Changeset 5fc45b2d
- Timestamp:
- 10/23/2022 05:38:01 PM (18 months ago)
- Branches:
- 11.3, 12.0, 12.1, kea, ken/TL2024, ken/inkscape-core-mods, ken/tuningfonts, lazarus, lxqt, plabs/newcss, plabs/python-mods, python3.11, qt5new, rahul/power-profiles-daemon, renodr/vulkan-addition, trunk, xry111/llvm18, xry111/xf86-video-removal
- Children:
- aa3cf5b
- Parents:
- f9e1bc3 (diff), 7f70be6 (diff)
Note: this is a merge changeset, the changes displayed below correspond to the merge itself.
Use the(diff)
links above to see all the changes relative to each parent. - File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
postlfs/security/linux-pam.xml
rf9e1bc3 r5fc45b2d 38 38 <para> 39 39 The <application>Linux PAM</application> package contains 40 Pluggable Authentication Modules used to enablethe local41 system administrator to c hoose how applications authenticate40 Pluggable Authentication Modules used by the local 41 system administrator to control how application programs authenticate 42 42 users. 43 43 </para> … … 124 124 <xref role="runtime" linkend="shadow"/> 125 125 <phrase revision="systemd"> and <xref role="runtime" linkend="systemd"/> 126 need</phrase><phrase revision="sysv">needs</phrase> to be reinstalled 126 must</phrase><phrase revision="sysv">must</phrase> be reinstalled 127 and reconfigured 127 128 after installing and configuring <application>Linux PAM</application>. 128 129 </para> … … 130 131 <para role="recommended"> 131 132 With Linux-PAM-1.4.0 and higher, the pam_cracklib module is not 132 installed by default. To enforce strong passwords, it is recommended133 to use <xref role="runtime" linkend="libpwquality"/>.133 installed by default. Use <xref role="runtime" linkend="libpwquality"/> 134 to enforce strong passwords. 134 135 </para> 135 136 </note> … … 144 145 145 146 <para revision="sysv"> 146 First prevent the installation of an unneeded systemd file:147 First, prevent the installation of an unneeded systemd file: 147 148 </para> 148 149 … … 159 160 160 161 <para> 161 If you instead want to regenerate the documentation, fix the162 <command>configure</command> script so that it detects lynx if installed:162 If you want to regenerate the documentation yourself, fix the 163 <command>configure</command> script so it will detect lynx: 163 164 </para> 164 165 … … 168 169 169 170 <para> 170 Install<application>Linux PAM</application> by171 Compile and link <application>Linux PAM</application> by 171 172 running the following commands: 172 173 </para> … … 186 187 187 188 <caution> 188 <title>Reinstallation or upgrade of Linux PAM</title>189 <title>Reinstallation or Upgrade of Linux PAM</title> 189 190 <para> 190 191 If you have a system with Linux PAM installed and working, be careful … … 193 194 may become totally unusable. If you want to run the tests, you do not 194 195 need to create another <filename>/etc/pam.d/other</filename> file. The 195 installed one can be used for that purpose.196 existing file can be used for the tests. 196 197 </para> 197 198 … … 200 201 overwrites the configuration files in 201 202 <filename class="directory">/etc/security</filename> as well as 202 <filename>/etc/environment</filename>. I n caseyou203 <filename>/etc/environment</filename>. If you 203 204 have modified those files, be sure to back them up. 204 205 </para> … … 206 207 207 208 <para> 208 For a first installation, create theconfiguration file by issuing the209 For a first-time installation, create a configuration file by issuing the 209 210 following commands as the <systemitem class="username">root</systemitem> 210 211 user: … … 222 223 <para> 223 224 Now run the tests by issuing <command>make check</command>. 224 Ensure there are no errors produced by the tests before continuing the225 installation. Note that the checks are quite long. It may be useful to226 redirect the output to a log file in order toinspect it thoroughly.227 </para> 228 229 <para> 230 Only in case of a firstinstallation, remove the configuration file225 Be sure the tests produced no errors before continuing the 226 installation. Note that the tests are very long. 227 Redirect the output to a log file, so you can inspect it thoroughly. 228 </para> 229 230 <para> 231 For a first-time installation, remove the configuration file 231 232 created earlier by issuing the following command as the 232 233 <systemitem class="username">root</systemitem> user: … … 259 260 linkend="libxslt"/>, and <xref linkend="lynx"/> or <ulink 260 261 url="&w3m-url;">W3m</ulink>) are installed, the manual pages, and the 261 html and text documentation s are (re)generated and installed.262 html and text documentation files, are generated and installed. 262 263 Furthermore, if <xref linkend="fop"/> is installed, the PDF 263 264 documentation is generated and installed. Use this switch if you do not … … 267 268 <para> 268 269 <command>chmod -v 4755 /usr/sbin/unix_chkpwd</command>: 269 The <command>unix_chkpwd</command> helper program must be setuid270 so that non-<systemitem class="username">root</systemitem>270 The setuid bit for the <command>unix_chkpwd</command> helper program must be 271 turned on, so that non-<systemitem class="username">root</systemitem> 271 272 processes can access the shadow file. 272 273 </para> … … 278 279 279 280 <sect3 id="pam-config"> 280 <title>Config Files</title>281 <title>Configuration Files</title> 281 282 282 283 <para> … … 301 302 Configuration information is placed in 302 303 <filename class="directory">/etc/pam.d/</filename>. 303 Below is an example file:304 Here is a sample file: 304 305 </para> 305 306 … … 314 315 315 316 <para> 316 Now set up some genericfiles. As the317 Now create some generic configuration files. As the 317 318 <systemitem class="username">root</systemitem> user: 318 319 </para> … … 356 357 If you wish to enable strong password support, install 357 358 <xref linkend="libpwquality"/>, and follow the 358 instructions in that page to configure the pam_pwquality359 instructions on that page to configure the pam_pwquality 359 360 PAM module with strong password support. 360 361 </para> 361 362 362 363 <!-- With the removal of the pam_cracklib module, we're supposed to be using 363 libpwquality. That already includes instructions in it 's configuration364 libpwquality. That already includes instructions in its configuration 364 365 information page, so we'll use those instead. 365 366 … … 417 418 --> 418 419 <para> 419 N owadd a restrictive <filename>/etc/pam.d/other</filename>420 Next, add a restrictive <filename>/etc/pam.d/other</filename> 420 421 configuration file. With this file, programs that are PAM aware will 421 422 not run unless a configuration file specifically for that application 422 is created.423 exists. 423 424 </para> 424 425 … … 440 441 <para> 441 442 The <application>PAM</application> man page (<command>man 442 pam</command>) provides a good starting point for descriptions 443 of fields and allowable entries. 444 <!-- not accessible 2022-09-08 443 pam</command>) provides a good starting point to learn 444 about the several fields, and allowable entries. 445 <!-- not accessible 2022-09-08 --> 446 <!-- it's available at a different address 2022-10-23--> 445 447 The 446 <ulink url="http ://www.linux-pam.org/Linux-PAM-html/Linux-PAM_SAG.html">448 <ulink url="https://www.docs4dev.com/docs/en/linux-pam/1.1.2/reference/Linux-PAM_SAG.html"> 447 449 Linux-PAM System Administrators' Guide 448 </ulink> is recommended for additional information. -->450 </ulink> is recommended for additional information. 449 451 </para> 450 452
Note:
See TracChangeset
for help on using the changeset viewer.