Changeset 7e11b83c for postlfs/security/linux-pam.xml
- Timestamp:
- 06/09/2020 06:16:16 PM (4 years ago)
- Branches:
- 10.0, 10.1, 11.0, 11.1, 11.2, 11.3, 12.0, 12.1, kea, ken/TL2024, ken/inkscape-core-mods, ken/tuningfonts, lazarus, lxqt, plabs/newcss, plabs/python-mods, python3.11, qt5new, rahul/power-profiles-daemon, renodr/vulkan-addition, trunk, upgradedb, xry111/intltool, xry111/llvm18, xry111/soup3, xry111/test-20220226, xry111/xf86-video-removal
- Children:
- edcb4a5
- Parents:
- 50c49293
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
postlfs/security/linux-pam.xml
r50c49293 r7e11b83c 7 7 <!ENTITY linux-pam-download-http "https://github.com/linux-pam/linux-pam/releases/download/v&linux-pam-version;/Linux-PAM-&linux-pam-version;.tar.xz"> 8 8 <!ENTITY linux-pam-download-ftp " "> 9 <!ENTITY linux-pam-md5sum " 558ff53b0fc0563ca97f79e911822165">10 <!ENTITY linux-pam-size " 892 MB">11 <!ENTITY linux-pam-buildsize " 26MB (with tests)">9 <!ENTITY linux-pam-md5sum "39fca0523bccec6af4b63b5322276c84"> 10 <!ENTITY linux-pam-size "968 KB"> 11 <!ENTITY linux-pam-buildsize "37 MB (with tests)"> 12 12 <!ENTITY linux-pam-time "0.3 SBU (with tests)"> 13 13 14 14 <!ENTITY linux-pam-docs-download "https://github.com/linux-pam/linux-pam/releases/download/v&linux-pam-version;/Linux-PAM-&linux-pam-docs-version;-docs.tar.xz"> 15 <!ENTITY linux-pam-docs-md5sum " 1885fae049acd1b699a5459d7c4a0130">16 <!ENTITY linux-pam-docs-size "4 49KB">15 <!ENTITY linux-pam-docs-md5sum "3440e619ff29074eb977a2ca6e34525a"> 16 <!ENTITY linux-pam-docs-size "468 KB"> 17 17 <!-- 18 18 <!ENTITY debian-pam-docs "http://debian.securedservers.com/kernel/pub/linux/libs/pam"> … … 105 105 <para role="optional"> 106 106 <xref linkend="db"/>, 107 <xref linkend="cracklib"/>, 108 <xref linkend="libtirpc"/> and 107 <xref linkend="libnsl"/>, 108 <xref linkend="libpwquality"/>, 109 <xref linkend="libtirpc"/>, 110 <ulink url="https://github.com/linux-audit/audit-userspace">libaudit</ulink>, and 109 111 <ulink url="http://www.prelude-siem.org">Prelude</ulink> 110 112 </para> … … 149 151 </para> 150 152 151 <screen><userinput>sed -e 's/dummy links/dummy lynx/' \153 <screen><userinput>sed -e 's/dummy elinks/dummy lynx/' \ 152 154 -e 's/-no-numbering -no-references/-force-html -nonumbers -stdin/' \ 153 155 -i configure</userinput></screen> … … 331 333 332 334 # End /etc/pam.d/system-session</literal> 333 EOF</userinput></screen> 334 335 EOF 336 cat > /etc/pam.d/system-password << "EOF" 337 <literal># Begin /etc/pam.d/system-password 338 339 # use sha512 hash for encryption, use shadow, and try to use any previously 340 # defined authentication token (chosen password) set by any prior module 341 password required pam_unix.so sha512 shadow try_first_pass 342 343 # End /etc/pam.d/system-password</literal> 344 EOF 345 </userinput></screen> 346 347 <para> 348 If you wish to enable strong password support, install 349 <xref linkend="libpwquality"/>, and follow the 350 instructions in that page to configure the pam_pwquality 351 PAM module with strong password support. 352 </para> 353 354 <!-- With the removal of the pam_cracklib module, we're supposed to be using 355 libpwquality. That already includes instructions in it's configuration 356 information page, so we'll use those instead. 357 358 Linux-PAM must be installed prior to libpwquality so that PAM support 359 is built in, and the PAM module is built. 360 --> 361 <!-- 335 362 <para> 336 363 The remaining generic file depends on whether <xref … … 380 407 # End /etc/pam.d/system-password</literal> 381 408 EOF</userinput></screen> 382 409 --> 383 410 <para> 384 411 Now add a restrictive <filename>/etc/pam.d/other</filename> … … 435 462 <seglistitem> 436 463 <seg> 437 mkhomedir_helper, pam_tally, pam_tally2,464 faillock, mkhomedir_helper, 438 465 pam_timestamp_check, unix_chkpwd and 439 466 unix_update … … 456 483 <?dbhtml list-presentation="table"?> 457 484 485 <varlistentry id="faillock"> 486 <term><command>faillock</command></term> 487 <listitem> 488 <para> 489 displays and modifies the authentication failure record files. 490 </para> 491 <indexterm zone="linux-pam faillock"> 492 <primary sortas="b-faillock">faillock</primary> 493 </indexterm> 494 </listitem> 495 </varlistentry> 496 458 497 <varlistentry id="mkhomedir_helper"> 459 498 <term><command>mkhomedir_helper</command></term> … … 468 507 </varlistentry> 469 508 509 <!-- Removed with the removal of the pam_tally{,2} module 470 510 <varlistentry id="pam_tally"> 471 511 <term><command>pam_tally</command></term> … … 493 533 </listitem> 494 534 </varlistentry> 535 --> 495 536 496 537 <varlistentry id="pam_timestamp_check">
Note:
See TracChangeset
for help on using the changeset viewer.