemitem>. If you do not see any
485 errors, then all is well and you should proceed with the rest of the
486 configuration. If you did receive errors, stop now and double check
487 the above configuration files manually. You can also run the test
488 suite from the <application>Linux-PAM</application> package to assist
489 you in determining the problem. If you cannot find and
490 fix the error, you should recompile <application>Shadow</application>
491 replacing <option>--with-libpam</option> with
492 <option>--without-libpam</option> in the above instructions (also move
493 the <filename>/etc/login.defs.orig</filename> backup file to
494 <filename>/etc/login.defs</filename>). If you
495 fail to do this and the errors remain, you will be unable to log into
496 your system.</para>
497 </warning>
498
499 </sect4>
500
501 <sect4>
502 <title>Other</title>
503
504 <para>Currently, <filename>/etc/pam.d/other</filename> is configured
505 to allow anyone with an account on the machine to use PAM-aware
506 programs without a configuration file for that program. After testing
507 <application>Linux-PAM</application> for proper configuration, install
508 a more restrictive <filename>other</filename> file so that
509 program-specific configuration files are required:</para>
510
511<screen role="root"><userinput>cat &gt; /etc/pam.d/other &lt;&lt; "EOF"
512<literal># Begin /etc/pam.d/other
513
514auth required pam_deny.so
515auth required pam_warn.so
516account required pam_deny.so
517session required pam_deny.so
518password required pam_deny.so
519password required pam_warn.so
520
521# End /etc/pam.d/other</literal>
522EOF</userinput></screen>
523
524 <para>If you preserved the source tree from the
525 <application>Linux-PAM</application> package (or you feel like unpacking
526 that tarball, then running <command>configure</command> and
527 <command>make</command>), now would be a good time to run the test
528 suite from this package. This test suite will use the configuration you
529 just finished during the tests. All the tests should pass.</para>
530
531 </sect4>
532
533 <sect4 id="pam-access">
534 <title>Configuring Login Access</title>
535
536 <para>Instead of using the <filename>/etc/login.access</filename>
537 file for controlling access to the system,
538 <application>Linux-PAM</application> uses the
539 <filename class='libraryfile'>pam_access.so</filename> module along
540 with the <filename>/etc/security/access.conf</filename> file. Rename
541 the <filename>/etc/login.access</filename> file using the following
542 command:</para>
543
544 <indexterm zone="shadow pam-access">
545 <primary sortas="e-etc-security-access.conf">/etc/security/access.conf</primary>
546 </indexterm>
547
548<screen role="root"><userinput>if [ -f /etc/login.access ]; then
549 mv -v /etc/login.access /etc/login.access.NOUSE
550fi</userinput></screen>
551
552 </sect4>
553
554 <sect4 id="pam-limits">
555 <title>Configuring Resource Limits</title>
556
557 <para>Instead of using the <filename>/etc/limits</filename> file
558 for limiting usage of system resources,
559 <application>Linux-PAM</application> uses the
560 <filename class='libraryfile'>pam_limits.so</filename> module along
561 with the <filename>/etc/security/limits.conf</filename> file. Rename
562 the <filename>/etc/limits</filename> file using the following
563 command:</para>
564
565 <indexterm zone="shadow pam-limits">
566 <primary sortas="e-etc-security-limits.conf">/etc/security/limits.conf</primary>
567 </indexterm>
568
569<screen role="root"><userinput>if [ -f /etc/limits ]; then
570 mv -v /etc/limits /etc/limits.NOUSE
571fi</userinput></screen>
572
573 </sect4>
574
575 <sect4 id="pam-env">
576 <title>Configuring Default Environment</title>
577
578 <para>During previous configuration, several items were removed from
579 <filename>/etc/login.defs</filename>. Some of these items are now
580 controlled by the <filename class='libraryfile'>pam_env.so</filename>
581 module and the <filename>/etc/security/pam_env.conf</filename>
582 configuration file. In particular, the default path has been
583 changed. To recover your default path, execute the following
584 commands:</para>
585
586<screen role="root"><userinput>ENV_PATH=`grep '^ENV_PATH' /etc/login.defs.orig | \
587 awk '{ print $2 }' | sed 's/PATH=//'` &amp;&amp;
588echo 'PATH DEFAULT='`echo "${ENV_PATH}"`\
589' OVERRIDE=${PATH}' \
590 >> /etc/security/pam_env.conf &amp;&amp;
591unset ENV_PATH</userinput></screen>
592
593 <note>
594 <para>ENV_SUPATH is no longer supported. You must create
595 a valid <filename>/root/.bashrc</filename> file to provide a
596 modified path for the super-user.</para>
597 </note>
598
599 </sect4>
600
601 </sect3>
602
603 </sect2>
604
605 <sect2 role="content">
606 <title>Contents</title>
607
608 <para>A list of the installed files, along with their short descriptions
609 can be found at
610 <ulink url="&lfs-root;/chapter06/shadow.html#contents-shadow"/>.</para>
611
612 </sect2>
613
614</sect1>
Note: See TracBrowser for help on using the repository browser.