Author: randy
Date: 2009-02-15 16:36:42 -0700 (Sun, 15 Feb 2009)
New Revision: 7765
Modified:
trunk/BOOK/general.ent
trunk/BOOK/introduction/welcome/changelog.xml
trunk/BOOK/postlfs/security/shadow.xml
Log:
Updated to Shadow-4.1.2.2
Modified: trunk/BOOK/general.ent
===================================================================
--- trunk/BOOK/general.ent 2009-02-15 17:59:51 UTC (rev 7764)
+++ trunk/BOOK/general.ent 2009-02-15 23:36:42 UTC (rev 7765)
@@ -3,7 +3,7 @@
$Date$
-->
-<!ENTITY day "15"> <!-- Always 2 digits -->
+<!ENTITY day "16"> <!-- Always 2 digits -->
<!ENTITY month "02"> <!-- Always 2 digits -->
<!ENTITY year "2009">
<!ENTITY copyrightdate "2001-&year;">
@@ -63,7 +63,7 @@
<!ENTITY gnutls-version "1.6.3">
<!ENTITY cracklib-version "2.8.13">
<!ENTITY linux-pam-version "1.0.3">
-<!ENTITY shadow-version "4.0.18.1">
+<!ENTITY shadow-version "4.1.2.2">
<!ENTITY iptables-version "1.3.8">
<!ENTITY gnupg-version "1.4.9">
<!ENTITY gnupg2-version "2.0.8">
Modified: trunk/BOOK/introduction/welcome/changelog.xml
===================================================================
--- trunk/BOOK/introduction/welcome/changelog.xml 2009-02-15 17:59:51 UTC
(rev 7764)
+++ trunk/BOOK/introduction/welcome/changelog.xml 2009-02-15 23:36:42 UTC
(rev 7765)
@@ -42,6 +42,15 @@
-->
<listitem>
+ <para>February 16th, 2009</para>
+ <itemizedlist>
+ <listitem>
+ <para>[randy] - Updated to Shadow-4.1.2.2.</para>
+ </listitem>
+ </itemizedlist>
+ </listitem>
+
+ <listitem>
<para>February 15th, 2009</para>
<itemizedlist>
<listitem>
Modified: trunk/BOOK/postlfs/security/shadow.xml
===================================================================
--- trunk/BOOK/postlfs/security/shadow.xml 2009-02-15 17:59:51 UTC (rev
7764)
+++ trunk/BOOK/postlfs/security/shadow.xml 2009-02-15 23:36:42 UTC (rev
7765)
@@ -4,14 +4,11 @@
<!ENTITY % general-entities SYSTEM "../../general.ent">
%general-entities;
- <!-- <!ENTITY shadow-download-http
"http://ftp.pld.org.pl/software/shadow/old/shadow-&shadow-version;.tar.bz2";> -->
- <!-- <!ENTITY shadow-download-ftp
"ftp://ftp.pld.org.pl/software/shadow/shadow-&shadow-version;.tar.bz2";> -->
- <!-- <!ENTITY shadow-download-http
"http://cross-lfs.org/files/packages/svn/shadow-&shadow-version;.tar.bz2";> -->
- <!ENTITY shadow-download-http
"http://anduin.linuxfromscratch.org/sources/LFS/lfs-packages/development/shadow-&shadow-version;.tar.bz2";>
- <!ENTITY shadow-download-ftp " ">
- <!ENTITY shadow-md5sum "e7751d46ecf219c07ae0b028ab3335c6">
- <!ENTITY shadow-size "1.5 MB">
- <!ENTITY shadow-buildsize "18 MB">
+ <!ENTITY shadow-download-http " ">
+ <!ENTITY shadow-download-ftp
"ftp://pkg-shadow.alioth.debian.org/pub/pkg-shadow/shadow-&shadow-version;.tar.bz2";>
+ <!ENTITY shadow-md5sum "3d26d990d4c3add1b7f8387eec1d1fde">
+ <!ENTITY shadow-size "1.6 MB">
+ <!ENTITY shadow-buildsize "22 MB">
<!ENTITY shadow-time "0.3 SBU">
]>
@@ -64,13 +61,13 @@
</listitem>
</itemizedlist>
- <bridgehead renderas="sect3">Additional Downloads</bridgehead>
+ <!-- <bridgehead renderas="sect3">Additional Downloads</bridgehead>
<itemizedlist spacing='compact'>
<listitem>
<para>Required patch: <ulink
url="&patch-root;/shadow-&shadow-version;-useradd_fix-2.patch"/></para>
</listitem>
- </itemizedlist>
+ </itemizedlist> -->
<bridgehead renderas="sect3">Shadow Dependencies</bridgehead>
@@ -87,44 +84,46 @@
<title>Installation of Shadow</title>
<important>
- <para>The installation shown below is for a situation where
+ <para>The installation commands shown below are for installations where
<application>Linux-PAM</application> has been installed (with or
without a <application>CrackLib</application> installation) and
<application>Shadow</application> is being reinstalled to support the
- <application>Linux-PAM</application> installation. If you are
- reinstalling <application>Shadow</application> to provide strong
- password support via the <application>CrackLib</application> library
- and you have not installed <application>Linux-PAM</application>, ensure
- you add the <parameter>--with-libcrack</parameter> parameter to the
- <command>configure</command> script below.</para>
+ <application>Linux-PAM</application> installation.</para>
+
+ <para> If you are reinstalling <application>Shadow</application> to
+ provide strong password support using the
+ <application>CrackLib</application> library without using
+ <application>Linux-PAM</application>, ensure you add the
+ <parameter>--with-libcrack</parameter> parameter to the
+ <command>configure</command> script below and also issue the following
+ command:</para>
+
+<screen><userinput>sed -i 's...@dictpath.*@DICTPATH\t/lib/cracklib/pw_dict@'
etc/login.defs</userinput></screen>
</important>
<para>Reinstall <application>Shadow</application> by running the following
commands:</para>
-<screen><userinput>patch -Np1 -i
../shadow-&shadow-version;-useradd_fix-2.patch &&
+<screen><userinput>sed -i 's/groups$(EXEEXT) //' src/Makefile.in
&&
+find man -name Makefile.in -exec sed -i 's/groups\.1 / /' {} \; &&
+sed -i -e 's/ ko//' -e 's/ zh_CN zh_TW//' man/Makefile.in &&
-./configure --libdir=/lib \
- --sysconfdir=/etc \
- --enable-shared \
- --without-selinux &&
-
-sed -i 's/groups$(EXEEXT) //' src/Makefile &&
-find man -name Makefile -exec sed -i 's/groups\.1 / /' {} \; &&
-sed -i -e 's/ ko//' -e 's/ zh_CN zh_TW//' man/Makefile &&
-
for i in de es fi fr id it pt_BR; do
convert-mans UTF-8 ISO-8859-1 man/${i}/*.?
-done &&
+done &&
for i in cs hu pl; do
convert-mans UTF-8 ISO-8859-2 man/${i}/*.?
-done &&
+done &&
-convert-mans UTF-8 EUC-JP man/ja/*.? &&
-convert-mans UTF-8 KOI8-R man/ru/*.? &&
-convert-mans UTF-8 ISO-8859-9 man/tr/*.? &&
+convert-mans UTF-8 EUC-JP man/ja/*.? &&
+convert-mans UTF-8 KOI8-R man/ru/*.? &&
+convert-mans UTF-8 ISO-8859-9 man/tr/*.? &&
+sed -i -e 's...@#encrypt_method d...@encrypt_method MD5@' \
+ -e 's@/var/spool/mail@/var/mail@' etc/login.defs &&
+
+./configure --sysconfdir=/etc &&
make</userinput></screen>
<para>This package does not come with a test suite.</para>
@@ -132,44 +131,25 @@
<para>Now, as the <systemitem class="username">root</systemitem>
user:</para>
<screen role="root"><userinput>make install &&
-mv -v /usr/bin/passwd /bin &&
-mv -v /lib/libshadow.*a /usr/lib &&
-rm -v /lib/libshadow.so &&
-ln -v -sf ../../lib/libshadow.so.0 /usr/lib/libshadow.so</userinput></screen>
+mv -v /usr/bin/passwd /bin</userinput></screen>
</sect2>
<sect2 role="commands">
<title>Command Explanations</title>
- <!-- Removed the -with-libpam and -without-libcrack options from the
- default as these are the defaults. Pam will automatically be picked
- up if it is installed, and CrackLib won't be used unless specifically
- requested via -with-libcrack
- <para><parameter>-without-libcrack</parameter>: This switch tells
- <application>Shadow</application> not to use
- <filename class='libraryfile'>libcrack</filename>. This is desired as
- <application>Linux-PAM</application> will provide
- <filename class='libraryfile'>libcrack</filename> functionality.</para>
- -->
-
- <para><parameter>--without-selinux</parameter>: Support for selinux is
- enabled by default, but selinux is not built in a base LFS system. The
- <command>configure</command> script will fail if this option is not
- used.</para>
-
- <para><command>sed -i 's/groups$(EXEEXT) //' src/Makefile</command>: This
- command is used to suppress the installation of the
+ <para><command>sed -i 's/groups$(EXEEXT) //' src/Makefile.in</command>:
+ This command is used to suppress the installation of the
<command>groups</command> program as the version from the
<application>Coreutils</application> package installed during LFS is
preferred.</para>
- <para><command>find man -name Makefile -exec ... {} \;</command>: This
+ <para><command>find man -name Makefile.in -exec ... {} \;</command>: This
command is used to suppress the installation of the
<command>groups</command> man pages so the existing ones installed from
the <application>Coreutils</application> package are not replaced.</para>
- <para><command>sed -i -e '...' -e '...' man/Makefile</command>: This
+ <para><command>sed -i -e '...' -e '...' man/Makefile.in</command>: This
command disables the installation of Chinese and Korean manual pages, since
<application>Man-DB</application> cannot format them properly.</para>
@@ -177,29 +157,37 @@
convert some of the man pages so that <application>Man-DB</application>
will display them in the expected encodings.</para>
+ <para><command>sed -i -e 's...@#encrypt_method d...@encrypt_method MD5@'
+ -e 's@/var/spool/mail@/var/mail@' etc/login.defs</command>:
+ Instead of using the default 'crypt' method, this command modifies the
+ installation to use the more secure 'MD5' method of password encryption,
+ which also allows passwords longer than eight characters. It also changes
+ the obsolete <filename class="directory">/var/spool/mail</filename>
+ location for user mailboxes that <application>Shadow</application> uses by
+ default to the <filename class="directory">/var/mail</filename>
+ location.</para>
+
<para><command>mv -v /usr/bin/passwd /bin</command>: The
<command>passwd</command> program may be needed during times when the
<filename class='directory'>/usr</filename> filesystem is not mounted so
it is moved into the root partition.</para>
- <para><command>mv -v ...; rm -v ...; ln -v ...</command>: These commands
- are used to move the <filename class='libraryfile'>libshadow</filename>
- library to the root partition to support the moving of the
- <command>passwd</command> program earlier.</para>
-
</sect2>
<sect2 role="configuration">
<title>Configuring Shadow</title>
<para><application>Shadow</application>'s stock configuration for the
- <command>useradd</command> utility is not suitable for LFS systems. Use the
- following commands as the <systemitem class="username">root</systemitem>
- user to change the default home directory for new users and prevent the
- creation of mail spool files:</para>
+ <command>useradd</command> utility may not be desireable for your
+ installation. One default parameter causes <command>useradd</command> to
+ create a mailbox file for any newly created user.
+ <command>useradd</command> will make the group ownership of this file to
+ the <systemitem class="groupname">mail</systemitem> group with 0660
+ permissions. If you would prefer that these mailbox files are not created
+ by <command>useradd</command>, issue the
+ following command as the <systemitem class="username">root</systemitem>
user:</para>
-<screen role="root"><userinput>useradd -D -b /home &&
-sed -i 's/yes/no/' /etc/default/useradd</userinput></screen>
+<screen role="root"><userinput>sed -i 's/yes/no/'
/etc/default/useradd</userinput></screen>
</sect2>
@@ -220,7 +208,7 @@
<title>Config Files</title>
<para><filename>/etc/pam.d/*</filename> or alternatively
- <filename>/etc/pam.conf, /etc/login.defs and
+ <filename>/etc/pam.conf, /etc/login.defs, and
/etc/security/*</filename></para>
<indexterm zone="shadow pam.d">
@@ -297,22 +285,6 @@
sed -i "s/^$FUNCTION/# &/" /etc/login.defs
done</userinput></screen>
- <!-- Moved the commenting of these four parameters into the section
- above. If PAM is installed, it complains if these are not commented
- regardless if CrackLib is installed.
-
- <para>If you have <application>CrackLib</application> installed,
- also comment out four more lines using the following command as the
- <systemitem class="username">root</systemitem> user:</para>
-
-<screen role="root"><userinput>for FUNCTION in OBSCURE_CHECKS_ENAB
CRACKLIB_DICTPATH \
- PASS_CHANGE_TRIES PASS_ALWAYS_WARN
-do
- sed -i "s/^$FUNCTION/# &/" /etc/login.defs
-done</userinput></screen>
-
- -->
-
</sect4>
<sect4>
@@ -329,16 +301,10 @@
additional first field for each line.</para>
<para>As the <systemitem class="username">root</systemitem> user,
- create the <filename class="directory">/etc/pam.d</filename>
- directory with the following command:</para>
-
- <screen role="root"><userinput>install -v -d -m755
/etc/pam.d</userinput></screen>
-
- <para>While still the <systemitem class="username">root</systemitem>
- user, add the following <application>Linux-PAM</application>
- configuration files to the
+ replace the following <application>Linux-PAM</application>
+ configuration files in the
<filename class="directory">/etc/pam.d/</filename> directory (or
- add the contents to the <filename>/etc/pam.conf</filename> file) with
+ add the contents to the <filename>/etc/pam.conf</filename> file) using
the following commands:</para>
</sect4>
@@ -467,11 +433,12 @@
</sect4>
<sect4>
- <title>'chpasswd', 'chgpasswd', 'groupadd', 'groupdel', 'groupmems',
- 'groupmod', 'newusers', 'useradd', 'userdel', and 'usermod'</title>
+ <title>'chfn', 'chgpasswd', 'chgpasswd', 'chsh', 'groupadd',
+ 'groupdel', 'groupmems', 'groupmod', 'newusers', 'useradd', 'userdel'
+ and 'usermod'</title>
-<screen role="root"><userinput>for PROGRAM in chpasswd chgpasswd groupadd
groupdel groupmems \
- groupmod newusers useradd userdel usermod
+<screen role="root"><userinput>for PROGRAM in chfn chgpasswd chpasswd chsh
groupadd groupdel \
+ groupmems groupmod newusers useradd userdel usermod
do
install -v -m644 /etc/pam.d/chage /etc/pam.d/$PROGRAM
sed -i "s/chage/$PROGRAM/" /etc/pam.d/$PROGRAM
@@ -514,20 +481,15 @@
auth required pam_deny.so
auth required pam_warn.so
account required pam_deny.so
-session required pam_deny.so
+account required pam_warn.so
password required pam_deny.so
password required pam_warn.so
+session required pam_deny.so
+session required pam_warn.so
# End /etc/pam.d/other</literal>
EOF</userinput></screen>
- <para>If you preserved the source tree from the
- <application>Linux-PAM</application> package (or you feel like unpacking
- that tarball, then running <command>configure</command> and
- <command>make</command>), now would be a good time to run the test
- suite from this package. This test suite will use the configuration you
- just finished during the tests. All the tests should pass.</para>
-
</sect4>
<sect4 id="pam-access">
--
http://linuxfromscratch.org/mailman/listinfo/blfs-book
FAQ: http://www.linuxfromscratch.org/blfs/faq.html
Unsubscribe: See the above information page
