This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "IPFire 3.x development tree".
The branch, master has been updated via e8c6b5d7138c23a2df6b9326bb13f77cdefc3011 (commit) via 6c14ead139c91cc907a5af3b78bc9be5ab0cf9db (commit) from cf1fddf8f3aaa2ae90c48f4ae2dc5aad437e9a25 (commit)
Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below.
- Log ----------------------------------------------------------------- commit e8c6b5d7138c23a2df6b9326bb13f77cdefc3011 Author: Michael Tremer michael.tremer@ipfire.org Date: Fri Apr 27 12:33:39 2012 +0200
nss_ldap: Fix dependency to pam_ldap and move all to /usr.
commit 6c14ead139c91cc907a5af3b78bc9be5ab0cf9db Author: Michael Tremer michael.tremer@ipfire.org Date: Fri Apr 27 12:32:17 2012 +0200
pam: Update default configuration files.
-----------------------------------------------------------------------
Summary of changes: nss_ldap/nss_ldap.nm | 12 +++++---- pam/man/config-util.5 | 36 +++++++++++++++++++++++++++ pam/man/postlogin.5 | 46 ++++++++++++++++++++++++++++++++++ pam/man/system-auth.5 | 58 ++++++++++++++++++++++++++++++++++++++++++++ pam/pam.d/config-util | 8 ++++++ pam/pam.d/fingerprint-auth | 18 +++++++++++++ pam/pam.d/password-auth | 17 +++++++++++++ pam/pam.d/postlogin | 3 ++ pam/pam.d/smartcard-auth | 18 +++++++++++++ pam/pam.d/system-auth | 18 ++++--------- pam/pam.nm | 19 +++++++++++--- 11 files changed, 232 insertions(+), 21 deletions(-) create mode 100644 pam/man/config-util.5 create mode 100644 pam/man/postlogin.5 create mode 100644 pam/man/system-auth.5 create mode 100644 pam/pam.d/config-util create mode 100644 pam/pam.d/fingerprint-auth create mode 100644 pam/pam.d/password-auth create mode 100644 pam/pam.d/postlogin create mode 100644 pam/pam.d/smartcard-auth
Difference in files: diff --git a/nss_ldap/nss_ldap.nm b/nss_ldap/nss_ldap.nm index fa87ed0..0c7669b 100644 --- a/nss_ldap/nss_ldap.nm +++ b/nss_ldap/nss_ldap.nm @@ -5,7 +5,7 @@
name = nss_ldap version = 265 -release = 3 +release = 4
groups = System/Base url = http://www.padl.com/ @@ -47,7 +47,6 @@ build
configure_options += \ --sysconfdir=/etc \ - --libdir=/%{lib} \ --with-ldap-lib=openldap \ --enable-rfc2307bis \ --with-ldap-conf-file=/etc/nss_ldap.conf \ @@ -75,8 +74,6 @@ build # Remove awkward directory rm -rvf %{BUILDROOT}/usr/usr
- mv -v %{BUILDROOT}/%{lib}/* %{BUILDROOT}%{libdir} - rm -rvf %{BUILDROOT}/%{lib} ln -svf libnss_ldap-%{version}.so %{BUILDROOT}%{libdir}/libnss_ldap.so ln -svf libnss_ldap.so.2 %{BUILDROOT}%{libdir}/libnss_ldap.so
@@ -91,7 +88,12 @@ end packages package %{name} requires - /%{lib}/security/pam_ldap.so + %{libdir}/security/pam_ldap.so + end + + configfiles + %{sysconfdir}/nss_ldap.conf + %{sysconfdir}/nss_ldap.secret end end
diff --git a/pam/man/config-util.5 b/pam/man/config-util.5 new file mode 100644 index 0000000..17d7f8a --- /dev/null +++ b/pam/man/config-util.5 @@ -0,0 +1,36 @@ +.TH SYSTEM-AUTH 5 "2006 Feb 3" "Red Hat" "Linux-PAM Manual" +.SH NAME + +config-util - Common PAM configuration file for configuration utilities + +.SH SYNOPSIS +.B /etc/pam.d/config-util +.sp 2 +.SH DESCRIPTION + +The purpose of this configuration file is to provide common +configuration file for all configuration utilities which must be run +from the supervisor account and use the userhelper wrapper application. + +.sp +The +.BR config-util +configuration file is included from all individual configuration +files of such utilities with the help of the +.BR include +directive. +There are not usually any other modules in the individual configuration +files of these utilities. + +.sp +It is possible for example to modify duration of the validity of the +authentication timestamp there. See +.BR pam_timestamp(8) +for details. + +.SH BUGS +.sp 2 +None known. + +.SH "SEE ALSO" +pam(8), config-util(5), pam_timestamp(8) diff --git a/pam/man/postlogin.5 b/pam/man/postlogin.5 new file mode 100644 index 0000000..3a8abcf --- /dev/null +++ b/pam/man/postlogin.5 @@ -0,0 +1,46 @@ +.TH POSTLOGIN 5 "2010 Dec 22" "Red Hat" "Linux-PAM Manual" +.SH NAME + +postlogin - Common configuration file for PAMified services + +.SH SYNOPSIS +.B /etc/pam.d/postlogin +.sp 2 +.SH DESCRIPTION + +The purpose of this PAM configuration file is to provide a common +place for all PAM modules which should be called after the stack +configured in +.BR system-auth +or the other common PAM configuration files. + +.sp +The +.BR postlogin +configuration file is included from all individual service configuration +files that provide login service with shell or file access. + +.SH NOTES +The modules in the postlogin configuration file are executed regardless +of the success or failure of the modules in the +.BR system-auth +configuration file. + +.SH BUGS +.sp 2 +Sometimes it would be useful to be able to skip the postlogin modules in +case the substack of the +.BR system-auth +modules failed. Unfortunately the current Linux-PAM library does not +provide any way how to achieve this. + +.SH "SEE ALSO" +pam(8), config-util(5), system-auth(5) + +The three +.BR Linux-PAM +Guides, for +.BR "system administrators" ", " +.BR "module developers" ", " +and +.BR "application developers" ". " diff --git a/pam/man/system-auth.5 b/pam/man/system-auth.5 new file mode 100644 index 0000000..c0ca80b --- /dev/null +++ b/pam/man/system-auth.5 @@ -0,0 +1,58 @@ +.TH SYSTEM-AUTH 5 "2010 Dec 22" "Red Hat" "Linux-PAM Manual" +.SH NAME + +system-auth - Common configuration file for PAMified services + +.SH SYNOPSIS +.B /etc/pam.d/system-auth +.B /etc/pam.d/password-auth +.B /etc/pam.d/fingerprint-auth +.B /etc/pam.d/smartcard-auth +.sp 2 +.SH DESCRIPTION + +The purpose of these configuration files are to provide a common +interface for all applications and service daemons calling into +the PAM library. + +.sp +The +.BR system-auth +configuration file is included from nearly all individual service configuration +files with the help of the +.BR substack +directive. + +.sp +The +.BR password-auth +.BR fingerprint-auth +.BR smartcard-auth +configuration files are for applications which handle authentication from +different types of devices via simultaneously running individual conversations +instead of one aggregate conversation. + +.SH NOTES +Previously these common configuration files were included with the help +of the +.BR include +directive. This limited the use of the different action types of modules. +With the use of +.BR substack +directive to include these common configuration files this limitation +no longer applies. + +.SH BUGS +.sp 2 +None known. + +.SH "SEE ALSO" +pam(8), config-util(5), postlogin(5) + +The three +.BR Linux-PAM +Guides, for +.BR "system administrators" ", " +.BR "module developers" ", " +and +.BR "application developers" ". " diff --git a/pam/pam.d/config-util b/pam/pam.d/config-util new file mode 100644 index 0000000..8e70d9a --- /dev/null +++ b/pam/pam.d/config-util @@ -0,0 +1,8 @@ +#%PAM-1.0 +auth sufficient pam_rootok.so +auth sufficient pam_timestamp.so +auth include system-auth +account required pam_permit.so +session required pam_permit.so +session optional pam_xauth.so +session optional pam_timestamp.so diff --git a/pam/pam.d/fingerprint-auth b/pam/pam.d/fingerprint-auth new file mode 100644 index 0000000..fdcbcc0 --- /dev/null +++ b/pam/pam.d/fingerprint-auth @@ -0,0 +1,18 @@ +#%PAM-1.0 +# This file is auto-generated. +# User changes will be destroyed the next time authconfig is run. +auth required pam_env.so +auth sufficient pam_fprintd.so +auth required pam_deny.so + +account required pam_unix.so +account sufficient pam_localuser.so +account sufficient pam_succeed_if.so uid < 500 quiet +account required pam_permit.so + +password required pam_deny.so + +session optional pam_keyinit.so revoke +session required pam_limits.so +session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid +session required pam_unix.so diff --git a/pam/pam.d/password-auth b/pam/pam.d/password-auth new file mode 100644 index 0000000..d598c67 --- /dev/null +++ b/pam/pam.d/password-auth @@ -0,0 +1,17 @@ +#%PAM-1.0 +# This file is auto-generated. +# User changes will be destroyed the next time authconfig is run. +auth required pam_env.so +auth sufficient pam_unix.so try_first_pass nullok +auth required pam_deny.so + +account required pam_unix.so + +password requisite pam_pwquality.so try_first_pass retry=3 type= +password sufficient pam_unix.so try_first_pass use_authtok nullok sha512 shadow +password required pam_deny.so + +session optional pam_keyinit.so revoke +session required pam_limits.so +session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid +session required pam_unix.so diff --git a/pam/pam.d/postlogin b/pam/pam.d/postlogin new file mode 100644 index 0000000..43d25c5 --- /dev/null +++ b/pam/pam.d/postlogin @@ -0,0 +1,3 @@ +#%PAM-1.0 +# This file is auto-generated. +# User changes will be destroyed the next time authconfig is run. diff --git a/pam/pam.d/smartcard-auth b/pam/pam.d/smartcard-auth new file mode 100644 index 0000000..07f03f3 --- /dev/null +++ b/pam/pam.d/smartcard-auth @@ -0,0 +1,18 @@ +#%PAM-1.0 +# This file is auto-generated. +# User changes will be destroyed the next time authconfig is run. +auth required pam_env.so +auth [success=done ignore=ignore default=die] pam_pkcs11.so wait_for_card +auth required pam_deny.so + +account required pam_unix.so +account sufficient pam_localuser.so +account sufficient pam_succeed_if.so uid < 500 quiet +account required pam_permit.so + +password optional pam_pkcs11.so + +session optional pam_keyinit.so revoke +session required pam_limits.so +session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid +session required pam_unix.so diff --git a/pam/pam.d/system-auth b/pam/pam.d/system-auth index 0fa221b..d598c67 100644 --- a/pam/pam.d/system-auth +++ b/pam/pam.d/system-auth @@ -1,23 +1,17 @@ #%PAM-1.0 +# This file is auto-generated. +# User changes will be destroyed the next time authconfig is run. auth required pam_env.so -auth sufficient pam_unix.so nullok try_first_pass -auth requisite pam_succeed_if.so uid >= 500 quiet -auth sufficient pam_ldap.so use_first_pass +auth sufficient pam_unix.so try_first_pass nullok auth required pam_deny.so
-account required pam_unix.so broken_shadow -account sufficient pam_localuser.so -account sufficient pam_succeed_if.so uid < 500 quiet -account [default=bad success=ok user_unknown=ignore] pam_ldap.so -account required pam_permit.so +account required pam_unix.so
-password requisite pam_cracklib.so try_first_pass retry=3 -password sufficient pam_unix.so sha512 shadow nullok try_first_pass use_authtok -password sufficient pam_ldap.so use_authtok +password requisite pam_pwquality.so try_first_pass retry=3 type= +password sufficient pam_unix.so try_first_pass use_authtok nullok sha512 shadow password required pam_deny.so
session optional pam_keyinit.so revoke session required pam_limits.so session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid session required pam_unix.so -session optional pam_ldap.so diff --git a/pam/pam.nm b/pam/pam.nm index 71f4a09..be4f7a2 100644 --- a/pam/pam.nm +++ b/pam/pam.nm @@ -5,7 +5,7 @@
name = pam version = 1.1.5 -release = 2 +release = 3 thisapp = Linux-PAM-%{version}
groups = System/Base @@ -48,14 +48,25 @@ build
# Included in setup package rm -f %{BUILDROOT}/etc/environment + + # Install man pages. + mkdir -pv %{BUILDROOT}%{mandir}/man5 + for file in config-util.5 postlogin.5 system-auth.5; do + install -v -m 644 %{DIR_SOURCE}/man/${file} \ + %{BUILDROOT}%{mandir}/man5 + done end end
packages package %{name} - #requires - # pam_ldap - #end + requires + pam_ldap + end + + configfiles + /etc/pam.d + end end
package %{name}-devel
hooks/post-receive -- IPFire 3.x development tree