Changeset db248d06
- Timestamp:
- 09/12/2012 03:58:34 PM (12 years ago)
- Branches:
- 10.0, 10.1, 11.0, 11.1, 11.2, 11.3, 12.0, 12.1, 7.10, 7.4, 7.5, 7.6, 7.6-blfs, 7.6-systemd, 7.7, 7.8, 7.9, 8.0, 8.1, 8.2, 8.3, 8.4, 9.0, 9.1, basic, bdubbs/svn, elogind, gnome, kde5-13430, kde5-14269, kde5-14686, kea, ken/TL2024, ken/inkscape-core-mods, ken/tuningfonts, krejzi/svn, lazarus, lxqt, nosym, perl-modules, plabs/newcss, plabs/python-mods, python3.11, qt5new, rahul/power-profiles-daemon, renodr/vulkan-addition, systemd-11177, systemd-13485, trunk, upgradedb, xry111/intltool, xry111/llvm18, xry111/soup3, xry111/test-20220226, xry111/xf86-video-removal
- Children:
- 0d50cca
- Parents:
- 1ddbf11a
- Files:
-
- 3 edited
-
general.ent (modified) (1 diff)
-
introduction/welcome/changelog.xml (modified) (1 diff)
-
postlfs/security/linux-pam.xml (modified) (11 diffs)
Legend:
- Unmodified
- Added
- Removed
-
general.ent
r1ddbf11a rdb248d06 171 171 <!ENTITY liboauth-version "0.9.7"> 172 172 <!ENTITY libpwquality-version "1.2.0"> 173 <!ENTITY linux-pam-version "1.1. 5">173 <!ENTITY linux-pam-version "1.1.6"> 174 174 <!ENTITY mitkrb-version "1.10.3"> 175 175 <!ENTITY nettle-version "2.5"> -
introduction/welcome/changelog.xml
r1ddbf11a rdb248d06 48 48 <itemizedlist> 49 49 <listitem> 50 <para>[krejzi] - Linux PAM 1.1.6.</para> 51 </listitem> 52 <listitem> 50 53 <para>[krejzi] - Thunderbird 15.0.1.</para> 51 54 </listitem> -
postlfs/security/linux-pam.xml
r1ddbf11a rdb248d06 5 5 %general-entities; 6 6 7 <!ENTITY linux-pam-download-http "http s://fedorahosted.org/releases/l/i/linux-pam/Linux-PAM-&linux-pam-version;.tar.bz2">7 <!ENTITY linux-pam-download-http "http://linux-pam.org/library/Linux-PAM-&linux-pam-version;.tar.bz2"> 8 8 <!ENTITY linux-pam-download-ftp " "> 9 <!ENTITY linux-pam-md5sum " 927ee5585bdec5256c75117e9348aa47">9 <!ENTITY linux-pam-md5sum "7b73e58b7ce79ffa321d408de06db2c4"> 10 10 <!ENTITY linux-pam-size "1.1 MB"> 11 <!ENTITY linux-pam-buildsize "28 MB (includes installing the optional documentation)">11 <!ENTITY linux-pam-buildsize "28 MB"> 12 12 <!ENTITY linux-pam-time "0.3 SBU"> 13 13 14 <!ENTITY linux-pam-docs-download "http s://fedorahosted.org/releases/l/i/linux-pam/Linux-PAM-&linux-pam-version;-docs.tar.bz2">15 <!ENTITY linux-pam-docs-md5sum " 987e14ddce375ec7ddd2b91fbc2bd46d">16 <!ENTITY linux-pam-docs-size " 487KB">14 <!ENTITY linux-pam-docs-download "http://linux-pam.org/documentation/Linux-PAM-&linux-pam-version;-docs.tar.bz2"> 15 <!ENTITY linux-pam-docs-md5sum "43d19ccf40c1feb074e29922626f4971"> 16 <!ENTITY linux-pam-docs-size "144 KB"> 17 17 <!ENTITY debian-pam-docs "http://debian.securedservers.com/kernel/pub/linux/libs/pam"> 18 18 ]> … … 33 33 34 34 <sect2 role="package"> 35 <title>Introduction to Linux-PAM</title> 36 37 <para>The <application>Linux-PAM</application> package contains 38 Pluggable Authentication Modules. This is useful to enable the 39 local system administrator to choose how applications authenticate 40 users.</para> 41 42 &lfs70_checked; 35 <title>Introduction to Linux PAM</title> 36 37 <para> 38 The <application>Linux PAM</application> package contains 39 Pluggable Authentication Modules used to enable the local 40 system administrator to choose how applications authenticate 41 users. 42 </para> 43 44 &lfs72_checked; 43 45 44 46 <bridgehead renderas="sect3">Package Information</bridgehead> 45 47 <itemizedlist spacing="compact"> 46 48 <listitem> 47 <para>Download (HTTP): <ulink url="&linux-pam-download-http;"/></para> 48 </listitem> 49 <listitem> 50 <para>Download (FTP): <ulink url="&linux-pam-download-ftp;"/></para> 51 </listitem> 52 <listitem> 53 <para>Download MD5 sum: &linux-pam-md5sum;</para> 54 </listitem> 55 <listitem> 56 <para>Download size: &linux-pam-size;</para> 57 </listitem> 58 <listitem> 59 <para>Estimated disk space required: &linux-pam-buildsize;</para> 60 </listitem> 61 <listitem> 62 <para>Estimated build time: &linux-pam-time;</para> 49 <para> 50 Download (HTTP): <ulink url="&linux-pam-download-http;"/> 51 </para> 52 </listitem> 53 <listitem> 54 <para> 55 Download (FTP): <ulink url="&linux-pam-download-ftp;"/> 56 </para> 57 </listitem> 58 <listitem> 59 <para> 60 Download MD5 sum: &linux-pam-md5sum; 61 </para> 62 </listitem> 63 <listitem> 64 <para> 65 Download size: &linux-pam-size; 66 </para> 67 </listitem> 68 <listitem> 69 <para> 70 Estimated disk space required: &linux-pam-buildsize; 71 </para> 72 </listitem> 73 <listitem> 74 <para> 75 Estimated build time: &linux-pam-time; 76 </para> 63 77 </listitem> 64 78 </itemizedlist> 65 79 66 80 <bridgehead renderas="sect3">Additional Downloads</bridgehead> 67 <itemizedlist spacing= 'compact'>81 <itemizedlist spacing="compact"> 68 82 <title>Optional Documentation</title> 69 83 <listitem> 70 <para>Download (HTTP): <ulink url="&linux-pam-docs-download;"/></para> 71 </listitem> 72 <listitem> 73 <para>Download MD5 sum: &linux-pam-docs-md5sum;</para> 74 </listitem> 75 <listitem> 76 <para>Download size &linux-pam-docs-size;</para> 84 <para> 85 Download (HTTP): <ulink url="&linux-pam-docs-download;"/> 86 </para> 87 </listitem> 88 <listitem> 89 <para> 90 Download MD5 sum: &linux-pam-docs-md5sum; 91 </para> 92 </listitem> 93 <listitem> 94 <para> 95 Download size &linux-pam-docs-size; 96 </para> 77 97 </listitem> 78 98 </itemizedlist> 79 99 80 <bridgehead renderas="sect3">Linux -PAM Dependencies</bridgehead>100 <bridgehead renderas="sect3">Linux PAM Dependencies</bridgehead> 81 101 82 102 <bridgehead renderas="sect4">Optional</bridgehead> 83 <para role="optional"><xref linkend="cracklib"/>, 84 <xref linkend="libtirpc"/>, <xref linkend="x-window-system"/>, 85 <xref linkend="db"/> (for the pam_userdb module), and 86 <ulink url="http://www.prelude-ids.org/">Prelude</ulink></para> 87 88 <bridgehead renderas="sect4">Optional (To {,Re}build the Documentation)</bridgehead> 89 <para role="optional"><xref linkend="libxslt"/>, 90 <xref linkend="DocBook"/>, 91 <xref linkend="docbook-xsl"/>, 92 <xref linkend="w3m"/>, and 93 <xref linkend="fop"/></para> 103 <para role="optional"> 104 <xref linkend="db"/>, 105 <xref linkend="cracklib"/>, 106 <xref linkend="libtirpc"/> and 107 <ulink url="http://www.prelude-ids.org/">Prelude</ulink> 108 </para> 109 110 <bridgehead renderas="sect4">Optional (To Rebuild the Documentation)</bridgehead> 111 <para role="optional"> 112 <xref linkend="DocBook"/>, 113 <xref linkend="docbook-xsl"/>, 114 <xref linkend="fop"/>, 115 <xref linkend="libxslt"/> and 116 <xref linkend="w3m"/> 117 </para> 94 118 95 119 <para condition="html" role="usernotes">User Notes: 96 <ulink url="&blfs-wiki;/linux-pam"/></para> 120 <ulink url="&blfs-wiki;/linux-pam"/> 121 </para> 97 122 </sect2> 98 123 99 124 <sect2 role="installation"> 100 <title>Installation of Linux-PAM</title> 101 102 <para>If you downloaded the documentation, unpack the tarball by issuing 103 the following command.</para> 125 <title>Installation of Linux PAM</title> 126 127 <para> 128 If you downloaded the documentation, unpack the tarball by issuing 129 the following command. 130 </para> 104 131 105 132 <screen><userinput>tar -xf ../Linux-PAM-&linux-pam-version;-docs.tar.bz2 --strip-components=1</userinput></screen> 106 133 107 <para>Install <application>Linux-PAM</application> by 108 running the following commands:</para> 109 110 <screen><userinput>./configure --sbindir=/lib/security \ 134 <para> 135 Install <application>Linux PAM</application> by 136 running the following commands: 137 </para> 138 139 <screen><userinput>./configure --prefix=/usr \ 140 --sysconfdir=/etc \ 111 141 --docdir=/usr/share/doc/Linux-PAM-&linux-pam-version; \ 112 --disable-nis \ 113 --enable-read-both-confs && 142 --disable-nis && 114 143 make</userinput></screen> 115 144 116 <para>To test the results, a configuration file must be created. This file 117 will be removed after the tests have completed. Ensure there are no errors 118 produced by the tests before continuing the installation. First create the 119 configuration file by issuing the following commands as the 120 <systemitem class="username">root</systemitem> user:</para> 145 <para> 146 To test the results, a configuration file must be created. This file 147 will be removed after the tests have completed. Ensure there are no errors 148 produced by the tests before continuing the installation. First create the 149 configuration file by issuing the following commands as the 150 <systemitem class="username">root</systemitem> user: 151 </para> 121 152 122 153 <screen role="root"><userinput>install -v -m755 -d /etc/pam.d && … … 129 160 EOF</userinput></screen> 130 161 131 <para>Now run the tests by issuing <command>make check</command>.</para> 132 133 <para>Remove the configuration file created earlier by issuing the 134 following command as the 135 <systemitem class="username">root</systemitem> user:</para> 162 <para> 163 Now run the tests by issuing <command>make check</command>. 164 </para> 165 166 <para> 167 Remove the configuration file created earlier by issuing the 168 following command as the 169 <systemitem class="username">root</systemitem> user: 170 </para> 136 171 137 172 <screen role="root"><userinput>rm -rfv /etc/pam.d</userinput></screen> 138 173 139 <para>Now, as the <systemitem class="username">root</systemitem> 140 user:</para> 174 <para> 175 Now, as the <systemitem class="username">root</systemitem> 176 user: 177 </para> 141 178 142 179 <screen role="root"><userinput>make install && 143 chmod -v 4755 /lib/security/unix_chkpwd && 144 mv -v /lib/security/pam_tally /sbin</userinput></screen> 180 chmod -v 4755 /sbin/security/unix_chkpwd</userinput></screen> 145 181 </sect2> 146 182 … … 148 184 <title>Command Explanations</title> 149 185 150 <para><parameter>--sbindir=/lib/security</parameter>: This parameter 151 results in three executables, two of which are not intended to be run from 152 the command line, being installed in the same directory as the PAM modules. 153 The other executable is later moved to the 154 <filename class="directory">/sbin</filename> directory.</para> 155 156 <para><parameter>--docdir=...</parameter>: This parameter results in 157 the documentation being installed in a versioned directory name.</para> 158 159 <para><parameter>--disable-nis</parameter>: This option disables building 160 Network Information Service/Yellow Pages support in pam_unix and pam_access. 161 The RPC implementation in glibc (on which NIS/YP depends) is deprecated. 162 However, the same functionality is provided by 163 <application>Libtirpc</application> so if you've installed 164 <xref linkend="libtirpc"/> you can remove the 165 <parameter>--disable-nis</parameter> option.</para> 166 167 <para><parameter>--enable-read-both-confs</parameter>: This parameter 168 allows the local administrator to choose which configuration file setup to 169 use.</para> 170 171 <para><command>chmod -v 4755 /lib/security/unix_chkpwd</command>: 172 The <command>unix_chkpwd</command> password-helper program must be setuid 173 so that non-<systemitem class="username">root</systemitem> processes can 174 access the shadow-password file.</para> 175 176 <para><command>mv -v /lib/security/pam_tally /sbin</command>: The 177 <command>pam_tally</command> program is designed to be run by the system 178 administrator, possibly in single-user mode, so it is moved to the 179 appropriate directory.</para> 186 <para> 187 <option>--disable-nis</option>: This switch disables building 188 of the Network Information Service/Yellow Pages support in 189 pam_unix and pam_access modules. Remove it if you have installed 190 <xref linkend="libtirpc"/>. 191 </para> 192 193 <para> 194 <command>chmod -v 4755 /sbin/security/unix_chkpwd</command>: 195 The <command>unix_chkpwd</command> helper program must be setuid 196 so that non-<systemitem class="username">root</systemitem> 197 processes can access the shadow file. 198 </para> 199 180 200 </sect2> 181 201 … … 186 206 <title>Config Files</title> 187 207 188 <para><filename>/etc/security/*</filename> and 189 <filename>/etc/pam.d/*</filename> or 190 <filename>/etc/pam.conf</filename></para> 208 <para> 209 <filename>/etc/security/*</filename> and 210 <filename>/etc/pam.d/*</filename> 211 </para> 191 212 192 213 <indexterm zone="linux-pam pam-config"> … … 198 219 </indexterm> 199 220 200 <indexterm zone="linux-pam pam-config">201 <primary sortas="e-etc-pam.conf">/etc/pam.conf</primary>202 </indexterm>203 221 </sect3> 204 222 … … 206 224 <title>Configuration Information</title> 207 225 208 <para>Configuration information is placed in 209 <filename class="directory">/etc/pam.d/</filename> or 210 <filename>/etc/pam.conf</filename> depending on system administrator 211 preference. Below are example files of each type:</para> 226 <para> 227 Configuration information is placed in 228 <filename class="directory">/etc/pam.d/</filename>. 229 Below is an example file: 230 </para> 212 231 213 232 <screen><literal># Begin /etc/pam.d/other … … 218 237 password required pam_unix.so nullok 219 238 220 # End /etc/pam.d/other 221 222 # Begin /etc/pam.conf 223 224 other auth required pam_unix.so nullok 225 other account required pam_unix.so 226 other session required pam_unix.so 227 other password required pam_unix.so nullok 228 229 # End /etc/pam.conf</literal></screen> 230 231 <para>The <application>PAM</application> man page (<command>man 232 pam</command>) provides a good starting point for descriptions of fields 233 and allowable entries. The <ulink 234 url="&debian-pam-docs;/Linux-PAM-html/Linux-PAM_SAG.html"> Linux-PAM 235 System Administrators' Guide</ulink> is recommended for additional 236 information.</para> 237 238 <para>Refer to <ulink url="&debian-pam-docs;/modules.html"/> for a list 239 of various third-party modules available.</para> 239 # End /etc/pam.d/other</literal></screen> 240 241 <para> 242 The <application>PAM</application> man page (<command>man 243 pam</command>) provides a good starting point for descriptions 244 of fields and allowable entries. The <ulink 245 url="&debian-pam-docs;/Linux-PAM-html/Linux-PAM_SAG.html">Linux-PAM 246 System Administrators' Guide</ulink> is recommended for additional 247 information. 248 </para> 249 250 <para> 251 Refer to <ulink url="&debian-pam-docs;/modules.html"/> for a list 252 of various third-party modules available. 253 </para> 240 254 241 255 <important> 242 <para>You should now reinstall the <xref linkend="shadow"/> 243 package.</para> 256 <para> 257 You should now reinstall the <xref linkend="shadow"/> 258 package. 259 </para> 244 260 </important> 261 245 262 </sect3> 263 246 264 </sect2> 247 265 … … 255 273 256 274 <seglistitem> 257 <seg>pam_tally</seg> 258 <seg>libpam.{so,a}, libpamc.{so,a}, libpam_misc.{so,a} and 259 numerous PAM modules</seg> 260 <seg>/etc/security, /lib/security, /usr/include/security, 261 /usr/share/doc/Linux-PAM-&linux-pam-version;, 262 and /var/run/sepermit</seg> 275 <seg> 276 mkhomedir_helper, pam_tally, pam_tally2, 277 pam_timestamp_check, unix_chkpwd and 278 unix_update 279 </seg> 280 <seg> 281 libpam.so, libpamc.so and libpam_misc.so 282 </seg> 283 <seg> 284 /etc/security, 285 /lib/security, 286 /usr/include/security and 287 /usr/share/doc/Linux-PAM-&linux-pam-version; 288 </seg> 263 289 </seglistitem> 264 290 </segmentedlist> … … 269 295 <?dbhtml list-presentation="table"?> 270 296 297 <varlistentry id="mkhomedir_helper"> 298 <term><command>mkhomedir_helper</command></term> 299 <listitem> 300 <para> 301 is a helper binary that creates home directories. 302 </para> 303 <indexterm zone="linux-pam mkhomedir_helper"> 304 <primary sortas="b-mkhomedir_helper">mkhomedir_helper</primary> 305 </indexterm> 306 </listitem> 307 </varlistentry> 308 271 309 <varlistentry id="pam_tally"> 272 310 <term><command>pam_tally</command></term> 273 311 <listitem> 274 <para>is used to view or manipulate the <filename>faillog</filename> 275 file.</para> 312 <para> 313 is used to interrogate and manipulate the login counter file. 314 </para> 276 315 <indexterm zone="linux-pam pam_tally"> 277 316 <primary sortas="b-pam_tally">pam_tally</primary> … … 280 319 </varlistentry> 281 320 321 <varlistentry id="pam_tally2"> 322 <term><command>pam_tally2</command></term> 323 <listitem> 324 <para> 325 is used to interrogate and manipulate the login counter file, but 326 does not have some limitations that <command>pam_tally</command> 327 does. 328 </para> 329 <indexterm zone="linux-pam pam_tally2"> 330 <primary sortas="b-pam_tally2">pam_tally2</primary> 331 </indexterm> 332 </listitem> 333 </varlistentry> 334 335 <varlistentry id="pam_timestamp_check"> 336 <term><command>pam_timestamp_check</command></term> 337 <listitem> 338 <para> 339 is used to check if the default timestamp is valid 340 </para> 341 <indexterm zone="linux-pam pam_timestamp_check"> 342 <primary sortas="b-pam_timestamp_check">pam_timestamp_check</primary> 343 </indexterm> 344 </listitem> 345 </varlistentry> 346 347 <varlistentry id="unix_chkpwd"> 348 <term><command>unix_chkpwd</command></term> 349 <listitem> 350 <para> 351 is a helper binary that verifies the password of the current user. 352 </para> 353 <indexterm zone="linux-pam unix_chkpwd"> 354 <primary sortas="b-unix_chkpwd">unix_chkpwd</primary> 355 </indexterm> 356 </listitem> 357 </varlistentry> 358 359 <varlistentry id="unix_update"> 360 <term><command>unix_update</command></term> 361 <listitem> 362 <para> 363 is a helper binary that updates the password of a given user. 364 </para> 365 <indexterm zone="linux-pam unix_update"> 366 <primary sortas="b-unix_update">unix_update</primary> 367 </indexterm> 368 </listitem> 369 </varlistentry> 370 282 371 <varlistentry id="libpam"> 283 <term><filename class="libraryfile">libpam.{so,a}</filename></term> 284 <listitem> 285 <para>provides the interfaces between applications and the 286 PAM modules.</para> 372 <term><filename class="libraryfile">libpam.so</filename></term> 373 <listitem> 374 <para> 375 provides the interfaces between applications and the 376 PAM modules. 377 </para> 287 378 <indexterm zone="linux-pam libpam"> 288 <primary sortas="c-libpam">libpam.{so,a}</primary> 289 </indexterm> 290 </listitem> 291 </varlistentry> 379 <primary sortas="c-libpam">libpam.so</primary> 380 </indexterm> 381 </listitem> 382 </varlistentry> 383 292 384 </variablelist> 293 </sect2> 385 386 </sect2> 387 294 388 </sect1>
Note:
See TracChangeset
for help on using the changeset viewer.
