Changeset 7e11b83c


Ignore:
Timestamp:
06/09/2020 06:16:16 PM (16 months ago)
Author:
Douglas R. Reno <renodr@…>
Branches:
10.0, 10.1, 11.0, ken/refactor-virt, lazarus, qt5new, trunk, xry111/git-date, xry111/git-date-for-trunk, xry111/git-date-test
Children:
edcb4a5
Parents:
50c4929
Message:

Update to Linux-PAM-1.4.0
Update text on the libpwquality page to mention that pam_cracklib is now obsolete, and libpwquality is the intended replacement. See Ticket #13651
Move libpwquality.so.* to /lib

git-svn-id: svn://svn.linuxfromscratch.org/BLFS/trunk/BOOK@23270 af4574ff-66df-0310-9fd7-8a98e5e911e0

Files:
5 edited

Legend:

Unmodified
Added
Removed
  • general.ent

    r50c4929 r7e11b83c  
    11<!-- $LastChangedBy$ $Date$ -->
    22
    3 <!ENTITY day          "08">                   <!-- Always 2 digits -->
     3<!ENTITY day          "09">                   <!-- Always 2 digits -->
    44<!ENTITY month        "06">                   <!-- Always 2 digits -->
    55<!ENTITY year         "2020">
     
    77<!ENTITY copyholder   "The BLFS Development Team">
    88<!ENTITY version      "&year;-&month;-&day;">
    9 <!ENTITY releasedate  "June 8th, &year;">
     9<!ENTITY releasedate  "June 9th, &year;">
    1010<!ENTITY pubdate      "&year;-&month;-&day;"> <!-- metadata req. by TLDP -->
    1111<!ENTITY blfs-version "svn">                  <!-- svn|[release #] -->
  • introduction/welcome/changelog.xml

    r50c4929 r7e11b83c  
    4343    -->
    4444    <listitem>
     45      <para>June 9th, 2020</para>
     46      <itemizedlist>
     47        <listitem>
     48          <para>[renodr] - Update to Linux-PAM-1.4.0. Fixes
     49          <ulink url="&blfs-ticket-root;13651">#13651</ulink>.</para>
     50        </listitem>
     51        <listitem>
     52          <para>[renodr] - Move the libpwquality.so library to /lib because
     53          it is now used as an authentication module and should be available
     54          if /usr is on a separate filesystem.</para>
     55        </listitem>
     56      </itemizedlist>
     57    </listitem>
     58
     59    <listitem>
    4560      <para>June 8th, 2020</para>
    4661      <itemizedlist>
  • packages.ent

    r50c4929 r7e11b83c  
    1919<!ENTITY libcap-version               "2.36">
    2020<!ENTITY liboauth-version             "1.0.3">
    21 <!ENTITY linux-pam-version            "1.3.1">
    22 <!ENTITY linux-pam-docs-version       "1.3.1">
     21<!ENTITY linux-pam-version            "1.4.0">
     22<!ENTITY linux-pam-docs-version       "1.4.0">
    2323<!ENTITY libpwquality-version         "1.4.2">
    2424<!ENTITY make-ca-version              "1.7">
  • postlfs/security/libpwquality.xml

    r50c4929 r7e11b83c  
    116116      Now, as the <systemitem class="username">root</systemitem> user:
    117117    </para>
    118 
    119 <screen role="root"><userinput>make install</userinput></screen>
     118   
     119<screen role="root"><userinput>make install                          &amp;&amp;
     120
     121mv -v /usr/lib/libpwquality.so.* /lib &amp;&amp;
     122ln -sfv ../../lib/$(readlink /usr/lib/libpwquality.so) /usr/lib/libpwquality.so</userinput></screen>
    120123
    121124  </sect2>
     
    129132      is <parameter>python</parameter>, and requires <xref linkend="python2"/>.
    130133    </para>
     134
    131135  </sect2>
    132136
     
    134138    <title>Configuring libpwquality</title>
    135139
     140<!--
    136141    <para>
    137142      <application>libpwquality</application> is intended to be a
     
    141146      <filename>pam_pwquality.so</filename> module, execute the following
    142147      commands as the <systemitem class="username">root</systemitem> user:
     148    </para>
     149-->
     150
     151    <para>
     152      <application>libpwquality</application> is intended to be a
     153      functional replacement for the now-obsolete
     154      <filename>pam_cracklib.so</filename> PAM module. To configure the system
     155      to use the <filename>pam_pwquality</filename> module, execute the
     156      following commands as the
     157      <systemitem class="username">root</systemitem> user:
    143158    </para>
    144159
  • postlfs/security/linux-pam.xml

    r50c4929 r7e11b83c  
    77  <!ENTITY linux-pam-download-http "https://github.com/linux-pam/linux-pam/releases/download/v&linux-pam-version;/Linux-PAM-&linux-pam-version;.tar.xz">
    88  <!ENTITY linux-pam-download-ftp  " ">
    9   <!ENTITY linux-pam-md5sum        "558ff53b0fc0563ca97f79e911822165">
    10   <!ENTITY linux-pam-size          "892 MB">
    11   <!ENTITY linux-pam-buildsize     "26 MB (with tests)">
     9  <!ENTITY linux-pam-md5sum        "39fca0523bccec6af4b63b5322276c84">
     10  <!ENTITY linux-pam-size          "968 KB">
     11  <!ENTITY linux-pam-buildsize     "37 MB (with tests)">
    1212  <!ENTITY linux-pam-time          "0.3 SBU (with tests)">
    1313
    1414  <!ENTITY linux-pam-docs-download "https://github.com/linux-pam/linux-pam/releases/download/v&linux-pam-version;/Linux-PAM-&linux-pam-docs-version;-docs.tar.xz">
    15   <!ENTITY linux-pam-docs-md5sum   "1885fae049acd1b699a5459d7c4a0130">
    16   <!ENTITY linux-pam-docs-size     "449 KB">
     15  <!ENTITY linux-pam-docs-md5sum   "3440e619ff29074eb977a2ca6e34525a">
     16  <!ENTITY linux-pam-docs-size     "468 KB">
    1717  <!--
    1818  <!ENTITY debian-pam-docs         "http://debian.securedservers.com/kernel/pub/linux/libs/pam">
     
    105105    <para role="optional">
    106106      <xref linkend="db"/>,
    107       <xref linkend="cracklib"/>,
    108       <xref linkend="libtirpc"/> and
     107      <xref linkend="libnsl"/>,
     108      <xref linkend="libpwquality"/>,
     109      <xref linkend="libtirpc"/>,
     110      <ulink url="https://github.com/linux-audit/audit-userspace">libaudit</ulink>, and
    109111      <ulink url="http://www.prelude-siem.org">Prelude</ulink>
    110112    </para>
     
    149151    </para>
    150152
    151 <screen><userinput>sed -e 's/dummy links/dummy lynx/'                                     \
     153<screen><userinput>sed -e 's/dummy elinks/dummy lynx/'                                     \
    152154    -e 's/-no-numbering -no-references/-force-html -nonumbers -stdin/' \
    153155    -i configure</userinput></screen>
     
    331333
    332334# End /etc/pam.d/system-session</literal>
    333 EOF</userinput></screen>
    334 
     335EOF
     336cat &gt; /etc/pam.d/system-password &lt;&lt; "EOF"
     337<literal># Begin /etc/pam.d/system-password
     338
     339# use sha512 hash for encryption, use shadow, and try to use any previously
     340# defined authentication token (chosen password) set by any prior module
     341password  required    pam_unix.so       sha512 shadow try_first_pass
     342
     343# End /etc/pam.d/system-password</literal>
     344EOF
     345</userinput></screen>
     346
     347     <para>
     348       If you wish to enable strong password support, install
     349       <xref linkend="libpwquality"/>, and follow the
     350       instructions in that page to configure the pam_pwquality
     351       PAM module with strong password support.
     352     </para>
     353
     354<!-- With the removal of the pam_cracklib module, we're supposed to be using
     355     libpwquality. That already includes instructions in it's configuration
     356     information page, so we'll use those instead.
     357
     358     Linux-PAM must be installed prior to libpwquality so that PAM support
     359     is built in, and the PAM module is built.
     360-->
     361<!--
    335362      <para>
    336363        The remaining generic file depends on whether <xref
     
    380407# End /etc/pam.d/system-password</literal>
    381408EOF</userinput></screen>
    382 
     409-->
    383410      <para>
    384411        Now add a restrictive <filename>/etc/pam.d/other</filename>
     
    435462      <seglistitem>
    436463        <seg>
    437           mkhomedir_helper, pam_tally, pam_tally2,
     464          faillock, mkhomedir_helper,
    438465          pam_timestamp_check, unix_chkpwd and
    439466          unix_update
     
    456483      <?dbhtml list-presentation="table"?>
    457484
     485      <varlistentry id="faillock">
     486        <term><command>faillock</command></term>
     487        <listitem>
     488          <para>
     489            displays and modifies the authentication failure record files.
     490          </para>
     491          <indexterm zone="linux-pam faillock">
     492            <primary sortas="b-faillock">faillock</primary>
     493          </indexterm>
     494        </listitem>
     495      </varlistentry>
     496
    458497      <varlistentry id="mkhomedir_helper">
    459498        <term><command>mkhomedir_helper</command></term>
     
    468507      </varlistentry>
    469508
     509<!-- Removed with the removal of the pam_tally{,2} module
    470510      <varlistentry id="pam_tally">
    471511        <term><command>pam_tally</command></term>
     
    493533        </listitem>
    494534      </varlistentry>
     535-->
    495536
    496537      <varlistentry id="pam_timestamp_check">
Note: See TracChangeset for help on using the changeset viewer.