Changeset 5443006d for postlfs/security/shadow.xml
- Timestamp:
- 03/11/2012 12:39:56 PM (12 years ago)
- Branches:
- 10.0, 10.1, 11.0, 11.1, 11.2, 11.3, 12.0, 12.1, 7.10, 7.4, 7.5, 7.6, 7.6-blfs, 7.6-systemd, 7.7, 7.8, 7.9, 8.0, 8.1, 8.2, 8.3, 8.4, 9.0, 9.1, basic, bdubbs/svn, elogind, gnome, kde5-13430, kde5-14269, kde5-14686, kea, ken/TL2024, ken/inkscape-core-mods, ken/tuningfonts, krejzi/svn, lazarus, lxqt, nosym, perl-modules, plabs/newcss, plabs/python-mods, python3.11, qt5new, rahul/power-profiles-daemon, renodr/vulkan-addition, systemd-11177, systemd-13485, trunk, upgradedb, xry111/intltool, xry111/llvm18, xry111/soup3, xry111/test-20220226, xry111/xf86-video-removal
- Children:
- 14aeac4
- Parents:
- b7a53c2
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
postlfs/security/shadow.xml
rb7a53c2 r5443006d 7 7 <!ENTITY shadow-download-http "http://pkg-shadow.alioth.debian.org/releases/shadow-&shadow-version;.tar.bz2 "> 8 8 <!ENTITY shadow-download-ftp " "> 9 <!ENTITY shadow-md5sum " b8608d8294ac88974f27b20f991c0e79">10 <!ENTITY shadow-size " 1.8MB">11 <!ENTITY shadow-buildsize "3 0MB">9 <!ENTITY shadow-md5sum "d5f7a588fadb79faeb4b08b1eee82e9a"> 10 <!ENTITY shadow-size "2.1 MB"> 11 <!ENTITY shadow-buildsize "35 MB"> 12 12 <!ENTITY shadow-time "0.3 SBU"> 13 13 ]> … … 47 47 <para>Download (HTTP): <ulink url="&shadow-download-http;"/></para> 48 48 </listitem> 49 <listitem>49 <!-- <listitem> 50 50 <para>Download (FTP): <ulink url="&shadow-download-ftp;"/></para> 51 </listitem> 51 </listitem> --> 52 52 <listitem> 53 53 <para>Download MD5 sum: &shadow-md5sum;</para> … … 64 64 </itemizedlist> 65 65 66 < !-- <bridgehead renderas="sect3">Additional Downloads</bridgehead>66 <bridgehead renderas="sect3">Additional Downloads</bridgehead> 67 67 <itemizedlist spacing='compact'> 68 68 <listitem> 69 69 <para>Required patch: <ulink 70 url="&patch-root;/shadow-&shadow-version;-useradd_fix-2.patch"/></para> 70 url="http://www.&lfs-domainname;/patches/lfs/development/shadow-&shadow-version;-nscd-1.patch"/> 71 </para> 71 72 </listitem> 72 </itemizedlist> -->73 </itemizedlist> 73 74 74 75 <bridgehead renderas="sect3">Shadow Dependencies</bridgehead> 75 76 76 77 <bridgehead renderas="sect4">Required</bridgehead> 77 <para role="required"><xref linkend="linux-pam"/> and/or78 <para role="required"><xref linkend="linux-pam"/> or 78 79 <xref linkend="cracklib"/></para> 79 80 … … 107 108 commands:</para> 108 109 109 <screen><userinput>sed -i 's/groups$(EXEEXT) //' src/Makefile.in 110 <screen><userinput>sed -i 's/groups$(EXEEXT) //' src/Makefile.in && 110 111 find man -name Makefile.in -exec sed -i 's/groups\.1 / /' {} \; && 111 sed -i -e 's/ ko//' -e 's/ zh_CN zh_TW//' man/Makefile.in 112 sed -i -e 's/ ko//' -e 's/ zh_CN zh_TW//' man/Makefile.in && 112 113 113 114 sed -i -e 's@#ENCRYPT_METHOD DES@ENCRYPT_METHOD SHA512@' \ 114 -e 's@/var/spool/mail@/var/mail@' etc/login.defs && 115 116 ./configure --sysconfdir=/etc && 115 -e 's@/var/spool/mail@/var/mail@' etc/login.defs && 116 117 sed -i -e 's@PATH=/sbin:/bin:/usr/sbin:/usr/bin@&:/usr/local/sbin:/usr/local/bin@' \ 118 -e 's@PATH=/bin:/usr/bin@&:/usr/local/bin@' etc/login.defs && 119 120 patch -Np1 -i ../shadow-&shadow-version;-nscd-1.patch && 121 122 ./configure --prefix=/usr --sysconfdir=/etc \ 123 --without-acl --without-attr && 117 124 make</userinput></screen> 118 125 … … 144 151 <application>Man-DB</application> cannot format them properly.</para> 145 152 146 <para><command>sed -i -e 's@#ENCRYPT_METHOD DES@ENCRYPT_METHOD SHA512 '153 <para><command>sed -i -e 's@#ENCRYPT_METHOD DES@ENCRYPT_METHOD SHA512@' 147 154 -e 's@/var/spool/mail@/var/mail@' etc/login.defs</command>: 148 Instead of using the default ' crypt' method, this command modifies the155 Instead of using the default 'DES' method, this command modifies the 149 156 installation to use the more secure 'SHA512' method of hashing passwords, 150 157 which also allows passwords longer than eight characters. It also changes … … 153 160 default to the <filename class="directory">/var/mail</filename> 154 161 location.</para> 162 163 <para><command>sed -i -e 164 's@PATH=/sbin:/bin:/usr/sbin:/usr/bin@&:/usr/local/sbin:/usr/local/bin@' 165 -e 's@PATH=/bin:/usr/bin@&:/usr/local/bin@' etc/login.defs</command>: 166 This sed expands PATH to <filename class="directory">/usr/local/bin</filename> 167 for normal and <systemitem class="username">root</systemitem> user and to 168 <filename class="directory">/usr/local/sbin</filename> for 169 <systemitem class="username">root</systemitem> user only.</para> 170 171 <para><command>--without-acl</command>: Disables linking with <xref linkend="acl"/> 172 since <application>Shadow</application> fails to compile if it is present.</para> 173 174 <para><command>--without-attr</command>: Disables linking with <xref linkend="attr"/> 175 since <application>Shadow</application> fails to compile if it is present.</para> 155 176 156 177 <para><command>mv -v /usr/bin/passwd /bin</command>: The … … 228 249 <application>Shadow</application>, <application>Linux-PAM</application> 229 250 and <application>CrackLib</application>, you can visit the following 230 link s:</para>251 link:</para> 231 252 232 253 <itemizedlist spacing="compact"> 233 <listitem>234 <para><ulink235 url="http://www.kernel.org/pub/linux/libs/pam/Linux-PAM-html/sag-pam_cracklib.html"/></para>236 </listitem>237 254 <listitem> 238 255 <para><ulink … … 258 275 259 276 <screen role="root"><userinput>install -v -m644 /etc/login.defs /etc/login.defs.orig && 260 for FUNCTION in LASTLOG_ENAB MAIL_CHECK_ENAB \ 261 PORTTIME_CHECKS_ENAB CONSOLE \ 262 MOTD_FILE NOLOGINS_FILE PASS_MIN_LEN \ 263 SU_WHEEL_ONLY MD5_CRYPT_ENAB \ 264 CONSOLE_GROUPS ENVIRON_FILE \ 265 ULIMIT ENV_TZ ENV_HZ ENV_SUPATH \ 266 ENV_PATH QMAIL_DIR MAIL_DIR MAIL_FILE \ 267 CHFN_AUTH FAILLOG_ENAB QUOTAS_ENAB FTMP_FILE \ 268 OBSCURE_CHECKS_ENAB CRACKLIB_DICTPATH \ 269 PASS_CHANGE_TRIES PASS_ALWAYS_WARN ISSUE_FILE 277 for FUNCTION in FAIL_DELAY LASTLOG_ENAB \ 278 MAIL_CHECK_ENAB \ 279 OBSCURE_CHECKS_ENAB \ 280 PORTTIME_CHECKS_ENAB \ 281 CONSOLE MOTD_FILE \ 282 NOLOGINS_FILE ENV_HZ \ 283 SU_WHEEL_ONLY \ 284 CRACKLIB_DICTPATH \ 285 SYS_UID_MIN SYS_UID_MAX \ 286 SYS_GID_MIN SYS_GID_MAX \ 287 PASS_CHANGE_TRIES \ 288 PASS_ALWAYS_WARN \ 289 CHFN_AUTH ENVIRON_FILE 270 290 do 271 291 sed -i "s/^$FUNCTION/# &/" /etc/login.defs … … 420 440 #session optional pam_mail.so standard quiet 421 441 422 # Use xauth keys (if available)423 session optional pam_xauth.so424 425 442 # include the default session and password settings 426 443 session include system-session … … 457 474 # include the default account settings 458 475 account include system-account 459 460 # Use xauth keys (if available)461 session optional pam_xauth.so462 476 463 477 # Set default environment variables for the service user … … 596 610 </sect4> 597 611 598 <sect4 id="pam-env">599 <title>Configuring Default Environment</title>600 601 <para>During previous configuration, several items were removed from602 <filename>/etc/login.defs</filename>. Some of these items are now603 controlled by the <filename class='libraryfile'>pam_env.so</filename>604 module and the <filename>/etc/security/pam_env.conf</filename>605 configuration file. In particular, the default path has been606 changed. To recover your default path, execute the following607 commands:</para>608 609 <screen role="root"><userinput>ENV_PATH=`grep '^ENV_PATH' /etc/login.defs.orig | \610 awk '{ print $2 }' | sed 's/PATH=//'` &&611 echo 'PATH DEFAULT='`echo "${ENV_PATH}"`\612 ' OVERRIDE=${PATH}' \613 >> /etc/security/pam_env.conf &&614 unset ENV_PATH</userinput></screen>615 616 <note>617 <para>The ENV_SUPATH option used to modify root's default path618 does not work with PAM. You have to set the path in root's login619 scripts instead.620 </para>621 </note>622 623 </sect4>624 625 612 </sect3> 626 613
Note:
See TracChangeset
for help on using the changeset viewer.