- Timestamp:
- 06/09/2020 06:16:16 PM (4 years ago)
- Branches:
- 10.0, 10.1, 11.0, 11.1, 11.2, 11.3, 12.0, 12.1, kea, ken/TL2024, ken/inkscape-core-mods, ken/tuningfonts, lazarus, lxqt, plabs/newcss, plabs/python-mods, python3.11, qt5new, rahul/power-profiles-daemon, renodr/vulkan-addition, trunk, upgradedb, xry111/intltool, xry111/llvm18, xry111/soup3, xry111/test-20220226, xry111/xf86-video-removal
- Children:
- edcb4a5
- Parents:
- 50c49293
- Location:
- postlfs/security
- Files:
-
- 2 edited
-
libpwquality.xml (modified) (4 diffs)
-
linux-pam.xml (modified) (9 diffs)
Legend:
- Unmodified
- Added
- Removed
-
postlfs/security/libpwquality.xml
r50c49293 r7e11b83c 116 116 Now, as the <systemitem class="username">root</systemitem> user: 117 117 </para> 118 119 <screen role="root"><userinput>make install</userinput></screen> 118 119 <screen role="root"><userinput>make install && 120 121 mv -v /usr/lib/libpwquality.so.* /lib && 122 ln -sfv ../../lib/$(readlink /usr/lib/libpwquality.so) /usr/lib/libpwquality.so</userinput></screen> 120 123 121 124 </sect2> … … 129 132 is <parameter>python</parameter>, and requires <xref linkend="python2"/>. 130 133 </para> 134 131 135 </sect2> 132 136 … … 134 138 <title>Configuring libpwquality</title> 135 139 140 <!-- 136 141 <para> 137 142 <application>libpwquality</application> is intended to be a … … 141 146 <filename>pam_pwquality.so</filename> module, execute the following 142 147 commands as the <systemitem class="username">root</systemitem> user: 148 </para> 149 --> 150 151 <para> 152 <application>libpwquality</application> is intended to be a 153 functional replacement for the now-obsolete 154 <filename>pam_cracklib.so</filename> PAM module. To configure the system 155 to use the <filename>pam_pwquality</filename> module, execute the 156 following commands as the 157 <systemitem class="username">root</systemitem> user: 143 158 </para> 144 159 -
postlfs/security/linux-pam.xml
r50c49293 r7e11b83c 7 7 <!ENTITY linux-pam-download-http "https://github.com/linux-pam/linux-pam/releases/download/v&linux-pam-version;/Linux-PAM-&linux-pam-version;.tar.xz"> 8 8 <!ENTITY linux-pam-download-ftp " "> 9 <!ENTITY linux-pam-md5sum " 558ff53b0fc0563ca97f79e911822165">10 <!ENTITY linux-pam-size " 892 MB">11 <!ENTITY linux-pam-buildsize " 26MB (with tests)">9 <!ENTITY linux-pam-md5sum "39fca0523bccec6af4b63b5322276c84"> 10 <!ENTITY linux-pam-size "968 KB"> 11 <!ENTITY linux-pam-buildsize "37 MB (with tests)"> 12 12 <!ENTITY linux-pam-time "0.3 SBU (with tests)"> 13 13 14 14 <!ENTITY linux-pam-docs-download "https://github.com/linux-pam/linux-pam/releases/download/v&linux-pam-version;/Linux-PAM-&linux-pam-docs-version;-docs.tar.xz"> 15 <!ENTITY linux-pam-docs-md5sum " 1885fae049acd1b699a5459d7c4a0130">16 <!ENTITY linux-pam-docs-size "4 49KB">15 <!ENTITY linux-pam-docs-md5sum "3440e619ff29074eb977a2ca6e34525a"> 16 <!ENTITY linux-pam-docs-size "468 KB"> 17 17 <!-- 18 18 <!ENTITY debian-pam-docs "http://debian.securedservers.com/kernel/pub/linux/libs/pam"> … … 105 105 <para role="optional"> 106 106 <xref linkend="db"/>, 107 <xref linkend="cracklib"/>, 108 <xref linkend="libtirpc"/> and 107 <xref linkend="libnsl"/>, 108 <xref linkend="libpwquality"/>, 109 <xref linkend="libtirpc"/>, 110 <ulink url="https://github.com/linux-audit/audit-userspace">libaudit</ulink>, and 109 111 <ulink url="http://www.prelude-siem.org">Prelude</ulink> 110 112 </para> … … 149 151 </para> 150 152 151 <screen><userinput>sed -e 's/dummy links/dummy lynx/' \153 <screen><userinput>sed -e 's/dummy elinks/dummy lynx/' \ 152 154 -e 's/-no-numbering -no-references/-force-html -nonumbers -stdin/' \ 153 155 -i configure</userinput></screen> … … 331 333 332 334 # End /etc/pam.d/system-session</literal> 333 EOF</userinput></screen> 334 335 EOF 336 cat > /etc/pam.d/system-password << "EOF" 337 <literal># Begin /etc/pam.d/system-password 338 339 # use sha512 hash for encryption, use shadow, and try to use any previously 340 # defined authentication token (chosen password) set by any prior module 341 password required pam_unix.so sha512 shadow try_first_pass 342 343 # End /etc/pam.d/system-password</literal> 344 EOF 345 </userinput></screen> 346 347 <para> 348 If you wish to enable strong password support, install 349 <xref linkend="libpwquality"/>, and follow the 350 instructions in that page to configure the pam_pwquality 351 PAM module with strong password support. 352 </para> 353 354 <!-- With the removal of the pam_cracklib module, we're supposed to be using 355 libpwquality. That already includes instructions in it's configuration 356 information page, so we'll use those instead. 357 358 Linux-PAM must be installed prior to libpwquality so that PAM support 359 is built in, and the PAM module is built. 360 --> 361 <!-- 335 362 <para> 336 363 The remaining generic file depends on whether <xref … … 380 407 # End /etc/pam.d/system-password</literal> 381 408 EOF</userinput></screen> 382 409 --> 383 410 <para> 384 411 Now add a restrictive <filename>/etc/pam.d/other</filename> … … 435 462 <seglistitem> 436 463 <seg> 437 mkhomedir_helper, pam_tally, pam_tally2,464 faillock, mkhomedir_helper, 438 465 pam_timestamp_check, unix_chkpwd and 439 466 unix_update … … 456 483 <?dbhtml list-presentation="table"?> 457 484 485 <varlistentry id="faillock"> 486 <term><command>faillock</command></term> 487 <listitem> 488 <para> 489 displays and modifies the authentication failure record files. 490 </para> 491 <indexterm zone="linux-pam faillock"> 492 <primary sortas="b-faillock">faillock</primary> 493 </indexterm> 494 </listitem> 495 </varlistentry> 496 458 497 <varlistentry id="mkhomedir_helper"> 459 498 <term><command>mkhomedir_helper</command></term> … … 468 507 </varlistentry> 469 508 509 <!-- Removed with the removal of the pam_tally{,2} module 470 510 <varlistentry id="pam_tally"> 471 511 <term><command>pam_tally</command></term> … … 493 533 </listitem> 494 534 </varlistentry> 535 --> 495 536 496 537 <varlistentry id="pam_timestamp_check">
Note:
See TracChangeset
for help on using the changeset viewer.
