Author: krejzi
Date: 2012-09-12 09:58:34 -0600 (Wed, 12 Sep 2012)
New Revision: 10656
Modified:
trunk/BOOK/general.ent
trunk/BOOK/introduction/welcome/changelog.xml
trunk/BOOK/postlfs/security/linux-pam.xml
Log:
Linux PAM 1.1.6.
Modified: trunk/BOOK/general.ent
===================================================================
--- trunk/BOOK/general.ent 2012-09-12 14:44:38 UTC (rev 10655)
+++ trunk/BOOK/general.ent 2012-09-12 15:58:34 UTC (rev 10656)
@@ -170,7 +170,7 @@
<!ENTITY libcap2-version "2.22">
<!ENTITY liboauth-version "0.9.7">
<!ENTITY libpwquality-version "1.2.0">
-<!ENTITY linux-pam-version "1.1.5">
+<!ENTITY linux-pam-version "1.1.6">
<!ENTITY mitkrb-version "1.10.3">
<!ENTITY nettle-version "2.5">
<!ENTITY nss-major-version "13">
Modified: trunk/BOOK/introduction/welcome/changelog.xml
===================================================================
--- trunk/BOOK/introduction/welcome/changelog.xml 2012-09-12 14:44:38 UTC
(rev 10655)
+++ trunk/BOOK/introduction/welcome/changelog.xml 2012-09-12 15:58:34 UTC
(rev 10656)
@@ -47,6 +47,9 @@
<para>September 12th, 2012</para>
<itemizedlist>
<listitem>
+ <para>[krejzi] - Linux PAM 1.1.6.</para>
+ </listitem>
+ <listitem>
<para>[krejzi] - Thunderbird 15.0.1.</para>
</listitem>
</itemizedlist>
Modified: trunk/BOOK/postlfs/security/linux-pam.xml
===================================================================
--- trunk/BOOK/postlfs/security/linux-pam.xml 2012-09-12 14:44:38 UTC (rev
10655)
+++ trunk/BOOK/postlfs/security/linux-pam.xml 2012-09-12 15:58:34 UTC (rev
10656)
@@ -4,16 +4,16 @@
<!ENTITY % general-entities SYSTEM "../../general.ent">
%general-entities;
- <!ENTITY linux-pam-download-http
"https://fedorahosted.org/releases/l/i/linux-pam/Linux-PAM-&linux-pam-version;.tar.bz2";>
+ <!ENTITY linux-pam-download-http
"http://linux-pam.org/library/Linux-PAM-&linux-pam-version;.tar.bz2";>
<!ENTITY linux-pam-download-ftp " ">
- <!ENTITY linux-pam-md5sum "927ee5585bdec5256c75117e9348aa47">
+ <!ENTITY linux-pam-md5sum "7b73e58b7ce79ffa321d408de06db2c4">
<!ENTITY linux-pam-size "1.1 MB">
- <!ENTITY linux-pam-buildsize "28 MB (includes installing the optional
documentation)">
+ <!ENTITY linux-pam-buildsize "28 MB">
<!ENTITY linux-pam-time "0.3 SBU">
- <!ENTITY linux-pam-docs-download
"https://fedorahosted.org/releases/l/i/linux-pam/Linux-PAM-&linux-pam-version;-docs.tar.bz2";>
- <!ENTITY linux-pam-docs-md5sum "987e14ddce375ec7ddd2b91fbc2bd46d">
- <!ENTITY linux-pam-docs-size "487 KB">
+ <!ENTITY linux-pam-docs-download
"http://linux-pam.org/documentation/Linux-PAM-&linux-pam-version;-docs.tar.bz2";>
+ <!ENTITY linux-pam-docs-md5sum "43d19ccf40c1feb074e29922626f4971">
+ <!ENTITY linux-pam-docs-size "144 KB">
<!ENTITY debian-pam-docs
"http://debian.securedservers.com/kernel/pub/linux/libs/pam";>
]>
@@ -32,92 +32,123 @@
</indexterm>
<sect2 role="package">
- <title>Introduction to Linux-PAM</title>
+ <title>Introduction to Linux PAM</title>
- <para>The <application>Linux-PAM</application> package contains
- Pluggable Authentication Modules. This is useful to enable the
- local system administrator to choose how applications authenticate
- users.</para>
+ <para>
+ The <application>Linux PAM</application> package contains
+ Pluggable Authentication Modules used to enable the local
+ system administrator to choose how applications authenticate
+ users.
+ </para>
- &lfs70_checked;
+ &lfs72_checked;
<bridgehead renderas="sect3">Package Information</bridgehead>
<itemizedlist spacing="compact">
<listitem>
- <para>Download (HTTP): <ulink url="&linux-pam-download-http;"/></para>
+ <para>
+ Download (HTTP): <ulink url="&linux-pam-download-http;"/>
+ </para>
</listitem>
<listitem>
- <para>Download (FTP): <ulink url="&linux-pam-download-ftp;"/></para>
+ <para>
+ Download (FTP): <ulink url="&linux-pam-download-ftp;"/>
+ </para>
</listitem>
<listitem>
- <para>Download MD5 sum: &linux-pam-md5sum;</para>
+ <para>
+ Download MD5 sum: &linux-pam-md5sum;
+ </para>
</listitem>
<listitem>
- <para>Download size: &linux-pam-size;</para>
+ <para>
+ Download size: &linux-pam-size;
+ </para>
</listitem>
<listitem>
- <para>Estimated disk space required: &linux-pam-buildsize;</para>
+ <para>
+ Estimated disk space required: &linux-pam-buildsize;
+ </para>
</listitem>
<listitem>
- <para>Estimated build time: &linux-pam-time;</para>
+ <para>
+ Estimated build time: &linux-pam-time;
+ </para>
</listitem>
</itemizedlist>
<bridgehead renderas="sect3">Additional Downloads</bridgehead>
- <itemizedlist spacing='compact'>
+ <itemizedlist spacing="compact">
<title>Optional Documentation</title>
<listitem>
- <para>Download (HTTP): <ulink url="&linux-pam-docs-download;"/></para>
+ <para>
+ Download (HTTP): <ulink url="&linux-pam-docs-download;"/>
+ </para>
</listitem>
<listitem>
- <para>Download MD5 sum: &linux-pam-docs-md5sum;</para>
+ <para>
+ Download MD5 sum: &linux-pam-docs-md5sum;
+ </para>
</listitem>
<listitem>
- <para>Download size &linux-pam-docs-size;</para>
+ <para>
+ Download size &linux-pam-docs-size;
+ </para>
</listitem>
</itemizedlist>
- <bridgehead renderas="sect3">Linux-PAM Dependencies</bridgehead>
+ <bridgehead renderas="sect3">Linux PAM Dependencies</bridgehead>
<bridgehead renderas="sect4">Optional</bridgehead>
- <para role="optional"><xref linkend="cracklib"/>,
- <xref linkend="libtirpc"/>, <xref linkend="x-window-system"/>,
- <xref linkend="db"/> (for the pam_userdb module), and
- <ulink url="http://www.prelude-ids.org/";>Prelude</ulink></para>
+ <para role="optional">
+ <xref linkend="db"/>,
+ <xref linkend="cracklib"/>,
+ <xref linkend="libtirpc"/> and
+ <ulink url="http://www.prelude-ids.org/";>Prelude</ulink>
+ </para>
- <bridgehead renderas="sect4">Optional (To {,Re}build the
Documentation)</bridgehead>
- <para role="optional"><xref linkend="libxslt"/>,
- <xref linkend="DocBook"/>,
- <xref linkend="docbook-xsl"/>,
- <xref linkend="w3m"/>, and
- <xref linkend="fop"/></para>
+ <bridgehead renderas="sect4">Optional (To Rebuild the
Documentation)</bridgehead>
+ <para role="optional">
+ <xref linkend="DocBook"/>,
+ <xref linkend="docbook-xsl"/>,
+ <xref linkend="fop"/>,
+ <xref linkend="libxslt"/> and
+ <xref linkend="w3m"/>
+ </para>
<para condition="html" role="usernotes">User Notes:
- <ulink url="&blfs-wiki;/linux-pam"/></para>
+ <ulink url="&blfs-wiki;/linux-pam"/>
+ </para>
</sect2>
<sect2 role="installation">
- <title>Installation of Linux-PAM</title>
+ <title>Installation of Linux PAM</title>
- <para>If you downloaded the documentation, unpack the tarball by issuing
- the following command.</para>
+ <para>
+ If you downloaded the documentation, unpack the tarball by issuing
+ the following command.
+ </para>
<screen><userinput>tar -xf ../Linux-PAM-&linux-pam-version;-docs.tar.bz2
--strip-components=1</userinput></screen>
- <para>Install <application>Linux-PAM</application> by
- running the following commands:</para>
+ <para>
+ Install <application>Linux PAM</application> by
+ running the following commands:
+ </para>
-<screen><userinput>./configure --sbindir=/lib/security \
+<screen><userinput>./configure --prefix=/usr \
+ --sysconfdir=/etc \
--docdir=/usr/share/doc/Linux-PAM-&linux-pam-version; \
- --disable-nis \
- --enable-read-both-confs &&
+ --disable-nis &&
make</userinput></screen>
- <para>To test the results, a configuration file must be created. This file
- will be removed after the tests have completed. Ensure there are no errors
- produced by the tests before continuing the installation. First create the
- configuration file by issuing the following commands as the
- <systemitem class="username">root</systemitem> user:</para>
+ <para>
+ To test the results, a configuration file must be created. This file
+ will be removed after the tests have completed. Ensure there are no
errors
+ produced by the tests before continuing the installation. First create
the
+ configuration file by issuing the following commands as the
+ <systemitem class="username">root</systemitem> user:
+ </para>
<screen role="root"><userinput>install -v -m755 -d /etc/pam.d &&
@@ -128,55 +159,44 @@
session required pam_deny.so
EOF</userinput></screen>
- <para>Now run the tests by issuing <command>make check</command>.</para>
+ <para>
+ Now run the tests by issuing <command>make check</command>.
+ </para>
- <para>Remove the configuration file created earlier by issuing the
- following command as the
- <systemitem class="username">root</systemitem> user:</para>
+ <para>
+ Remove the configuration file created earlier by issuing the
+ following command as the
+ <systemitem class="username">root</systemitem> user:
+ </para>
<screen role="root"><userinput>rm -rfv /etc/pam.d</userinput></screen>
- <para>Now, as the <systemitem class="username">root</systemitem>
- user:</para>
+ <para>
+ Now, as the <systemitem class="username">root</systemitem>
+ user:
+ </para>
<screen role="root"><userinput>make install &&
-chmod -v 4755 /lib/security/unix_chkpwd &&
-mv -v /lib/security/pam_tally /sbin</userinput></screen>
+chmod -v 4755 /sbin/security/unix_chkpwd</userinput></screen>
</sect2>
<sect2 role="commands">
<title>Command Explanations</title>
- <para><parameter>--sbindir=/lib/security</parameter>: This parameter
- results in three executables, two of which are not intended to be run from
- the command line, being installed in the same directory as the PAM modules.
- The other executable is later moved to the
- <filename class="directory">/sbin</filename> directory.</para>
+ <para>
+ <option>--disable-nis</option>: This switch disables building
+ of the Network Information Service/Yellow Pages support in
+ pam_unix and pam_access modules. Remove it if you have installed
+ <xref linkend="libtirpc"/>.
+ </para>
- <para><parameter>--docdir=...</parameter>: This parameter results in
- the documentation being installed in a versioned directory name.</para>
+ <para>
+ <command>chmod -v 4755 /sbin/security/unix_chkpwd</command>:
+ The <command>unix_chkpwd</command> helper program must be setuid
+ so that non-<systemitem class="username">root</systemitem>
+ processes can access the shadow file.
+ </para>
- <para><parameter>--disable-nis</parameter>: This option disables building
- Network Information Service/Yellow Pages support in pam_unix and
pam_access.
- The RPC implementation in glibc (on which NIS/YP depends) is deprecated.
- However, the same functionality is provided by
- <application>Libtirpc</application> so if you've installed
- <xref linkend="libtirpc"/> you can remove the
- <parameter>--disable-nis</parameter> option.</para>
-
- <para><parameter>--enable-read-both-confs</parameter>: This parameter
- allows the local administrator to choose which configuration file setup to
- use.</para>
-
- <para><command>chmod -v 4755 /lib/security/unix_chkpwd</command>:
- The <command>unix_chkpwd</command> password-helper program must be setuid
- so that non-<systemitem class="username">root</systemitem> processes can
- access the shadow-password file.</para>
-
- <para><command>mv -v /lib/security/pam_tally /sbin</command>: The
- <command>pam_tally</command> program is designed to be run by the system
- administrator, possibly in single-user mode, so it is moved to the
- appropriate directory.</para>
</sect2>
<sect2 role="configuration">
@@ -185,9 +205,10 @@
<sect3 id="pam-config">
<title>Config Files</title>
- <para><filename>/etc/security/*</filename> and
- <filename>/etc/pam.d/*</filename> or
- <filename>/etc/pam.conf</filename></para>
+ <para>
+ <filename>/etc/security/*</filename> and
+ <filename>/etc/pam.d/*</filename>
+ </para>
<indexterm zone="linux-pam pam-config">
<primary sortas="e-etc-security">/etc/security/*</primary>
@@ -197,18 +218,16 @@
<primary sortas="e-etc-pam.d">/etc/pam.d/*</primary>
</indexterm>
- <indexterm zone="linux-pam pam-config">
- <primary sortas="e-etc-pam.conf">/etc/pam.conf</primary>
- </indexterm>
</sect3>
<sect3>
<title>Configuration Information</title>
- <para>Configuration information is placed in
- <filename class="directory">/etc/pam.d/</filename> or
- <filename>/etc/pam.conf</filename> depending on system administrator
- preference. Below are example files of each type:</para>
+ <para>
+ Configuration information is placed in
+ <filename class="directory">/etc/pam.d/</filename>.
+ Below is an example file:
+ </para>
<screen><literal># Begin /etc/pam.d/other
@@ -217,32 +236,31 @@
session required pam_unix.so
password required pam_unix.so nullok
-# End /etc/pam.d/other
+# End /etc/pam.d/other</literal></screen>
-# Begin /etc/pam.conf
+ <para>
+ The <application>PAM</application> man page (<command>man
+ pam</command>) provides a good starting point for descriptions
+ of fields and allowable entries. The <ulink
+ url="&debian-pam-docs;/Linux-PAM-html/Linux-PAM_SAG.html">Linux-PAM
+ System Administrators' Guide</ulink> is recommended for additional
+ information.
+ </para>
-other auth required pam_unix.so nullok
-other account required pam_unix.so
-other session required pam_unix.so
-other password required pam_unix.so nullok
+ <para>
+ Refer to <ulink url="&debian-pam-docs;/modules.html"/> for a list
+ of various third-party modules available.
+ </para>
-# End /etc/pam.conf</literal></screen>
-
- <para>The <application>PAM</application> man page (<command>man
- pam</command>) provides a good starting point for descriptions of fields
- and allowable entries. The <ulink
- url="&debian-pam-docs;/Linux-PAM-html/Linux-PAM_SAG.html"> Linux-PAM
- System Administrators' Guide</ulink> is recommended for additional
- information.</para>
-
- <para>Refer to <ulink url="&debian-pam-docs;/modules.html"/> for a list
- of various third-party modules available.</para>
-
<important>
- <para>You should now reinstall the <xref linkend="shadow"/>
- package.</para>
+ <para>
+ You should now reinstall the <xref linkend="shadow"/>
+ package.
+ </para>
</important>
+
</sect3>
+
</sect2>
<sect2 role="content">
@@ -254,12 +272,20 @@
<segtitle>Installed Directories</segtitle>
<seglistitem>
- <seg>pam_tally</seg>
- <seg>libpam.{so,a}, libpamc.{so,a}, libpam_misc.{so,a} and
- numerous PAM modules</seg>
- <seg>/etc/security, /lib/security, /usr/include/security,
- /usr/share/doc/Linux-PAM-&linux-pam-version;,
- and /var/run/sepermit</seg>
+ <seg>
+ mkhomedir_helper, pam_tally, pam_tally2,
+ pam_timestamp_check, unix_chkpwd and
+ unix_update
+ </seg>
+ <seg>
+ libpam.so, libpamc.so and libpam_misc.so
+ </seg>
+ <seg>
+ /etc/security,
+ /lib/security,
+ /usr/include/security and
+ /usr/share/doc/Linux-PAM-&linux-pam-version;
+ </seg>
</seglistitem>
</segmentedlist>
@@ -268,27 +294,95 @@
<?dbfo list-presentation="list"?>
<?dbhtml list-presentation="table"?>
+ <varlistentry id="mkhomedir_helper">
+ <term><command>mkhomedir_helper</command></term>
+ <listitem>
+ <para>
+ is a helper binary that creates home directories.
+ </para>
+ <indexterm zone="linux-pam mkhomedir_helper">
+ <primary sortas="b-mkhomedir_helper">mkhomedir_helper</primary>
+ </indexterm>
+ </listitem>
+ </varlistentry>
+
<varlistentry id="pam_tally">
<term><command>pam_tally</command></term>
<listitem>
- <para>is used to view or manipulate the <filename>faillog</filename>
- file.</para>
+ <para>
+ is used to interrogate and manipulate the login counter file.
+ </para>
<indexterm zone="linux-pam pam_tally">
<primary sortas="b-pam_tally">pam_tally</primary>
</indexterm>
</listitem>
</varlistentry>
+ <varlistentry id="pam_tally2">
+ <term><command>pam_tally2</command></term>
+ <listitem>
+ <para>
+ is used to interrogate and manipulate the login counter file, but
+ does not have some limitations that <command>pam_tally</command>
+ does.
+ </para>
+ <indexterm zone="linux-pam pam_tally2">
+ <primary sortas="b-pam_tally2">pam_tally2</primary>
+ </indexterm>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry id="pam_timestamp_check">
+ <term><command>pam_timestamp_check</command></term>
+ <listitem>
+ <para>
+ is used to check if the default timestamp is valid
+ </para>
+ <indexterm zone="linux-pam pam_timestamp_check">
+ <primary
sortas="b-pam_timestamp_check">pam_timestamp_check</primary>
+ </indexterm>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry id="unix_chkpwd">
+ <term><command>unix_chkpwd</command></term>
+ <listitem>
+ <para>
+ is a helper binary that verifies the password of the current user.
+ </para>
+ <indexterm zone="linux-pam unix_chkpwd">
+ <primary sortas="b-unix_chkpwd">unix_chkpwd</primary>
+ </indexterm>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry id="unix_update">
+ <term><command>unix_update</command></term>
+ <listitem>
+ <para>
+ is a helper binary that updates the password of a given user.
+ </para>
+ <indexterm zone="linux-pam unix_update">
+ <primary sortas="b-unix_update">unix_update</primary>
+ </indexterm>
+ </listitem>
+ </varlistentry>
+
<varlistentry id="libpam">
- <term><filename class="libraryfile">libpam.{so,a}</filename></term>
+ <term><filename class="libraryfile">libpam.so</filename></term>
<listitem>
- <para>provides the interfaces between applications and the
- PAM modules.</para>
+ <para>
+ provides the interfaces between applications and the
+ PAM modules.
+ </para>
<indexterm zone="linux-pam libpam">
- <primary sortas="c-libpam">libpam.{so,a}</primary>
+ <primary sortas="c-libpam">libpam.so</primary>
</indexterm>
</listitem>
</varlistentry>
+
</variablelist>
+
</sect2>
+
</sect1>
--
http://linuxfromscratch.org/mailman/listinfo/blfs-book
FAQ: http://www.linuxfromscratch.org/blfs/faq.html
Unsubscribe: See the above information page
