Author: randy
Date: 2009-02-15 10:59:51 -0700 (Sun, 15 Feb 2009)
New Revision: 7764
Modified:
trunk/BOOK/general.ent
trunk/BOOK/introduction/welcome/changelog.xml
trunk/BOOK/postlfs/security/linux-pam.xml
Log:
Updated to Linux-PAM-1.0.3
Modified: trunk/BOOK/general.ent
===================================================================
--- trunk/BOOK/general.ent 2009-02-13 17:41:27 UTC (rev 7763)
+++ trunk/BOOK/general.ent 2009-02-15 17:59:51 UTC (rev 7764)
@@ -3,7 +3,7 @@
$Date$
-->
-<!ENTITY day "13"> <!-- Always 2 digits -->
+<!ENTITY day "15"> <!-- Always 2 digits -->
<!ENTITY month "02"> <!-- Always 2 digits -->
<!ENTITY year "2009">
<!ENTITY copyrightdate "2001-&year;">
@@ -62,7 +62,7 @@
<!ENTITY openssl-version "0.9.8j">
<!ENTITY gnutls-version "1.6.3">
<!ENTITY cracklib-version "2.8.13">
-<!ENTITY linux-pam-version "0.99.10.0">
+<!ENTITY linux-pam-version "1.0.3">
<!ENTITY shadow-version "4.0.18.1">
<!ENTITY iptables-version "1.3.8">
<!ENTITY gnupg-version "1.4.9">
Modified: trunk/BOOK/introduction/welcome/changelog.xml
===================================================================
--- trunk/BOOK/introduction/welcome/changelog.xml 2009-02-13 17:41:27 UTC
(rev 7763)
+++ trunk/BOOK/introduction/welcome/changelog.xml 2009-02-15 17:59:51 UTC
(rev 7764)
@@ -42,6 +42,15 @@
-->
<listitem>
+ <para>February 15th, 2009</para>
+ <itemizedlist>
+ <listitem>
+ <para>[randy] - Updated to Linux-PAM-1.0.3.</para>
+ </listitem>
+ </itemizedlist>
+ </listitem>
+
+ <listitem>
<para>February 13th, 2009</para>
<itemizedlist>
<listitem>
Modified: trunk/BOOK/postlfs/security/linux-pam.xml
===================================================================
--- trunk/BOOK/postlfs/security/linux-pam.xml 2009-02-13 17:41:27 UTC (rev
7763)
+++ trunk/BOOK/postlfs/security/linux-pam.xml 2009-02-15 17:59:51 UTC (rev
7764)
@@ -4,13 +4,16 @@
<!ENTITY % general-entities SYSTEM "../../general.ent">
%general-entities;
- <!ENTITY linux-pam-download-http
"http://www.kernel.org/pub/linux/libs/pam/pre/library/Linux-PAM-&linux-pam-version;.tar.bz2";>
- <!ENTITY linux-pam-download-ftp
"ftp://ftp.kernel.org/pub/linux/libs/pam/pre/library/Linux-PAM-&linux-pam-version;.tar.bz2";>
- <!ENTITY linux-pam-md5sum "be4dd1d34ac5933408e13e48f3eb710a">
- <!ENTITY linux-pam-size "911 kB">
- <!ENTITY linux-pam-buildsize "23 MB">
+ <!ENTITY linux-pam-download-http
"http://www.kernel.org/pub/linux/libs/pam/library/Linux-PAM-&linux-pam-version;.tar.bz2";>
+ <!ENTITY linux-pam-download-ftp
"ftp://ftp.kernel.org/pub/linux/libs/pam/library/Linux-PAM-&linux-pam-version;.tar.bz2";>
+ <!ENTITY linux-pam-md5sum "7cc8653cb31717dbb1380bde980c9fdf">
+ <!ENTITY linux-pam-size "1.0 MB">
+ <!ENTITY linux-pam-buildsize "19 MB (includes installing the optional
documentation)">
<!ENTITY linux-pam-time "0.6 SBU">
- <!ENTITY linux-pam-docs-download
"&sources-anduin-http;/l/Linux-PAM-&linux-pam-version;-docs.tar.bz2">
+
+ <!ENTITY linux-pam-docs-download
"http://www.kernel.org/pub/linux/libs/pam/documentation/Linux-PAM-&linux-pam-version;-docs.tar.bz2";>
+ <!ENTITY linux-pam-docs-md5sum "119bffcb3e99e1d6d53a4d992584c03d">
+ <!ENTITY linux-pam-docs-size "714 KB">
]>
<sect1 id="linux-pam" xreflabel="Linux-PAM-&linux-pam-version;">
@@ -60,15 +63,21 @@
<bridgehead renderas="sect3">Additional Downloads</bridgehead>
<itemizedlist spacing='compact'>
<listitem>
- <para>Optional documentation:
- <ulink url="&linux-pam-docs-download;"/></para>
+ <para>Optional documentation: <ulink
url="&linux-pam-docs-download;"/></para>
</listitem>
+ <listitem>
+ <para>Download MD5sum: &linux-pam-docs-md5sum;</para>
+ </listitem>
+ <listitem>
+ <para>Download size &linux-pam-docs-size;</para>
+ </listitem>
</itemizedlist>
<bridgehead renderas="sect3">Linux-PAM Dependencies</bridgehead>
<bridgehead renderas="sect4">Optional</bridgehead>
- <para role="optional"><xref linkend="cracklib"/>, and
+ <para role="optional"><xref linkend="cracklib"/>,
+ <xref linkend="x-window-system"/>, and
<!-- <xref linkend="db"/> (for the pam_userdb module), -->
<ulink url="http://www.prelude-ids.org/";>Prelude</ulink></para>
@@ -87,39 +96,42 @@
<sect2 role="installation">
<title>Installation of Linux-PAM</title>
- <para>If you downloaded the documentation, unpack the tarball from the
- same top-level directory you unpacked the source tarball from. The files
- will unpack into the correct directories of the source tree.</para>
+ <para>If you downloaded the documentation, unpack the tarball by issuing
+ the following command.</para>
+<screen><userinput>tar xf ../Linux-PAM-&linux-pam-version;.tar.bz2
--strip-components=1</userinput></screen>
+
<para>Install <application>Linux-PAM</application> by
running the following commands:</para>
-<screen><userinput>./configure --libdir=/lib \
- --sbindir=/lib/security \
- --enable-securedir=/lib/security \
+<screen><userinput>./configure --sbindir=/lib/security \
--docdir=/usr/share/doc/Linux-PAM-&linux-pam-version; \
- --enable-read-both-confs \
- --with-xauth=/usr/X11R6/bin/xauth &&
+ --enable-read-both-confs &&
make</userinput></screen>
- <!-- <para>To test the results, issue <command>make
check</command>.</para> -->
+ <para>To test the results, a configuration file must be created. This file
+ will be removed after the tests have completed. Ensure there are no errors
+ produced by the tests before continuing the installation. First create the
+ configuration file by issuing the following commands as the
+ <systemitem class="username">root</systemitem> user:</para>
- <para>The test suite will not provide meaningful results until the package
- has been installed and minimally configured. If, after installing the
- package and creating a minimum configuration as shown below in the 'other'
- example, you wish to run the tests, issue
- <command>make check</command>.</para>
+<screen role="root"><userinput>install -v -m755 -d /etc/pam.d &&
- <!-- <tip>
- <para>Don't delete the <application>Linux-PAM</application> source tree
- until after you reinstall the <application>Shadow</application> package.
- The reinstallation of the Shadow package includes much more stringent
- security for the PAM configuration, and you can run the
- <application>Linux-PAM</application> test suite after completing the
- <application>Shadow</application> instructions to test the new setup. All
- the tests should pass.</para>
- </tip> -->
+cat > /etc/pam.d/other << "EOF"
+auth required pam_deny.so
+account required pam_deny.so
+password required pam_deny.so
+session required pam_deny.so
+EOF</userinput></screen>
+ <para>Now run the tests by issuing <command>make check</command>.</para>
+
+ <para>Remove the configuration file created earlier by issuing the
+ following command as the
+ <systemitem class="username">root</systemitem> user:</para>
+
+<screen role="root"><userinput>rm -rfv /etc/pam.d</userinput></screen>
+
<para>Now, as the <systemitem class="username">root</systemitem>
user:</para>
<screen role="root"><userinput>make install &&
@@ -137,34 +149,17 @@
done
fi</userinput></screen>
- <!-- <para>If you downloaded the documentation, install it using the
following
- command:</para>
-
-<screen role="root"><userinput>for DOCTYPE in html pdf ps txts
-do
- cp -v -R doc/$DOCTYPE /usr/share/doc/Linux-PAM-&linux-pam-version;
-done</userinput></screen> -->
-
</sect2>
<sect2 role="commands">
<title>Command Explanations</title>
- <para><parameter>--libdir=/lib</parameter>: This parameter results in
- the libraries being installed in
- <filename class='directory'>/lib</filename> as they may be required in
- single-user mode.</para>
-
<para><parameter>--sbindir=/lib/security</parameter>: This parameter
- results in two executables, one of which is not intended to be run from the
- command line, being installed in the same directory as the PAM modules.
+ results in three executables, two of which are not intended to be run from
+ the command line, being installed in the same directory as the PAM modules.
The other executable is later moved to the
<filename class='directory'>/sbin</filename> directory.</para>
- <para><parameter>--enable-securedir=/lib/security</parameter>: This
- parameter results in the PAM modules being installed in
- <filename class='directory'>/lib/security</filename>.</para>
-
<para><parameter>--docdir=...</parameter>: This parameter results in
the documentation being installed in a versioned directory name.</para>
@@ -172,11 +167,13 @@
allows the local administrator to choose which configuration file setup to
use.</para>
- <para><parameter>--with-xauth=/usr/X11R6/bin/xauth</parameter>: This
+ <!-- This appears unnecessary as the xauth module is created even if X
+ has not yet been installed.
+ <para><parameter>-with-xauth=/usr/X11R6/bin/xauth</parameter>: This
parameter forces the build of the pam_xauth module, even if xauth is not
yet installed. Omit this switch if you have no plans to build
<application>Xorg</application>, or modify the path if you intend to
- install <application>Xorg</application> into a non-standard path.</para>
+ install <application>Xorg</application> into a non-standard path.</para>
-->
<para><command>chmod -v 4755 /lib/security/unix_chkpwd</command>:
The <command>unix_chkpwd</command> password-helper program must be setuid
@@ -265,7 +262,7 @@
<para>Refer to <ulink
url="http://www.kernel.org/pub/linux/libs/pam/modules.html"/>
- for a list of various modules available.</para>
+ for a list of various third-party modules available.</para>
<important>
<para>You should now reinstall the <xref linkend="shadow"/>
@@ -286,9 +283,11 @@
<seglistitem>
<seg>pam_tally</seg>
- <seg>libpam.{so,a}, libpamc.{so,a}, and libpam_misc.{so,a}</seg>
- <seg>/etc/pam.d, /etc/security, /lib/security and
- /usr/include/security</seg>
+ <seg>libpam.{so,a}, libpamc.{so,a}, libpam_misc.{so,a} and
+ numerous PAM modules</seg>
+ <seg>/etc/pam.d, /etc/security, /lib/security,
+ /usr/include/security, /usr/share/doc/Linux-PAM-&linux-pam-version;
+ and /var/run/sepermit</seg>
</seglistitem>
</segmentedlist>
--
http://linuxfromscratch.org/mailman/listinfo/blfs-book
FAQ: http://www.linuxfromscratch.org/blfs/faq.html
Unsubscribe: See the above information page
