Djam/pam
1
0
Fork 0
mirror of https://abf.rosa.ru/djam/pam.git synced 2025-02-23 08:22:53 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

1.8.0

Browse source
This commit is contained in:
akdengi 2014-01-21 14:49:16 +04:00
parent 5490f0133d
commit f4bec3e628
17 changed files with 286 additions and 205 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
.abf.yml
View file

@ -1,3 +1,5 @@
removed_sources:
Linux-PAM-1.1.4.tar.bz2: 4634b09f9e059f384ce69dbaa4a67f88bef5cf7b
sources:
"Linux-PAM-1.1.4.tar.bz2": 4634b09f9e059f384ce69dbaa4a67f88bef5cf7b
"pam-redhat-0.99.10-1.tar.bz2": 09e618edc5dcda9a6eb435a31db742afca673ae1
Linux-PAM-1.1.8.tar.bz2: f8ce53c67363f78d520392fa1c253c4978058be1
pam-redhat-0.99.10-1.tar.bz2: 09e618edc5dcda9a6eb435a31db742afca673ae1

6
90-nproc.conf Normal file
View file

@ -0,0 +1,6 @@
# Default limit for number of user's processes to prevent
# accidental fork bombs.
# See rhbz #432903 for reasoning.
* soft nproc 1024
root soft nproc unlimited

4
Linux-PAM-1.1.1-xauth-groups.patch
View file

@ -1,5 +1,5 @@
--- modules/pam_xauth/pam_xauth.c 2010-10-08 13:56:11.000000000 +0200
+++ modules/pam_xauth/pam_xauth.c.oden 2010-11-03 11:23:06.714312576 +0100
--- a/modules/pam_xauth/pam_xauth.c 2010-10-08 13:56:11.000000000 +0200
+++ b/modules/pam_xauth/pam_xauth.c.oden 2010-11-03 11:23:06.714312576 +0100
@@ -90,7 +90,7 @@ static const char * const xauthpaths[] =
* given input on stdin, and storing any output it generates. */
static int

8
Linux-PAM-1.1.4.tar.bz2.sign
View file

@ -1,8 +0,0 @@
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: See http://www.kernel.org/signature.html for info
iD8DBQBOBHzAyGugalF9Dw4RAvUUAJ0SfOT7ITyalk4JsmIe5tJSdIB5ygCfZ2ku
aHp5ptRfKYgWdlnFv+3F7H4=
=kqy6
-----END PGP SIGNATURE-----

34
pam-0.99.3.0-README.update
View file

@ -1,34 +0,0 @@
PAM 0.99.3.0 update notes
- pam_stack module depreciation
The pam_stack module is now deprecated. It has to be replaced by
include directives in pam.d configuration files. pam_stack usage won't
make pam fail in this release, but it will be removed in a future
release, better avoid it. It's basically a matter of replacing
"required pam_stack.so service=<foo>" with "include <foo>".
This can't be automatically updated on system-edited configuration
files because it isn't always that simple. Some "sufficient"
directives in the included file may now occult directives that were
previously matched, in the same configuration phase
(auth/account/password/session).
So, the rules may have to be reordered, and the "include" directives
have often to be lowered at the bottom of each phase.
See Fedora instructions and release notes for more details.
http://www.redhat.com/archives/fedora-devel-list/2005-October/msg00050.html
http://www.redhat.com/archives/fedora-devel-list/2005-October/msg00084.html
http://fedora.redhat.com/docs/release-notes/fc5/test2-latest-en/sn-package-notes.html
- pam_pwdb dropped
The pam_pwdb module has been obsolete for a couple of years now, it is
not anymore available in the pam package from Mandriva.
The pam_unix module has to be prefered.
- services linked with pam
Services linked with the old pam library have to be restarted once the
new pam package has been installed.
This includes services such as crond, xdm, gdm, kdm, samba.

8
pam-0.99.8.1-11mdv2009.0-README.update
View file

@ -1,8 +0,0 @@
PAM 0.99.8.1 update notes
- pam_unix dropped
The pam_unix module has been dropped in favour of the pam_tcb module and is
no longer available in the pam package from Mandriva. The pam_tcb module will
work with the TCB shadowing scheme or regular shadow passwords. It also provides
the ability to use blowfish passwords, rather than just md5 passwords.

27
pam-1.1.2-noflex.patch
View file

@ -1,27 +0,0 @@
diff -up Linux-PAM-1.1.2/doc/Makefile.am.noflex Linux-PAM-1.1.2/doc/Makefile.am
--- Linux-PAM-1.1.2/doc/Makefile.am.noflex 2008-02-04 16:05:51.000000000 +0100
+++ Linux-PAM-1.1.2/doc/Makefile.am 2010-09-20 10:40:59.000000000 +0200
@@ -2,7 +2,7 @@
# Copyright (c) 2005, 2006 Thorsten Kukuk <kukuk@suse.de>
#
-SUBDIRS = man specs sag adg mwg
+SUBDIRS = man sag adg mwg
CLEANFILES = *~
diff -up Linux-PAM-1.1.2/Makefile.am.noflex Linux-PAM-1.1.2/Makefile.am
--- Linux-PAM-1.1.2/Makefile.am.noflex 2010-07-08 14:04:19.000000000 +0200
+++ Linux-PAM-1.1.2/Makefile.am 2010-09-20 10:04:56.000000000 +0200
@@ -5,9 +5,9 @@
AUTOMAKE_OPTIONS = 1.9 gnu dist-bzip2 check-news
if STATIC_MODULES
-SUBDIRS = modules libpam libpamc libpam_misc tests po conf doc examples xtests
+SUBDIRS = modules libpam libpamc libpam_misc tests po doc examples xtests
else
-SUBDIRS = libpam tests libpamc libpam_misc modules po conf doc examples xtests
+SUBDIRS = libpam tests libpamc libpam_misc modules po doc examples xtests
endif
CLEANFILES = *~

12
pam-1.1.5-limits-user.patch Normal file
View file

@ -0,0 +1,12 @@
diff -up Linux-PAM-1.1.5/modules/pam_limits/limits.conf.limits Linux-PAM-1.1.5/modules/pam_limits/limits.conf
--- Linux-PAM-1.1.5/modules/pam_limits/limits.conf.limits 2011-06-21 11:04:56.000000000 +0200
+++ Linux-PAM-1.1.5/modules/pam_limits/limits.conf 2011-12-21 09:09:17.000000000 +0100
@@ -1,5 +1,8 @@
# /etc/security/limits.conf
#
+#This file sets the resource limits for the users logged in via PAM.
+#It does not affect resource limits of the system services.
+#
#Each line describes a limit for a user in the form:
#
#<domain> <type> <item> <value>

24
pam-1.1.6-noflex.patch Normal file
View file

@ -0,0 +1,24 @@
diff -up Linux-PAM-1.1.6/doc/Makefile.am.noflex Linux-PAM-1.1.6/doc/Makefile.am
--- Linux-PAM-1.1.6/doc/Makefile.am.noflex 2012-08-15 13:08:43.000000000 +0200
+++ Linux-PAM-1.1.6/doc/Makefile.am 2012-08-17 14:13:11.904949748 +0200
@@ -2,7 +2,7 @@
# Copyright (c) 2005, 2006 Thorsten Kukuk <kukuk@suse.de>
#
-SUBDIRS = man specs sag adg mwg
+SUBDIRS = man sag adg mwg
CLEANFILES = *~
diff -up Linux-PAM-1.1.6/Makefile.am.noflex Linux-PAM-1.1.6/Makefile.am
--- Linux-PAM-1.1.6/Makefile.am.noflex 2012-08-15 13:08:43.000000000 +0200
+++ Linux-PAM-1.1.6/Makefile.am 2012-08-17 14:15:36.705359892 +0200
@@ -4,7 +4,7 @@
AUTOMAKE_OPTIONS = 1.9 gnu dist-bzip2 check-news
-SUBDIRS = libpam tests libpamc libpam_misc modules po conf doc examples xtests
+SUBDIRS = libpam tests libpamc libpam_misc modules po doc examples xtests
CLEANFILES = *~

110
pam-1.0.91-std-noclose.patch → pam-1.1.6-std-noclose.patch
View file

@ -1,7 +1,7 @@
diff -up Linux-PAM-1.0.91/modules/pam_mkhomedir/pam_mkhomedir.c.std-noclose Linux-PAM-1.0.91/modules/pam_mkhomedir/pam_mkhomedir.c
--- Linux-PAM-1.0.91/modules/pam_mkhomedir/pam_mkhomedir.c.std-noclose 2009-03-03 14:56:01.000000000 +0100
+++ Linux-PAM-1.0.91/modules/pam_mkhomedir/pam_mkhomedir.c 2009-03-26 10:02:15.000000000 +0100
@@ -131,13 +131,21 @@ create_homedir (pam_handle_t *pamh, int
diff -up Linux-PAM-1.1.6/modules/pam_mkhomedir/pam_mkhomedir.c.std-noclose Linux-PAM-1.1.6/modules/pam_mkhomedir/pam_mkhomedir.c
--- Linux-PAM-1.1.6/modules/pam_mkhomedir/pam_mkhomedir.c.std-noclose 2012-08-15 13:08:43.000000000 +0200
+++ Linux-PAM-1.1.6/modules/pam_mkhomedir/pam_mkhomedir.c 2012-08-17 13:25:20.684075361 +0200
@@ -133,13 +133,21 @@ create_homedir (pam_handle_t *pamh, opti
if (child == 0) {
int i;
struct rlimit rlim;
@ -21,59 +21,13 @@ diff -up Linux-PAM-1.0.91/modules/pam_mkhomedir/pam_mkhomedir.c.std-noclose Linu
rlim.rlim_max = MAX_FD_NO;
- for (i=0; i < (int)rlim.rlim_max; i++) {
+ for (i = STDERR_FILENO + 1; i < (int)rlim.rlim_max; i++) {
close(i);
close(i);
}
}
diff -up Linux-PAM-1.0.91/modules/pam_unix/support.c.std-noclose Linux-PAM-1.0.91/modules/pam_unix/support.c
--- Linux-PAM-1.0.91/modules/pam_unix/support.c.std-noclose 2009-03-03 14:56:01.000000000 +0100
+++ Linux-PAM-1.0.91/modules/pam_unix/support.c 2009-03-26 10:08:59.000000000 +0100
@@ -443,13 +443,16 @@ static int _unix_run_helper_binary(pam_h
/* reopen stdin as pipe */
dup2(fds[0], STDIN_FILENO);
+ /* and replace also the stdout/err as the helper will
+ not write anything there */
+ dup2(fds[1], STDOUT_FILENO);
+ dup2(fds[1], STDERR_FILENO);
if (getrlimit(RLIMIT_NOFILE,&rlim)==0) {
if (rlim.rlim_max >= MAX_FD_NO)
rlim.rlim_max = MAX_FD_NO;
- for (i=0; i < (int)rlim.rlim_max; i++) {
- if (i != STDIN_FILENO)
- close(i);
+ for (i = STDERR_FILENO + 1; i < (int)rlim.rlim_max; i++) {
+ close(i);
}
}
diff -up Linux-PAM-1.0.91/modules/pam_unix/pam_unix_passwd.c.std-noclose Linux-PAM-1.0.91/modules/pam_unix/pam_unix_passwd.c
--- Linux-PAM-1.0.91/modules/pam_unix/pam_unix_passwd.c.std-noclose 2009-03-03 14:56:01.000000000 +0100
+++ Linux-PAM-1.0.91/modules/pam_unix/pam_unix_passwd.c 2009-03-26 10:07:06.000000000 +0100
@@ -175,13 +175,16 @@ static int _unix_run_update_binary(pam_h
/* reopen stdin as pipe */
dup2(fds[0], STDIN_FILENO);
+ /* and replace also the stdout/err as the helper will
+ not write anything there */
+ dup2(fds[1], STDOUT_FILENO);
+ dup2(fds[1], STDERR_FILENO);
if (getrlimit(RLIMIT_NOFILE,&rlim)==0) {
if (rlim.rlim_max >= MAX_FD_NO)
rlim.rlim_max = MAX_FD_NO;
- for (i=0; i < (int)rlim.rlim_max; i++) {
- if (i != STDIN_FILENO)
- close(i);
+ for (i = STDERR_FILENO + 1; i < (int)rlim.rlim_max; i++) {
+ close(i);
}
}
diff -up Linux-PAM-1.0.91/modules/pam_unix/pam_unix_acct.c.std-noclose Linux-PAM-1.0.91/modules/pam_unix/pam_unix_acct.c
--- Linux-PAM-1.0.91/modules/pam_unix/pam_unix_acct.c.std-noclose 2009-03-03 14:56:01.000000000 +0100
+++ Linux-PAM-1.0.91/modules/pam_unix/pam_unix_acct.c 2009-03-26 10:05:41.000000000 +0100
@@ -100,16 +100,18 @@ int _unix_run_verify_binary(pam_handle_t
diff -up Linux-PAM-1.1.6/modules/pam_unix/pam_unix_acct.c.std-noclose Linux-PAM-1.1.6/modules/pam_unix/pam_unix_acct.c
--- Linux-PAM-1.1.6/modules/pam_unix/pam_unix_acct.c.std-noclose 2012-08-15 13:08:43.000000000 +0200
+++ Linux-PAM-1.1.6/modules/pam_unix/pam_unix_acct.c 2012-08-17 13:22:51.664560481 +0200
@@ -105,16 +105,18 @@ int _unix_run_verify_binary(pam_handle_t
/* reopen stdout as pipe */
dup2(fds[1], STDOUT_FILENO);
@ -96,3 +50,49 @@ diff -up Linux-PAM-1.0.91/modules/pam_unix/pam_unix_acct.c.std-noclose Linux-PAM
}
}
diff -up Linux-PAM-1.1.6/modules/pam_unix/pam_unix_passwd.c.std-noclose Linux-PAM-1.1.6/modules/pam_unix/pam_unix_passwd.c
--- Linux-PAM-1.1.6/modules/pam_unix/pam_unix_passwd.c.std-noclose 2012-08-15 13:08:43.000000000 +0200
+++ Linux-PAM-1.1.6/modules/pam_unix/pam_unix_passwd.c 2012-08-17 14:10:38.917346789 +0200
@@ -210,13 +210,16 @@ static int _unix_run_update_binary(pam_h
/* reopen stdin as pipe */
dup2(fds[0], STDIN_FILENO);
+ /* and replace also the stdout/err as the helper will
+ not write anything there */
+ dup2(fds[1], STDOUT_FILENO);
+ dup2(fds[1], STDERR_FILENO);
if (getrlimit(RLIMIT_NOFILE,&rlim)==0) {
if (rlim.rlim_max >= MAX_FD_NO)
rlim.rlim_max = MAX_FD_NO;
- for (i=0; i < (int)rlim.rlim_max; i++) {
- if (i != STDIN_FILENO)
- close(i);
+ for (i = STDERR_FILENO + 1; i < (int)rlim.rlim_max; i++) {
+ close(i);
}
}
diff -up Linux-PAM-1.1.6/modules/pam_unix/support.c.std-noclose Linux-PAM-1.1.6/modules/pam_unix/support.c
--- Linux-PAM-1.1.6/modules/pam_unix/support.c.std-noclose 2012-08-15 13:08:43.000000000 +0200
+++ Linux-PAM-1.1.6/modules/pam_unix/support.c 2012-08-17 14:12:10.833511475 +0200
@@ -469,13 +469,16 @@ static int _unix_run_helper_binary(pam_h
/* reopen stdin as pipe */
dup2(fds[0], STDIN_FILENO);
+ /* and replace also the stdout/err as the helper will
+ not write anything there */
+ dup2(fds[1], STDOUT_FILENO);
+ dup2(fds[1], STDERR_FILENO);
if (getrlimit(RLIMIT_NOFILE,&rlim)==0) {
if (rlim.rlim_max >= MAX_FD_NO)
rlim.rlim_max = MAX_FD_NO;
- for (i=0; i < (int)rlim.rlim_max; i++) {
- if (i != STDIN_FILENO)
- close(i);
+ for (i = STDERR_FILENO + 1; i < (int)rlim.rlim_max; i++) {
+ close(i);
}
}

48
pam-1.1.7-tty-audit-init.patch Normal file
View file

@ -0,0 +1,48 @@
diff -up Linux-PAM-1.1.7/modules/pam_tty_audit/pam_tty_audit.c.tty-audit-init Linux-PAM-1.1.7/modules/pam_tty_audit/pam_tty_audit.c
--- Linux-PAM-1.1.7/modules/pam_tty_audit/pam_tty_audit.c.tty-audit-init 2013-08-28 10:53:40.000000000 +0200
+++ Linux-PAM-1.1.7/modules/pam_tty_audit/pam_tty_audit.c 2013-10-04 14:51:19.944994905 +0200
@@ -36,6 +36,7 @@
USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
DAMAGE. */
+#include "config.h"
#include <errno.h>
#include <fnmatch.h>
#include <stdlib.h>
@@ -108,7 +109,7 @@ nl_recv (int fd, unsigned type, void *bu
struct msghdr msg;
struct nlmsghdr nlm;
struct iovec iov[2];
- ssize_t res;
+ ssize_t res, resdiff;
again:
iov[0].iov_base = &nlm;
@@ -160,12 +161,17 @@ nl_recv (int fd, unsigned type, void *bu
res = recvmsg (fd, &msg, 0);
if (res == -1)
return -1;
- if ((size_t)res != NLMSG_LENGTH (size)
+ resdiff = NLMSG_LENGTH(size) - (size_t)res;
+ if (resdiff < 0
|| nlm.nlmsg_type != type)
{
errno = EIO;
return -1;
}
+ else if (resdiff > 0)
+ {
+ memset((char *)buf + res, 0, resdiff);
+ }
return 0;
}
@@ -275,6 +281,8 @@ pam_sm_open_session (pam_handle_t *pamh,
return PAM_SESSION_ERR;
}
+ memcpy(&new_status, old_status, sizeof(new_status));
+
new_status.enabled = (command == CMD_ENABLE ? 1 : 0);
#ifdef HAVE_STRUCT_AUDIT_TTY_STATUS_LOG_PASSWD
new_status.log_passwd = log_passwd;

34
pam-1.1.7-unix-build.patch Normal file
View file

@ -0,0 +1,34 @@
diff -up Linux-PAM-1.1.5/modules/pam_unix/pam_unix_acct.c.build Linux-PAM-1.1.5/modules/pam_unix/pam_unix_acct.c
--- Linux-PAM-1.1.5/modules/pam_unix/pam_unix_acct.c.build 2012-07-23 18:46:27.709804094 +0200
+++ Linux-PAM-1.1.5/modules/pam_unix/pam_unix_acct.c 2012-07-23 18:46:27.764805293 +0200
@@ -47,6 +47,8 @@
#include <time.h> /* for time() */
#include <errno.h>
#include <sys/wait.h>
+#include <sys/time.h>
+#include <sys/resource.h>
#include <security/_pam_macros.h>
diff -up Linux-PAM-1.1.5/modules/pam_unix/pam_unix_passwd.c.build Linux-PAM-1.1.5/modules/pam_unix/pam_unix_passwd.c
--- Linux-PAM-1.1.5/modules/pam_unix/pam_unix_passwd.c.build 2012-07-23 18:55:16.433314731 +0200
+++ Linux-PAM-1.1.5/modules/pam_unix/pam_unix_passwd.c 2012-07-23 18:54:48.064697131 +0200
@@ -53,6 +53,7 @@
#include <fcntl.h>
#include <ctype.h>
#include <sys/time.h>
+#include <sys/resource.h>
#include <sys/stat.h>
#include <signal.h>
diff -up Linux-PAM-1.1.5/modules/pam_unix/support.c.build Linux-PAM-1.1.5/modules/pam_unix/support.c
--- Linux-PAM-1.1.5/modules/pam_unix/support.c.build 2012-07-23 18:46:27.000000000 +0200
+++ Linux-PAM-1.1.5/modules/pam_unix/support.c 2012-07-23 18:54:23.645165507 +0200
@@ -18,6 +18,7 @@
#include <signal.h>
#include <ctype.h>
#include <syslog.h>
+#include <sys/time.h>
#include <sys/resource.h>
#ifdef HAVE_RPCSVC_YPCLNT_H
#include <rpcsvc/ypclnt.h>

69
pam.spec
View file

@ -18,8 +18,8 @@ Epoch: 1
Summary: A security tool which provides authentication for applications
Name: pam
Version: 1.1.4
Release: 17
Version: 1.1.8
Release: 1
# The library is BSD licensed with option to relicense as GPLv2+ - this option is redundant
# as the BSD license allows that anyway. pam_timestamp and pam_console modules are GPLv2+,
License: BSD and GPLv2+
@ -28,32 +28,34 @@ Url: http://www.kernel.org/pub/linux/libs/pam/index.html
Source0: ftp://ftp.kernel.org/pub/linux/libs/pam/library/Linux-PAM-%{version}.tar.bz2
Source1: ftp://ftp.kernel.org/pub/linux/libs/pam/library/Linux-PAM-%{version}.tar.bz2.sign
Source2: pam-redhat-%{pam_redhat_version}.tar.bz2
Source3: pam-0.99.3.0-README.update
Source4: pam-0.99.8.1-11mdv2009.0-README.update
Source5: other.pamd
Source6: system-auth.pamd
Source7: config-util.pamd
Source8: dlopen.sh
Source9: system-auth.5
Source10: config-util.5
Source11: postlogin.pamd
Source12: postlogin.5
Source13: pamtmp.conf
Source11: postlogin.pamd
Source12: postlogin.5
Source13: pamtmp.conf
Source14: 90-nproc.conf
#add missing documentation
Source501: pam_tty_audit.8
Source502: README
# RedHat patches
Patch1: pam-1.0.90-redhat-modules.patch
Patch2: pam-1.0.91-std-noclose.patch
Patch4: pam-1.1.0-console-nochmod.patch
Patch5: pam-1.1.0-notally.patch
Patch7: pam-1.1.0-console-fixes.patch
Patch9: pam-1.1.2-noflex.patch
Patch10: pam-1.1.3-nouserenv.patch
Patch11: pam-1.1.3-console-abstract.patch
Patch1: pam-1.0.90-redhat-modules.patch
Patch2: pam-1.1.6-std-noclose.patch
Patch4: pam-1.1.0-console-nochmod.patch
Patch5: pam-1.1.0-notally.patch
Patch7: pam-1.1.0-console-fixes.patch
Patch9: pam-1.1.6-noflex.patch
Patch10: pam-1.1.3-nouserenv.patch
Patch11: pam-1.1.3-console-abstract.patch
Patch13: pam-1.1.5-limits-user.patch
Patch22: pam-1.1.7-unix-build.patch
Patch32: pam-1.1.7-tty-audit-init.patch
# Mandriva specific sources/patches
# ROSA specific sources/patches
# (fl) fix infinite loop
Patch507: pam-0.74-loop.patch
# (fc) 0.75-29mdk don't complain when / is owned by root.adm
@ -158,35 +160,7 @@ This package contains the development libraries for %{name}.
# Add custom modules.
mv pam-redhat-%{pam_redhat_version}/* modules
# (RH)
%patch1 -p1 -b .redhat-modules
%patch2 -p1 -b .std-noclose
%patch4 -p1 -b .nochmod
%patch5 -p1 -b .notally
%patch7 -p1 -b .console-fixes
%patch9 -p1 -b .noflex
%patch10 -p1 -b .nouserenv
%patch11 -p1 -b .abstract
# (Mandriva)
%patch507 -p1 -b .loop
%patch508 -p1 -b .pamtimestampadm
%patch512 -p0 -b .xauth-groups
%patch517 -p1 -b .enable_rt
%patch521 -p1 -b .pbuild-rh
%patch700 -p1 -b .static
%patch701 -p1 -b .nopermsd
%patch702 -p1 -b .nis_const~
%patch801 -p1 -b .group_users
# 08/08/2008 - vdanen - make pam provide pam_unix until we can work out all the issues in pam_tcb; this
# just makes things easier but is not meant to be a permanent solution
## Remove unwanted modules; pam_tcb provides pam_unix now
#for d in pam_unix; do
# rm -rf modules/$d
# sed -i "s,modules/$d/Makefile,," configure.in
# sed -i "s/ $d / /" modules/Makefile.am
#done
%apply_patches
install -m644 %{SOURCE501} %{SOURCE502} modules/pam_tty_audit/
@ -195,8 +169,6 @@ for readme in modules/pam_*/README ; do
cp -f ${readme} doc/txts/README.`dirname ${readme} | sed -e 's|^modules/||'`
done
cp %{SOURCE4} README.0.99.8.1.update.urpmi
#libtoolize -cf
autoreconf -ifs -I m4
@ -224,6 +196,7 @@ install -m 644 %{SOURCE11} %{buildroot}/etc/pam.d/postlogin
install -m 600 /dev/null %{buildroot}%{_sysconfdir}/security/opasswd
install -d -m 755 %{buildroot}/var/log
install -m 600 /dev/null %{buildroot}/var/log/tallylog
install -m 644 %{SOURCE14} %{buildroot}%{_sysconfdir}/security/limits.d/90-nproc.conf
# Install man pages.
install -m 644 %{SOURCE9} %{SOURCE10} %{SOURCE12} %{buildroot}%{_mandir}/man5/
@ -310,6 +283,7 @@ fi
%config(noreplace) %{_sysconfdir}/security/pam_env.conf
%config(noreplace) %{_sysconfdir}/security/time.conf
%config(noreplace) %{_sysconfdir}/security/opasswd
%config(noreplace) %{_sysconfdir}/security/limits.d/90-nproc.conf
%dir %{_sysconfdir}/security/console.apps
%dir %{_sysconfdir}/security/console.perms.d
%dir /%{_lib}/security
@ -340,3 +314,4 @@ fi
%files doc
%doc doc/txts doc/specs/rfc86.0.txt Copyright

18
password-auth.pamd Normal file
View file

@ -0,0 +1,18 @@
#%PAM-1.0
# This file is auto-generated.
# User changes will be destroyed the next time authconfig is run.
auth required pam_env.so
auth sufficient pam_unix.so try_first_pass nullok
auth required pam_deny.so
account required pam_unix.so
password requisite pam_pwquality.so try_first_pass local_users_only retry=3 authtok_type=
password sufficient pam_unix.so try_first_pass use_authtok nullok sha512 shadow
password required pam_deny.so
session optional pam_keyinit.so revoke
session required pam_limits.so
-session optional pam_systemd.so
session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid
session required pam_unix.so

19
smartcard-auth.pamd Normal file
View file

@ -0,0 +1,19 @@
#%PAM-1.0
# This file is auto-generated.
# User changes will be destroyed the next time authconfig is run.
auth required pam_env.so
auth [success=done ignore=ignore default=die] pam_pkcs11.so wait_for_card
auth required pam_deny.so
account required pam_unix.so
account sufficient pam_localuser.so
account sufficient pam_succeed_if.so uid < 500 quiet
account required pam_permit.so
password optional pam_pkcs11.so
session optional pam_keyinit.so revoke
session required pam_limits.so
-session optional pam_systemd.so
session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid
session required pam_unix.so

57
system-auth.5
View file

@ -1,39 +1,58 @@
.TH SYSTEM-AUTH 5 "2006 Feb 3" "Red Hat" "Linux-PAM Manual"
.TH SYSTEM-AUTH 5 "2010 Dec 22" "Red Hat" "Linux-PAM Manual"
.SH NAME
system-auth \- Common configuration file for PAMified services
.SH SYNOPSIS
.B /etc/pam.d/system-auth
.B /etc/pam.d/password-auth
.B /etc/pam.d/fingerprint-auth
.B /etc/pam.d/smartcard-auth
.sp 2
.SH DESCRIPTION
The purpose of this configuration file is to provide common
configuration file for all applications and service daemons
calling PAM library.
The purpose of these configuration files are to provide a common
interface for all applications and service daemons calling into
the PAM library.
.sp
The \fBsystem-auth\fR configuration file is included from all individual service configuration
files with the help of the \fBinclude\fR directive.
The
.BR system-auth
configuration file is included from nearly all individual service configuration
files with the help of the
.BR substack
directive.
.sp
The
.BR password-auth
.BR fingerprint-auth
.BR smartcard-auth
configuration files are for applications which handle authentication from
different types of devices via simultaneously running individual conversations
instead of one aggregate conversation.
.SH NOTES
There should be no \fBsufficient\fR modules in the \fBsession\fR
part of \fBsystem-auth\fR file because individual services may add session modules after
\fBinclude\fR of the \fBsystem-auth\fR file. Execution of these modules would be skipped if there were sufficient
modules in \fBsystem-auth\fR file.
.sp
Conversely there should not be any modules after
\fBinclude\fR directive in the individual service files in
\fBauth\fR, \fBaccount\fR and \fBpassword\fR
sections otherwise they could be bypassed.
Previously these common configuration files were included with the help
of the
.BR include
directive. This limited the use of the different action types of modules.
With the use of
.BR substack
directive to include these common configuration files this limitation
no longer applies.
.SH BUGS
.sp 2
None known.
.SH "SEE ALSO"
\fBpam\fR(8), \fBconfig-util\fR(5)
pam(8), config-util(5), postlogin(5)
The three \fBLinux-PAM\fR Guides, for \fBsystem administrators\fR,
\fBmodule developers\fR, and \fBapplication developers\fR.
The three
.BR Linux-PAM
Guides, for
.BR "system administrators" ", "
.BR "module developers" ", "
and
.BR "application developers" ". "

7
system-auth.pamd
View file

@ -1,13 +1,14 @@
#%PAM-1.0
# This file is auto-generated.
# User changes will be destroyed the next time authconfig is run.
auth required pam_env.so
auth sufficient pam_unix.so try_first_pass nullok
auth required pam_deny.so
account required pam_unix.so
#password required pam_cracklib.so try_first_pass retry=3
password sufficient pam_unix.so try_first_pass nullok sha512 shadow
password requisite pam_pwquality.so try_first_pass local_users_only retry=3 authtok_type=
password sufficient pam_unix.so try_first_pass use_authtok nullok sha512 shadow
password required pam_deny.so
session optional pam_keyinit.so revoke