Changeset c7eb655
- Timestamp:
- 05/14/2005 11:21:04 AM (19 years ago)
- Branches:
- 10.0, 10.1, 11.0, 11.1, 11.2, 11.3, 12.0, 12.1, 6.1, 6.2, 6.2.0, 6.2.0-rc1, 6.2.0-rc2, 6.3, 6.3-rc1, 6.3-rc2, 6.3-rc3, 7.10, 7.4, 7.5, 7.6, 7.6-blfs, 7.6-systemd, 7.7, 7.8, 7.9, 8.0, 8.1, 8.2, 8.3, 8.4, 9.0, 9.1, basic, bdubbs/svn, elogind, gnome, kde5-13430, kde5-14269, kde5-14686, kea, ken/TL2024, ken/inkscape-core-mods, ken/tuningfonts, krejzi/svn, lazarus, lxqt, nosym, perl-modules, plabs/newcss, plabs/python-mods, python3.11, qt5new, rahul/power-profiles-daemon, renodr/vulkan-addition, systemd-11177, systemd-13485, trunk, upgradedb, xry111/intltool, xry111/llvm18, xry111/soup3, xry111/test-20220226, xry111/xf86-video-removal
- Children:
- ffdb54d9
- Parents:
- 71072bbe
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
postlfs/security/linux_pam.xml
r71072bbe rc7eb655 14 14 15 15 <sect1 id="Linux_PAM" xreflabel="Linux-PAM-&Linux_PAM-version;"> 16 <sect1info> 17 <othername>$LastChangedBy$</othername> 18 <date>$Date$</date> 19 </sect1info> 20 <?dbhtml filename="linux_pam.html"?> 21 <title>Linux-PAM-&Linux_PAM-version;</title> 22 <indexterm zone="Linux_PAM"> 23 <primary sortas="a-PAM_linux">PAM(Linux)</primary></indexterm> 24 25 <sect2> 26 <title>Introduction to <application>Linux-<acronym>PAM</acronym></application> 27 </title> 28 29 <para>The <application>Linux-<acronym>PAM</acronym></application> package 30 contains Pluggable Authentication Modules. This is useful to enable the local 31 system administrator to choose how applications authenticate users.</para> 32 33 <sect3><title>Package information</title> 34 <itemizedlist spacing='compact'> 35 <listitem><para>Download (HTTP): <ulink 36 url="&Linux_PAM-download-http;"/></para></listitem> 37 <listitem><para>Download (FTP): <ulink 38 url="&Linux_PAM-download-ftp;"/></para></listitem> 39 <listitem><para>Download MD5 sum: &Linux_PAM-md5sum;</para></listitem> 40 <listitem><para>Download size: &Linux_PAM-size;</para></listitem> 41 <listitem><para>Estimated disk space required: 42 &Linux_PAM-buildsize;</para></listitem> 43 <listitem><para>Estimated build time: 44 &Linux_PAM-time;</para></listitem></itemizedlist> 45 </sect3> 46 47 <sect3><title>Additional downloads</title> 48 <sect4><title>Patches</title> 49 <itemizedlist spacing='compact'> 50 <listitem><para>Required patch: <ulink 51 url="&patch-root;/Linux-PAM-&Linux_PAM-version;-linkage-2.patch"/></para> 52 </listitem></itemizedlist> 53 </sect4> 54 55 <sect4><title>Documentation</title> 56 <itemizedlist spacing='compact'> 57 <listitem><para>Optional documentation: <ulink 58 url="http://www.kernel.org/pub/linux/libs/pam/pre/library/Linux-PAM-0.78-docs.tar.bz2"/> 59 </para></listitem> 60 </itemizedlist> 61 </sect4> 62 </sect3> 63 64 <sect3><title><application>Linux-<acronym>PAM</acronym></application> 65 dependencies</title> 66 <sect4><title>Recommended</title> 67 <para><xref linkend="cracklib"/></para> 68 </sect4> 69 70 <sect4><title>Optional</title> 71 <para><ulink 72 url="http://sourceforge.net/projects/sgmltools-lite/">sgmltools-lite</ulink> 73 and <xref linkend="db"/> (for pam_userdb module)</para> 74 </sect4> 75 </sect3> 76 77 </sect2> 78 79 <sect2> 80 <title>Installation of 81 <application>Linux-<acronym>PAM</acronym></application></title> 82 83 <para>Install <application>Linux-<acronym>PAM</acronym></application> by 84 running the following commands:</para> 85 86 <screen><userinput><command>patch -Np1 -i ../Linux-PAM-&Linux_PAM-version;-linkage-2.patch && 16 <?dbhtml filename="linux_pam.html"?> 17 18 <sect1info> 19 <othername>$LastChangedBy$</othername> 20 <date>$Date$</date> 21 </sect1info> 22 23 <title>Linux-PAM-&Linux_PAM-version;</title> 24 25 <indexterm zone="Linux_PAM"> 26 <primary sortas="a-PAM_linux">PAM(Linux)</primary> 27 </indexterm> 28 29 <sect2 role="package"> 30 <title>Introduction to Linux-PAM</title> 31 32 <para>The <application>Linux-PAM</application> package contains 33 Pluggable Authentication Modules. This is useful to enable the 34 local system administrator to choose how applications authenticate 35 users.</para> 36 37 <bridgehead renderas="sect3">Package Information</bridgehead> 38 <itemizedlist spacing="compact"> 39 <listitem> 40 <para>Download (HTTP): <ulink url="&Linux_PAM-download-http;"/></para> 41 </listitem> 42 <listitem> 43 <para>Download (FTP): <ulink url="&Linux_PAM-download-ftp;"/></para> 44 </listitem> 45 <listitem> 46 <para>Download MD5 sum: &Linux_PAM-md5sum;</para> 47 </listitem> 48 <listitem> 49 <para>Download size: &Linux_PAM-size;</para> 50 </listitem> 51 <listitem> 52 <para>Estimated disk space required: &Linux_PAM-buildsize;</para> 53 </listitem> 54 <listitem> 55 <para>Estimated build time: &Linux_PAM-time;</para> 56 </listitem> 57 </itemizedlist> 58 59 <bridgehead renderas="sect3">Additional Downloads</bridgehead> 60 <itemizedlist spacing='compact'> 61 <title>Patches</title> 62 <listitem> 63 <para>Required patch: <ulink 64 url="&patch-root;/Linux-PAM-&Linux_PAM-version;-linkage-2.patch"/></para> 65 </listitem> 66 </itemizedlist> 67 68 <itemizedlist spacing='compact'> 69 <title>Documentation</title> 70 <listitem> 71 <para>Optional documentation: <ulink 72 url="http://www.kernel.org/pub/linux/libs/pam/pre/library/Linux-PAM-0.78-docs.tar.bz2"/> 73 </para> 74 </listitem> 75 </itemizedlist> 76 77 <bridgehead renderas="sect3">Linux-PAM Dependencies</bridgehead> 78 79 <bridgehead renderas="sect4">Recommended</bridgehead> 80 <para><xref linkend="cracklib"/></para> 81 82 <bridgehead renderas="sect4">Optional</bridgehead> 83 <para><ulink 84 url="http://sourceforge.net/projects/sgmltools-lite/">sgmltools-lite</ulink> 85 and <xref linkend="db"/> (for pam_userdb module)</para> 86 87 </sect2> 88 89 <sect2 role="installation"> 90 <title>Installation of Linux-PAM</title> 91 92 <para>Install <application>Linux-PAM</application> by 93 running the following commands:</para> 94 95 <screen><userinput>patch -Np1 -i ../Linux-PAM-&Linux_PAM-version;-linkage-2.patch && 87 96 autoconf && 88 97 sed -i 's/(mandir)/(MANDIR)/g' modules/Simple.Rules && 89 98 ./configure --enable-static-libpam --with-mailspool=/var/mail \ 90 99 --enable-read-both-confs --sysconfdir=/etc && 91 make</ command></userinput></screen>92 93 <para>If you downloaded the documentation and wish to install it, unpack the 94 tarball into the <filename class='directory'>doc</filename> directory:</para>95 96 <screen><userinput> <command>tar -jxf ../Linux-PAM-0.78-docs.tar.bz2 -C doc</command></userinput></screen>97 98 <para>Now, as the rootuser:</para>99 100 <screen ><userinput role='root'><command>make install &&100 make</userinput></screen> 101 102 <para>If you downloaded the documentation and wish to install it, unpack the 103 tarball into the <filename class='directory'>doc</filename> directory:</para> 104 105 <screen><userinput>tar -jxf ../Linux-PAM-0.78-docs.tar.bz2 -C doc</userinput></screen> 106 107 <para>Now, as the <systemitem class="username">root</systemitem> user:</para> 108 109 <screen role="root"><userinput>make install && 101 110 mv -v /lib/libpam.a /lib/libpam_misc.a /lib/libpamc.a /usr/lib && 102 111 rm -v /lib/libpam{,c,_misc}.so && 103 112 ln -v -sf ../../lib/libpam.so.&Linux_PAM-version; /usr/lib/libpam.so && 104 113 ln -v -sf ../../lib/libpam_misc.so.&Linux_PAM-version; /usr/lib/libpam_misc.so && 105 ln -v -sf ../../lib/libpamc.so.&Linux_PAM-version; /usr/lib/libpamc.so</ command></userinput></screen>106 107 <para>Install the documentation using the following commands:</para>108 109 <screen ><userinput role='root'><command>install -v -d -m755 /usr/share/doc/Linux-PAM-&Linux_PAM-version; &&114 ln -v -sf ../../lib/libpamc.so.&Linux_PAM-version; /usr/lib/libpamc.so</userinput></screen> 115 116 <para>Install the documentation using the following commands:</para> 117 118 <screen role="root"><userinput>install -v -d -m755 /usr/share/doc/Linux-PAM-&Linux_PAM-version; && 110 119 for DOCTYPE in html ps specs txts 111 120 do 112 121 cp -v -R doc/$DOCTYPE /usr/share/doc/Linux-PAM-&Linux_PAM-version; 113 done</command></userinput></screen> 114 115 </sect2> 116 117 <sect2> 118 <title>Command explanations</title> 119 120 <para><command>autoconf</command>: This is necessary because the patch 121 changes where <acronym>PAM</acronym> looks for the 122 <application>cracklib</application> libraries, requiring regeneration of the 123 configure script.</para> 124 125 <para><command>sed -i 's/(mandir)/(MANDIR)/g' 126 modules/Simple.Rules</command>: This command puts the module manpages 127 with the rest of the manpages in 128 <filename>/usr/share/man</filename>.</para> 129 130 <para><option>--enable-static-libpam</option>: This switch builds 131 static <acronym>PAM</acronym> libraries as well as the dynamic libraries.</para> 132 133 <para><parameter>--with-mailspool=/var/mail</parameter>: This switch makes 134 the mailspool directory <acronym>FHS</acronym> compliant.</para> 135 136 <para><option>--enable-read-both-confs</option>: This switch lets the local 137 administrator choose which configuration file setup to use.</para> 138 139 <para><command>mv -v /lib/libpam.a /lib/libpam_misc.a /lib/libpamc.a 140 /usr/lib</command>: This command moves the static libraries to 141 <filename>/usr/lib</filename> to comply with <acronym>FHS</acronym> 142 guidelines.</para> 143 144 <para><command>rm -v /lib/libpam{,c,_misc}.so; ln -v -sf ... 145 /usr/lib/...</command>: These commands move the 146 <filename class='symlink'>.so</filename> symlinks from 147 <filename class='directory'>/lib</filename> to 148 <filename class='directory'>/usr/lib</filename>.</para> 149 150 </sect2> 151 152 <sect2> 153 <title>Configuring 154 <application>Linux-<acronym>PAM</acronym></application></title> 155 156 <sect3 id="pam-config"><title>Config files</title> 157 <para><filename>/etc/security/*</filename>, and 158 <filename>/etc/pam.d/*</filename> or <filename>/etc/pam.conf</filename></para> 159 <indexterm zone="Linux_PAM pam-config"> 160 <primary sortas="e-etc-security">/etc/security/*</primary></indexterm> 161 <indexterm zone="Linux_PAM pam-config"> 162 <primary sortas="e-etc-pam.d">/etc/pam.d/*</primary></indexterm> 163 <indexterm zone="Linux_PAM pam-config"> 164 <primary sortas="e-etc-pam.conf">/etc/pam.conf</primary></indexterm> 165 </sect3> 166 167 <sect3><title>Configuration Information</title> 168 169 <para>Configuration information is placed in 170 <filename class='directory'>/etc/pam.d/</filename> or 171 <filename>/etc/pam.conf</filename> depending on user preference. Below are 172 example files of each type:</para> 173 174 <screen># Begin /etc/pam.d/other 122 done</userinput></screen> 123 124 </sect2> 125 126 <sect2 role="commands"> 127 <title>Command Explanations</title> 128 129 <para><command>autoconf</command>: This is necessary because the 130 patch changes where PAM looks for the <application>cracklib</application> 131 libraries, requiring regeneration of the configure script.</para> 132 133 <para><command>sed -i 's/(mandir)/(MANDIR)/g' modules/Simple.Rules</command>: 134 This command puts the module manpages with the rest of the manpages in 135 <filename>/usr/share/man</filename>.</para> 136 137 <para><parameter>--enable-static-libpam</parameter>: This switch builds 138 static PAM libraries as well as the dynamic libraries.</para> 139 140 <para><parameter>--with-mailspool=/var/mail</parameter>: This switch 141 makes the mailspool directory FHS compliant.</para> 142 143 <para><parameter>--enable-read-both-confs</parameter>: This switch lets 144 the local administrator choose which configuration file setup to use.</para> 145 146 <para><command>mv -v /lib/libpam.a /lib/libpam_misc.a /lib/libpamc.a 147 /usr/lib</command>: This command moves the static libraries to 148 <filename class='directory'>/usr/lib</filename> to comply with FHS 149 guidelines.</para> 150 151 <para><command>rm -v /lib/libpam{,c,_misc}.so; ln -v -sf ... 152 /usr/lib/...</command>: These commands move the 153 <filename class='symlink'>.so</filename> symlinks from 154 <filename class='directory'>/lib</filename> to 155 <filename class='directory'>/usr/lib</filename>.</para> 156 157 </sect2> 158 159 <sect2 role="configuration"> 160 <title>Configuring Linux-PAM</title> 161 162 <sect3 id="pam-config"> 163 <title>Config Files</title> 164 165 <para><filename>/etc/security/*</filename> and 166 <filename>/etc/pam.d/*</filename> or 167 <filename>/etc/pam.conf</filename></para> 168 169 <indexterm zone="Linux_PAM pam-config"> 170 <primary sortas="e-etc-security">/etc/security/*</primary> 171 </indexterm> 172 173 <indexterm zone="Linux_PAM pam-config"> 174 <primary sortas="e-etc-pam.d">/etc/pam.d/*</primary> 175 </indexterm> 176 177 <indexterm zone="Linux_PAM pam-config"> 178 <primary sortas="e-etc-pam.conf">/etc/pam.conf</primary> 179 </indexterm> 180 181 </sect3> 182 183 <sect3> 184 <title>Configuration Information</title> 185 186 <para>Configuration information is placed in 187 <filename class='directory'>/etc/pam.d/</filename> or 188 <filename>/etc/pam.conf</filename> depending on user preference. 189 Below are example files of each type:</para> 190 191 <screen><literal># Begin /etc/pam.d/other 175 192 176 193 auth required pam_unix.so nullok … … 188 205 other password required pam_unix.so nullok 189 206 190 # End /etc/pam.conf</screen> 191 192 <para>The <application><acronym>PAM</acronym></application> man page 193 (<command>man pam</command>) provides a good starting point for descriptions 194 of fields and allowable entries. The 195 <ulink url="http://www.kernel.org/pub/linux/libs/pam/Linux-PAM-html/pam.html"> 196 Linux-PAM guide for system administrators</ulink> 197 is recommended for further reading.</para> 198 199 <para>Refer to 200 <ulink url="http://www.kernel.org/pub/linux/libs/pam/modules.html"/> 201 for a list of various modules available.</para> 202 203 <note><para>You should now reinstall the <xref linkend="shadow"/> 204 package.</para></note> 205 </sect3> 206 207 </sect2> 208 209 <sect2> 210 <title>Contents</title> 211 212 <segmentedlist> 213 <segtitle>Installed Programs</segtitle> 214 <segtitle>Installed Libraries</segtitle> 215 <segtitle>Installed Directories</segtitle> 216 <seglistitem> 217 <seg>unix_chkpwd and pam_tally</seg> 218 <seg>libpam.[so,a], libpamc.[so,a] and libpam_misc.[so,a]</seg> 219 <seg>/etc/pam.d, /etc/security, /lib/security and /usr/include/security</seg> 220 </seglistitem> 221 </segmentedlist> 222 223 <variablelist> 224 <bridgehead renderas="sect3">Short Descriptions</bridgehead> 225 <?dbfo list-presentation="list"?> 226 227 <varlistentry id="unix_chkpwd"> 228 <term><command>unix_chkpwd</command></term> 229 <listitem><para>checks user passwords that are stored 230 in read protected databases.</para> 231 <indexterm zone="Linux_PAM unix_chkpwd"> 232 <primary sortas="b-unix_chkpwd">unix_chkpwd</primary></indexterm> 233 </listitem> 234 </varlistentry> 235 236 <varlistentry id="pam_tally"> 237 <term><command>pam_tally</command></term> 238 <listitem><para>is used to view or manipulate the <filename>faillog</filename> 239 file.</para> 240 <indexterm zone="Linux_PAM pam_tally"> 241 <primary sortas="b-pam_tally">pam_tally</primary></indexterm> 242 </listitem> 243 </varlistentry> 244 245 <varlistentry id="libpam"> 246 <term><filename class='libraryfile'>libpam.[so,a]</filename></term> 247 <listitem><para>provides the interfaces between applications and the 248 <acronym>PAM</acronym> modules.</para> 249 <indexterm zone="Linux_PAM libpam"> 250 <primary sortas="c-libpam">libpam.[so,a]</primary></indexterm> 251 </listitem> 252 </varlistentry> 253 </variablelist> 254 255 </sect2> 207 # End /etc/pam.conf</literal></screen> 208 209 <para>The <application>PAM</application> man page 210 (<command>man pam</command>) provides a good starting point for 211 descriptions of fields and allowable entries. The <ulink 212 url="http://www.kernel.org/pub/linux/libs/pam/Linux-PAM-html/pam.html"> 213 Linux-PAM guide for system administrators</ulink> 214 is recommended for further reading.</para> 215 216 <para>Refer to <ulink 217 url="http://www.kernel.org/pub/linux/libs/pam/modules.html"/> 218 for a list of various modules available.</para> 219 220 <note> 221 <para>You should now reinstall the <xref linkend="shadow"/> 222 package.</para> 223 </note> 224 225 </sect3> 226 227 </sect2> 228 229 <sect2 role="content"> 230 <title>Contents</title> 231 232 <segmentedlist> 233 <segtitle>Installed Programs</segtitle> 234 <segtitle>Installed Libraries</segtitle> 235 <segtitle>Installed Directories</segtitle> 236 237 <seglistitem> 238 <seg>unix_chkpwd and pam_tally</seg> 239 <seg>libpam.[so,a], libpamc.[so,a], and libpam_misc.[so,a]</seg> 240 <seg>/etc/pam.d, /etc/security, /lib/security, and 241 /usr/include/security</seg> 242 </seglistitem> 243 </segmentedlist> 244 245 <variablelist> 246 <bridgehead renderas="sect3">Short Descriptions</bridgehead> 247 <?dbfo list-presentation="list"?> 248 <?dbhtml list-presentation="table"?> 249 250 <varlistentry id="unix_chkpwd"> 251 <term><command>unix_chkpwd</command></term> 252 <listitem> 253 <para>checks user passwords that are stored 254 in read protected databases.</para> 255 <indexterm zone="Linux_PAM unix_chkpwd"> 256 <primary sortas="b-unix_chkpwd">unix_chkpwd</primary> 257 </indexterm> 258 </listitem> 259 </varlistentry> 260 261 <varlistentry id="pam_tally"> 262 <term><command>pam_tally</command></term> 263 <listitem> 264 <para>is used to view or manipulate the <filename>faillog</filename> 265 file.</para> 266 <indexterm zone="Linux_PAM pam_tally"> 267 <primary sortas="b-pam_tally">pam_tally</primary> 268 </indexterm> 269 </listitem> 270 </varlistentry> 271 272 <varlistentry id="libpam"> 273 <term><filename class='libraryfile'>libpam.[so,a]</filename></term> 274 <listitem> 275 <para>provides the interfaces between applications and the 276 PAM modules.</para> 277 <indexterm zone="Linux_PAM libpam"> 278 <primary sortas="c-libpam">libpam.[so,a]</primary> 279 </indexterm> 280 </listitem> 281 </varlistentry> 282 283 </variablelist> 284 285 </sect2> 256 286 257 287 </sect1> 258
Note:
See TracChangeset
for help on using the changeset viewer.