Context Navigation

← Previous Changeset
Next Changeset →

Changeset 9a3142c

Timestamp:

03/15/2012 04:25:36 PM (12 years ago)

Author:

Andrew Benton <andy@…>

Branches:

10.0, 10.1, 11.0, 11.1, 11.2, 11.3, 12.0, 12.1, 7.10, 7.4, 7.5, 7.6, 7.6-blfs, 7.6-systemd, 7.7, 7.8, 7.9, 8.0, 8.1, 8.2, 8.3, 8.4, 9.0, 9.1, basic, bdubbs/svn, elogind, gnome, kde5-13430, kde5-14269, kde5-14686, kea, ken/TL2024, ken/inkscape-core-mods, ken/tuningfonts, krejzi/svn, lazarus, lxqt, nosym, perl-modules, plabs/newcss, plabs/python-mods, python3.11, qt5new, rahul/power-profiles-daemon, renodr/vulkan-addition, systemd-11177, systemd-13485, trunk, upgradedb, xry111/intltool, xry111/llvm18, xry111/soup3, xry111/test-20220226, xry111/xf86-video-removal

Children:

5e32204

Parents:

8eeb3dd8

Message:

fix compiling shadow with acl installed

git-svn-id: svn://svn.linuxfromscratch.org/BLFS/trunk/BOOK@9713 af4574ff-66df-0310-9fd7-8a98e5e911e0

File:

: 1 edited

postlfs/security/shadow.xml (modified) (31 diffs)

Legend:

: Unmodified
: Added
: Removed

postlfs/security/shadow.xml

-              r8eeb3dd8
+              r9a3142c
   %general-entities;
+  <!ENTITY shadow-download-http "http://pkg-shadow.alioth.debian.org/releases/shadow-&shadow-version;.tar.bz2 ">
+  <!ENTITY shadow-download-http
+  "http://pkg-shadow.alioth.debian.org/releases/shadow-&shadow-version;.tar.bz2 ">
   <!ENTITY shadow-download-ftp  " ">
   <!ENTITY shadow-md5sum        "d5f7a588fadb79faeb4b08b1eee82e9a">
 …
     <title>Introduction to Shadow</title>
+    <para><application>Shadow</application> was indeed installed in LFS and
+    there is no reason to reinstall it unless you installed
+    <application>CrackLib</application> or
+    <application>Linux-PAM</application> after your LFS system was completed.
+    If you have installed <application>CrackLib</application> after LFS, then
+    reinstalling <application>Shadow</application> will enable strong password
+    support. If you have installed <application>Linux-PAM</application>,
+    reinstalling <application>Shadow</application> will allow programs such as
+    <command>login</command> and <command>su</command> to utilize PAM.</para>
+    &lfs70_checked;
+    <para>
+      <application>Shadow</application> was indeed installed in LFS and there is
+      no reason to reinstall it unless you installed
+      <application>CrackLib</application> or
+      <application>Linux-PAM</application> after your LFS system was completed.
+      If you have installed <application>CrackLib</application> after LFS, then
+      reinstalling <application>Shadow</application> will enable strong password
+      support. If you have installed <application>Linux-PAM</application>,
+      reinstalling <application>Shadow</application> will allow programs such as
+      <command>login</command> and <command>su</command> to utilize PAM.
+    </para>
+    &lfs71_checked;
     <bridgehead renderas="sect3">Package Information</bridgehead>
     <itemizedlist spacing="compact">
       <listitem>
+        <para>Download (HTTP): <ulink url="&shadow-download-http;"/></para>
+        <para>
+          Download (HTTP): <ulink url="&shadow-download-http;"/>
+        </para>
       </listitem>
       <listitem>
+        <para>Download (FTP): <ulink url="&shadow-download-ftp;"/></para>
+        <para>
+          Download (FTP): <ulink url="&shadow-download-ftp;"/>
+        </para>
       </listitem>
       <listitem>
+        <para>Download MD5 sum: &shadow-md5sum;</para>
+        <para>
+          Download MD5 sum: &shadow-md5sum;
+        </para>
       </listitem>
       <listitem>
+        <para>Download size: &shadow-size;</para>
+        <para>
+          Download size: &shadow-size;
+        </para>
       </listitem>
       <listitem>
+        <para>Estimated disk space required: &shadow-buildsize;</para>
+        <para>
+          Estimated disk space required: &shadow-buildsize;
+        </para>
       </listitem>
       <listitem>
+        <para>Estimated build time: &shadow-time;</para>
+        <para>
+          Estimated build time: &shadow-time;
+        </para>
       </listitem>
     </itemizedlist>
 …
     <itemizedlist spacing='compact'>
       <listitem>
+        <para>Required patch: <ulink
+        url="http://www.&lfs-domainname;/patches/lfs/development/shadow-&shadow-version;-nscd-1.patch"/>
+        <para>
+          Required patch: <ulink
+          url="http://www.&lfs-domainname;/patches/lfs/development/shadow-&shadow-version;-nscd-1.patch"/>
         </para>
       </listitem>
 …
     <bridgehead renderas="sect4">Required</bridgehead>
+    <para role="required"><xref linkend="linux-pam"/> or
+    <xref linkend="cracklib"/></para>
+    <para condition="html" role="usernotes">User Notes:
+    <ulink url="&blfs-wiki;/shadow"/></para>
+    <para role="required">
+      <xref linkend="linux-pam"/> or
+      <xref linkend="cracklib"/>
+    </para>
+    <para condition="html" role="usernotes">
+      User Notes: <ulink url="&blfs-wiki;/shadow"/>
+    </para>
   </sect2>
 …
     <important>
+      <para>The installation commands shown below are for installations where
+      <application>Linux-PAM</application> has been installed (with or
+      without a <application>CrackLib</application> installation) and
+      <application>Shadow</application> is being reinstalled to support the
+      <application>Linux-PAM</application> installation.</para>
+      <para> If you are reinstalling <application>Shadow</application> to
+      provide strong password support using the
+      <application>CrackLib</application> library without using
+      <application>Linux-PAM</application>, ensure you add the
+      <parameter>--with-libcrack</parameter> parameter to the
+      <command>configure</command> script below and also issue the following
+      command:</para>
+      <para>
+        The installation commands shown below are for installations where
+        <application>Linux-PAM</application> has been installed (with or
+        without a <application>CrackLib</application> installation) and
+        <application>Shadow</application> is being reinstalled to support the
+        <application>Linux-PAM</application> installation.
+      </para>
+      <para>
+        If you are reinstalling <application>Shadow</application> to provide
+        strong password support using the <application>CrackLib</application>
+        library without using <application>Linux-PAM</application>, ensure you
+        add the <parameter>--with-libcrack</parameter> parameter to the
+        <command>configure</command> script below and also issue the following
+        command:
+      </para>
 <screen><userinput>sed -i 's@DICTPATH.*@DICTPATH\t/lib/cracklib/pw_dict@' etc/login.defs</userinput></screen>
     </important>
+    <para>Reinstall <application>Shadow</application> by running the following
+    commands:</para>
+    <para>
+      Reinstall <application>Shadow</application> by running the following
+      commands:
+    </para>
 <screen><userinput>sed -i 's/groups$(EXEEXT) //' src/Makefile.in &amp;&amp;
 find man -name Makefile.in -exec sed -i 's/groups\.1 / /' {} \; &amp;&amp;
 sed -i -e 's/ ko//' -e 's/ zh_CN zh_TW//' man/Makefile.in &amp;&amp;
+sed -i '/&lt;stdio.h&gt;/a#include &lt;stdarg.h&gt;' libmisc/copydir.c &amp;&amp;
 sed -i -e 's@#ENCRYPT_METHOD DES@ENCRYPT_METHOD SHA512@' \
 …
 patch -Np1 -i ../shadow-&shadow-version;-nscd-1.patch &amp;&amp;
+./configure --prefix=/usr --sysconfdir=/etc \
+            --without-acl --without-attr &amp;&amp;
+./configure --prefix=/usr --sysconfdir=/etc &amp;&amp;
 make</userinput></screen>
+    <para>This package does not come with a test suite.</para>
+    <para>Now, as the <systemitem class="username">root</systemitem> user:</para>
+    <para>
+      This package does not come with a test suite.
+    </para>
+    <para>
+      Now, as the <systemitem class="username">root</systemitem> user:
+    </para>
 <screen role="root"><userinput>make install &amp;&amp;
 mv -v /usr/bin/passwd /bin</userinput></screen>
   </sect2>
 …
     <title>Command Explanations</title>
+    <para><command>sed -i 's/groups$(EXEEXT) //' src/Makefile.in</command>:
+    This command is used to suppress the installation of the
+    <command>groups</command> program as the version from the
+    <application>Coreutils</application> package installed during LFS is
+    preferred.</para>
+    <para><command>find man -name Makefile.in -exec ... {} \;</command>: This
+    command is used to suppress the installation of the
+    <command>groups</command> man pages so the existing ones installed from
+    the <application>Coreutils</application> package are not replaced.</para>
+    <para><command>sed -i -e '...' -e '...' man/Makefile.in</command>: This
+    command disables the installation of Chinese and Korean manual pages, since
+    <application>Man-DB</application> cannot format them properly.</para>
+    <para><command>sed -i -e 's@#ENCRYPT_METHOD DES@ENCRYPT_METHOD SHA512@'
+    -e 's@/var/spool/mail@/var/mail@' etc/login.defs</command>:
+    Instead of using the default 'DES' method, this command modifies the
+    installation to use the more secure 'SHA512' method of hashing passwords,
+    which also allows passwords longer than eight characters. It also changes
+    the obsolete <filename class="directory">/var/spool/mail</filename>
+    location for user mailboxes that <application>Shadow</application> uses by
+    default to the <filename class="directory">/var/mail</filename>
+    location.</para>
+    <para><command>sed -i -e
+    's@PATH=/sbin:/bin:/usr/sbin:/usr/bin@&amp;:/usr/local/sbin:/usr/local/bin@'
+    -e 's@PATH=/bin:/usr/bin@&amp;:/usr/local/bin@' etc/login.defs</command>:
+    This sed expands PATH to <filename class="directory">/usr/local/bin</filename>
+    for normal and <systemitem class="username">root</systemitem> user and to
+    <filename class="directory">/usr/local/sbin</filename> for
+    <systemitem class="username">root</systemitem> user only.</para>
+    <para><command>--without-acl</command>: Disables linking with <xref linkend="acl"/>
+    since <application>Shadow</application> fails to compile if it is present.</para>
+    <para><command>--without-attr</command>: Disables linking with <xref linkend="attr"/>
+    since <application>Shadow</application> fails to compile if it is present.</para>
+    <para><command>mv -v /usr/bin/passwd /bin</command>: The
+    <command>passwd</command> program may be needed during times when the
+    <filename class='directory'>/usr</filename> filesystem is not mounted so
+    it is moved into the root partition.</para>
+    <para>
+      <command>sed -i 's/groups$(EXEEXT) //' src/Makefile.in</command>: This sed
+      is used to suppress the installation of the <command>groups</command>
+      program as the version from the <application>Coreutils</application>
+      package installed during LFS is preferred.
+    </para>
+    <para>
+      <command>find man -name Makefile.in -exec ... {} \;</command>: This
+      command is used to suppress the installation of the
+      <command>groups</command> man pages so the existing ones installed from
+      the <application>Coreutils</application> package are not replaced.
+    </para>
+    <para>
+      <command>sed -i -e '...' -e '...' man/Makefile.in</command>: This command
+      disables the installation of Chinese and Korean manual pages, since
+      <application>Man-DB</application> cannot format them properly.
+    </para>
+    <para>
+      <command>sed -i -e 's@#ENCRYPT_METHOD DES@ENCRYPT_METHOD SHA512@' -e
+      's@/var/spool/mail@/var/mail@' etc/login.defs</command>: Instead of using
+      the default 'DES' method, this command modifies the installation to use
+      the more secure 'SHA512' method of hashing passwords, which also allows
+      passwords longer than eight characters. It also changes the obsolete
+      <filename class="directory">/var/spool/mail</filename> location for user
+      mailboxes that <application>Shadow</application> uses by default to the
+      <filename class="directory">/var/mail</filename> location.
+    </para>
+    <para>
+      <command>sed -i -e
+      's@PATH=/sbin:/bin:/usr/sbin:/usr/bin@&amp;:/usr/local/sbin:/usr/local/bin@'
+      -e 's@PATH=/bin:/usr/bin@&amp;:/usr/local/bin@' etc/login.defs</command>:
+      This sed expands PATH to
+      <filename class="directory">/usr/local/bin</filename> for normal and
+      <systemitem class="username">root</systemitem> user and to
+      <filename class="directory">/usr/local/sbin</filename> for
+      <systemitem class="username">root</systemitem> user only.
+    </para>
+    <para>
+      <command>sed -i '/&lt;stdio.h&gt;/a#include &lt;stdarg.h&gt;'
+      libmisc/copydir.c</command>: This sed fixes a bug which would make the
+      build fail if <xref linkend="acl"/> is installed.
+    </para>
+    <para>
+      <command>mv -v /usr/bin/passwd /bin</command>: The
+      <command>passwd</command> program may be needed during times when the
+      <filename class='directory'>/usr</filename> filesystem is not mounted so
+      it is moved into the root partition.
+    </para>
   </sect2>
 …
     <title>Configuring Shadow</title>
+    <para><application>Shadow</application>'s stock configuration for the
+    <command>useradd</command> utility may not be desirable for your
+    installation. One default parameter causes <command>useradd</command> to
+    create a mailbox file for any newly created user.
+    <command>useradd</command> will make the group ownership of this file to
+    the <systemitem class="groupname">mail</systemitem> group with 0660
+    permissions. If you would prefer that these mailbox files are not created
+    by <command>useradd</command>, issue the
+    following command as the <systemitem class="username">root</systemitem> user:</para>
+    <para>
+      <application>Shadow</application>'s stock configuration for the
+      <command>useradd</command> utility may not be desirable for your
+      installation. One default parameter causes <command>useradd</command> to
+      create a mailbox file for any newly created user.
+      <command>useradd</command> will make the group ownership of this file to
+      the <systemitem class="groupname">mail</systemitem> group with 0660
+      permissions. If you would prefer that these mailbox files are not created
+      by <command>useradd</command>, issue the following command as the
+      <systemitem class="username">root</systemitem> user:
+    </para>
 <screen role="root"><userinput>sed -i 's/yes/no/' /etc/default/useradd</userinput></screen>
   </sect2>
 …
     <note>
+      <para>The rest of this page is devoted to configuring
+      <application>Shadow</application> to work properly with
+      <application>Linux-PAM</application>. If you do not have
+      <application>Linux-PAM</application> installed, and you reinstalled
+      <application>Shadow</application> to support strong passwords via
+      the <application>CrackLib</application> library, no further configuration
+      is required.</para>
+      <para>
+        The rest of this page is devoted to configuring
+        <application>Shadow</application> to work properly with
+        <application>Linux-PAM</application>. If you do not have
+        <application>Linux-PAM</application> installed, and you reinstalled
+        <application>Shadow</application> to support strong passwords via the
+        <application>CrackLib</application> library, no further configuration is
+        required.
+      </para>
     </note>
 …
       <title>Config Files</title>
+      <para><filename>/etc/pam.d/*</filename> or alternatively
+      <filename>/etc/pam.conf, /etc/login.defs, and
+      /etc/security/*</filename></para>
+      <para>
+        <filename>/etc/pam.d/*</filename> or alternatively
+        <filename>/etc/pam.conf</filename>,
+        <filename>/etc/login.defs</filename> and
+        <filename>/etc/security/*</filename>
+      </para>
       <indexterm zone="shadow pam.d">
 …
         <primary sortas="e-etc-security">/etc/security/*</primary>
       </indexterm>
     </sect3>
 …
       <title>Configuration Information</title>
+      <para>Configuring your system to use <application>Linux-PAM</application>
+      can be a complex task. The information below will provide a basic setup
+      so that <application>Shadow</application>'s login and password
+      functionality will work effectively with
+      <application>Linux-PAM</application>. Review the information and links on
+      the <xref linkend="linux-pam"/> page for further configuration
+      information. For information specific to integrating
+      <application>Shadow</application>, <application>Linux-PAM</application>
+      and <application>CrackLib</application>, you can visit the following
+      link:</para>
+      <para>
+        Configuring your system to use <application>Linux-PAM</application> can
+        be a complex task. The information below will provide a basic setup so
+        that <application>Shadow</application>'s login and password
+        functionality will work effectively with
+        <application>Linux-PAM</application>. Review the information and links
+        on the <xref linkend="linux-pam"/> page for further configuration
+        information. For information specific to integrating
+        <application>Shadow</application>, <application>Linux-PAM</application>
+        and <application>CrackLib</application>, you can visit the following
+        link:
+      </para>
       <itemizedlist spacing="compact">
+      <listitem>
+        <para><ulink
+        url="http://www.deer-run.com/~hal/sysadmin/pam_cracklib.html"/></para>
+      </listitem>
+        <listitem>
+          <para>
+            <ulink url="http://www.deer-run.com/~hal/sysadmin/pam_cracklib.html"/>
+          </para>
+        </listitem>
       </itemizedlist>
 …
         <title>Configuring /etc/login.defs</title>
+        <para>The <command>login</command> program currently performs many
+        functions which <application>Linux-PAM</application> modules should
+        now handle. The following <command>sed</command> command will comment
+        out the appropriate lines in <filename>/etc/login.defs</filename>, and
+        stop <command>login</command> from performing these functions (a backup
+        file named <filename>/etc/login.defs.orig</filename> is also created
+        to preserve the original file's contents). Issue the following commands
+        as the <systemitem class="username">root</systemitem> user:</para>
+        <para>
+          The <command>login</command> program currently performs many functions
+          which <application>Linux-PAM</application> modules should now handle.
+          The following <command>sed</command> command will comment out the
+          appropriate lines in <filename>/etc/login.defs</filename>, and stop
+          <command>login</command> from performing these functions (a backup
+          file named <filename>/etc/login.defs.orig</filename> is also created
+          to preserve the original file's contents). Issue the following
+          commands as the <systemitem class="username">root</systemitem> user:
+        </para>
         <indexterm zone="shadow pam-login-defs">
 …
                 CHFN_AUTH ENVIRON_FILE
 do
     sed -i "s/^$FUNCTION/# &amp;/" /etc/login.defs
+    sed -i "s/^${FUNCTION}/# &amp;/" /etc/login.defs
 done</userinput></screen>
       </sect4>
 …
         <title>Configuring the /etc/pam.d/ Files</title>
+        <para>As mentioned previously in the
+        <application>Linux-PAM</application> instructions,
+        <application>Linux-PAM</application> has two supported methods for
+        configuration.  The commands below assume that you've chosen to use
+        a directory based configuration, where each program has its own
+        configuration file.  You can optionally use a single
+        <filename>/etc/pam.conf</filename> configuration file by using the
+        text from the files below, and supplying the program name as an
+        additional first field for each line.</para>
+        <para>As the <systemitem class="username">root</systemitem> user,
+        replace the following <application>Linux-PAM</application>
+        configuration files in the
+        <filename class="directory">/etc/pam.d/</filename> directory (or
+        add the contents to the <filename>/etc/pam.conf</filename> file) using
+        the following commands:</para>
+        <para>
+          As mentioned previously in the <application>Linux-PAM</application>
+          instructions, <application>Linux-PAM</application> has two supported
+          methods for configuration. The commands below assume that you've
+          chosen to use a directory based configuration, where each program has
+          its own configuration file.  You can optionally use a single
+          <filename>/etc/pam.conf</filename> configuration file by using the
+          text from the files below, and supplying the program name as an
+          additional first field for each line.
+        </para>
+        <para>
+          As the <systemitem class="username">root</systemitem> user, replace
+          the following <application>Linux-PAM</application> configuration files
+          in the <filename class="directory">/etc/pam.d/</filename> directory
+          (or add the contents to the <filename>/etc/pam.conf</filename> file)
+          using the following commands:
+        </para>
       </sect4>
 …
 # End /etc/pam.d/system-account</literal>
 EOF</userinput></screen>
       </sect4>
 …
 # End /etc/pam.d/system-auth</literal>
 EOF</userinput></screen>
       </sect4>
 …
 EOF</userinput></screen>
+        <note><para>In its default configuration, owing to credits,
+        pam_cracklib will allow multiple case passwords as short as 6
+        characters, even with the <parameter>minlen</parameter> value
+        set to 11.  You should review the pam_cracklib(8) man page and
+        determine if these default values are acceptable for the security
+        of your system.</para></note>
+        <note>
+          <para>
+            In its default configuration, owing to credits, pam_cracklib will
+            allow multiple case passwords as short as 6 characters, even with
+            the <parameter>minlen</parameter> value set to 11. You should review
+            the pam_cracklib(8) man page and determine if these default values
+            are acceptable for the security of your system.
+          </para>
+        </note>
       </sect4>
 …
 # End /etc/pam.d/system-password</literal>
 EOF</userinput></screen>
       </sect4>
 …
 # End /etc/pam.d/system-session</literal>
 EOF</userinput></screen>
       </sect4>
 …
 # End /etc/pam.d/login</literal>
 EOF</userinput></screen>
       </sect4>
 …
 # End /etc/pam.d/passwd</literal>
 EOF</userinput></screen>
       </sect4>
 …
 # End /etc/pam.d/su</literal>
 EOF</userinput></screen>
       </sect4>
 …
 # End /etc/pam.d/chage</literal>
 EOF</userinput></screen>
+      </sect4>
+      <sect4>
+        <title>'chfn', 'chgpasswd', 'chgpasswd', 'chsh', 'groupadd',
+        'groupdel', 'groupmems', 'groupmod', 'newusers', 'useradd', 'userdel'
+        and 'usermod'</title>
+      </sect4>
+      <sect4>
+        <title>'chfn', 'chgpasswd', 'chgpasswd', 'chsh', 'groupadd', 'groupdel',
+        'groupmems', 'groupmod', 'newusers', 'useradd', 'userdel' and
+        'usermod'</title>
 <screen role="root"><userinput>for PROGRAM in chfn chgpasswd chpasswd chsh groupadd groupdel \
                groupmems groupmod newusers useradd userdel usermod
 do
     install -v -m644 /etc/pam.d/chage /etc/pam.d/$PROGRAM
     sed -i "s/chage/$PROGRAM/" /etc/pam.d/$PROGRAM
+    install -v -m644 /etc/pam.d/chage /etc/pam.d/${PROGRAM}
+    sed -i "s/chage/$PROGRAM/" /etc/pam.d/${PROGRAM}
 done</userinput></screen>
         <warning>
+          <para>At this point, you should do a simple test to see if
+          <application>Shadow</application> is working as expected. Open
+          another terminal and log in as a user, then <command>su</command> to
+          <systemitem class="username">root</systemitem>. If you do not see any
+          errors, then all is well and you should proceed with the rest of the
+          configuration. If you did receive errors, stop now and double check
+          the above configuration files manually. You can also run the test
+          suite from the <application>Linux-PAM</application> package to assist
+          you in determining the problem. If you cannot find and
+          fix the error, you should recompile <application>Shadow</application>
+          adding the <option>--without-libpam</option> switch to the
+          <command>configure</command> command in the above instructions
+          (also move the <filename>/etc/login.defs.orig</filename> backup
+          file to <filename>/etc/login.defs</filename>). If you
+          fail to do this and the errors remain, you will be unable to log into
+          your system.</para>
+          <para>
+            At this point, you should do a simple test to see if
+            <application>Shadow</application> is working as expected. Open
+            another terminal and log in as a user, then <command>su</command> to
+            <systemitem class="username">root</systemitem>. If you do not see
+            any errors, then all is well and you should proceed with the rest of
+            the configuration. If you did receive errors, stop now and double
+            check the above configuration files manually. You can also run the
+            test suite from the <application>Linux-PAM</application> package to
+            assist you in determining the problem. If you cannot find and fix
+            the error, you should recompile <application>Shadow</application>
+            adding the <option>--without-libpam</option> switch to the
+            <command>configure</command> command in the above instructions (also
+            move the <filename>/etc/login.defs.orig</filename> backup file to
+            <filename>/etc/login.defs</filename>). If you fail to do this and
+            the errors remain, you will be unable to log into your system.
+          </para>
         </warning>
       </sect4>
 …
         <title>Other</title>
+        <para>Currently, <filename>/etc/pam.d/other</filename> is configured
+        to allow anyone with an account on the machine to use PAM-aware
+        programs without a configuration file for that program. After testing
+        <application>Linux-PAM</application> for proper configuration, install
+        a more restrictive <filename>other</filename> file so that
+        program-specific configuration files are required:</para>
+        <para>
+          Currently, <filename>/etc/pam.d/other</filename> is configured to
+          allow anyone with an account on the machine to use PAM-aware programs
+          without a configuration file for that program. After testing
+          <application>Linux-PAM</application> for proper configuration, install
+          a more restrictive <filename>other</filename> file so that
+          program-specific configuration files are required:
+        </para>
 <screen role="root"><userinput>cat &gt; /etc/pam.d/other &lt;&lt; "EOF"
 …
 # End /etc/pam.d/other</literal>
 EOF</userinput></screen>
       </sect4>
 …
         <title>Configuring Login Access</title>
+        <para>Instead of using the <filename>/etc/login.access</filename>
+        file for controlling access to the system,
+        <application>Linux-PAM</application> uses the
+        <filename class='libraryfile'>pam_access.so</filename> module along
+        with the <filename>/etc/security/access.conf</filename> file. Rename
+        the <filename>/etc/login.access</filename> file using the following
+        command:</para>
+        <para>
+          Instead of using the <filename>/etc/login.access</filename> file for
+          controlling access to the system, <application>Linux-PAM</application>
+          uses the <filename class='libraryfile'>pam_access.so</filename> module
+          along with the <filename>/etc/security/access.conf</filename> file.
+          Rename the <filename>/etc/login.access</filename> file using the
+          following command:
+        </para>
         <indexterm zone="shadow pam-access">
 …
         </indexterm>
+<screen role="root"><userinput>if [ -f /etc/login.access ]; then
+    mv -v /etc/login.access /etc/login.access.NOUSE
+fi</userinput></screen>
+<screen role="root"><userinput>[ -f /etc/login.access ] &amp;&amp; mv -v /etc/login.access{,.NOUSE}</userinput></screen>
       </sect4>
 …
         <title>Configuring Resource Limits</title>
+        <para>Instead of using the <filename>/etc/limits</filename> file
+        for limiting usage of system resources,
+        <application>Linux-PAM</application> uses the
+        <filename class='libraryfile'>pam_limits.so</filename> module along
+        with the <filename>/etc/security/limits.conf</filename> file. Rename
+        the <filename>/etc/limits</filename> file using the following
+        command:</para>
+        <para>
+          Instead of using the <filename>/etc/limits</filename> file for
+          limiting usage of system resources,
+          <application>Linux-PAM</application> uses the
+          <filename class='libraryfile'>pam_limits.so</filename> module along
+          with the <filename>/etc/security/limits.conf</filename> file. Rename
+          the <filename>/etc/limits</filename> file using the following command:
+        </para>
         <indexterm zone="shadow pam-limits">
 …
         </indexterm>
+<screen role="root"><userinput>if [ -f /etc/limits ]; then
+    mv -v /etc/limits /etc/limits.NOUSE
+fi</userinput></screen>
+      </sect4>
+<screen role="root"><userinput>[ -f /etc/limits ] &amp;&amp; mv -v /etc/limits{,.NOUSE}</userinput></screen>
+      </sect4>
     </sect3>
   </sect2>
 …
     <title>Contents</title>
     <para>A list of the installed files, along with their short descriptions
     can be found at
     <ulink url="&lfs-root;/chapter06/shadow.html#contents-shadow"/>.</para>
+    <para>
+      A list of the installed files, along with their short descriptions can be
+      found at <ulink url="&lfs-root;/chapter06/shadow.html#contents-shadow"/>.
+    </para>
   </sect2>
 </sect1>

Note: See TracChangeset for help on using the changeset viewer.

Context Navigation

Changeset 9a3142c

Legend:

postlfs/security/shadow.xml

Download in other formats: