From: git@ipfire.org
To: ipfire-scm@lists.ipfire.org
Subject: [IPFire-SCM] [git.ipfire.org] IPFire 3.x development tree branch, master, updated. e8c6b5d7138c23a2df6b9326bb13f77cdefc3011
Date: Fri, 27 Apr 2012 12:34:00 +0200 [thread overview]
Message-ID: <20120427103407.47C2520188@argus.ipfire.org> (raw)
[-- Attachment #1: Type: text/plain, Size: 13261 bytes --]
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "IPFire 3.x development tree".
The branch, master has been updated
via e8c6b5d7138c23a2df6b9326bb13f77cdefc3011 (commit)
via 6c14ead139c91cc907a5af3b78bc9be5ab0cf9db (commit)
from cf1fddf8f3aaa2ae90c48f4ae2dc5aad437e9a25 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit e8c6b5d7138c23a2df6b9326bb13f77cdefc3011
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Fri Apr 27 12:33:39 2012 +0200
nss_ldap: Fix dependency to pam_ldap and move all to /usr.
commit 6c14ead139c91cc907a5af3b78bc9be5ab0cf9db
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Fri Apr 27 12:32:17 2012 +0200
pam: Update default configuration files.
-----------------------------------------------------------------------
Summary of changes:
nss_ldap/nss_ldap.nm | 12 +++++----
pam/man/config-util.5 | 36 +++++++++++++++++++++++++++
pam/man/postlogin.5 | 46 ++++++++++++++++++++++++++++++++++
pam/man/system-auth.5 | 58 ++++++++++++++++++++++++++++++++++++++++++++
pam/pam.d/config-util | 8 ++++++
pam/pam.d/fingerprint-auth | 18 +++++++++++++
pam/pam.d/password-auth | 17 +++++++++++++
pam/pam.d/postlogin | 3 ++
pam/pam.d/smartcard-auth | 18 +++++++++++++
pam/pam.d/system-auth | 18 ++++---------
pam/pam.nm | 19 +++++++++++---
11 files changed, 232 insertions(+), 21 deletions(-)
create mode 100644 pam/man/config-util.5
create mode 100644 pam/man/postlogin.5
create mode 100644 pam/man/system-auth.5
create mode 100644 pam/pam.d/config-util
create mode 100644 pam/pam.d/fingerprint-auth
create mode 100644 pam/pam.d/password-auth
create mode 100644 pam/pam.d/postlogin
create mode 100644 pam/pam.d/smartcard-auth
Difference in files:
diff --git a/nss_ldap/nss_ldap.nm b/nss_ldap/nss_ldap.nm
index fa87ed0..0c7669b 100644
--- a/nss_ldap/nss_ldap.nm
+++ b/nss_ldap/nss_ldap.nm
@@ -5,7 +5,7 @@
name = nss_ldap
version = 265
-release = 3
+release = 4
groups = System/Base
url = http://www.padl.com/
@@ -47,7 +47,6 @@ build
configure_options += \
--sysconfdir=/etc \
- --libdir=/%{lib} \
--with-ldap-lib=openldap \
--enable-rfc2307bis \
--with-ldap-conf-file=/etc/nss_ldap.conf \
@@ -75,8 +74,6 @@ build
# Remove awkward directory
rm -rvf %{BUILDROOT}/usr/usr
- mv -v %{BUILDROOT}/%{lib}/* %{BUILDROOT}%{libdir}
- rm -rvf %{BUILDROOT}/%{lib}
ln -svf libnss_ldap-%{version}.so %{BUILDROOT}%{libdir}/libnss_ldap.so
ln -svf libnss_ldap.so.2 %{BUILDROOT}%{libdir}/libnss_ldap.so
@@ -91,7 +88,12 @@ end
packages
package %{name}
requires
- /%{lib}/security/pam_ldap.so
+ %{libdir}/security/pam_ldap.so
+ end
+
+ configfiles
+ %{sysconfdir}/nss_ldap.conf
+ %{sysconfdir}/nss_ldap.secret
end
end
diff --git a/pam/man/config-util.5 b/pam/man/config-util.5
new file mode 100644
index 0000000..17d7f8a
--- /dev/null
+++ b/pam/man/config-util.5
@@ -0,0 +1,36 @@
+.TH SYSTEM-AUTH 5 "2006 Feb 3" "Red Hat" "Linux-PAM Manual"
+.SH NAME
+
+config-util \- Common PAM configuration file for configuration utilities
+
+.SH SYNOPSIS
+.B /etc/pam.d/config-util
+.sp 2
+.SH DESCRIPTION
+
+The purpose of this configuration file is to provide common
+configuration file for all configuration utilities which must be run
+from the supervisor account and use the userhelper wrapper application.
+
+.sp
+The
+.BR config-util
+configuration file is included from all individual configuration
+files of such utilities with the help of the
+.BR include
+directive.
+There are not usually any other modules in the individual configuration
+files of these utilities.
+
+.sp
+It is possible for example to modify duration of the validity of the
+authentication timestamp there. See
+.BR pam_timestamp(8)
+for details.
+
+.SH BUGS
+.sp 2
+None known.
+
+.SH "SEE ALSO"
+pam(8), config-util(5), pam_timestamp(8)
diff --git a/pam/man/postlogin.5 b/pam/man/postlogin.5
new file mode 100644
index 0000000..3a8abcf
--- /dev/null
+++ b/pam/man/postlogin.5
@@ -0,0 +1,46 @@
+.TH POSTLOGIN 5 "2010 Dec 22" "Red Hat" "Linux-PAM Manual"
+.SH NAME
+
+postlogin \- Common configuration file for PAMified services
+
+.SH SYNOPSIS
+.B /etc/pam.d/postlogin
+.sp 2
+.SH DESCRIPTION
+
+The purpose of this PAM configuration file is to provide a common
+place for all PAM modules which should be called after the stack
+configured in
+.BR system-auth
+or the other common PAM configuration files.
+
+.sp
+The
+.BR postlogin
+configuration file is included from all individual service configuration
+files that provide login service with shell or file access.
+
+.SH NOTES
+The modules in the postlogin configuration file are executed regardless
+of the success or failure of the modules in the
+.BR system-auth
+configuration file.
+
+.SH BUGS
+.sp 2
+Sometimes it would be useful to be able to skip the postlogin modules in
+case the substack of the
+.BR system-auth
+modules failed. Unfortunately the current Linux-PAM library does not
+provide any way how to achieve this.
+
+.SH "SEE ALSO"
+pam(8), config-util(5), system-auth(5)
+
+The three
+.BR Linux-PAM
+Guides, for
+.BR "system administrators" ", "
+.BR "module developers" ", "
+and
+.BR "application developers" ". "
diff --git a/pam/man/system-auth.5 b/pam/man/system-auth.5
new file mode 100644
index 0000000..c0ca80b
--- /dev/null
+++ b/pam/man/system-auth.5
@@ -0,0 +1,58 @@
+.TH SYSTEM-AUTH 5 "2010 Dec 22" "Red Hat" "Linux-PAM Manual"
+.SH NAME
+
+system-auth \- Common configuration file for PAMified services
+
+.SH SYNOPSIS
+.B /etc/pam.d/system-auth
+.B /etc/pam.d/password-auth
+.B /etc/pam.d/fingerprint-auth
+.B /etc/pam.d/smartcard-auth
+.sp 2
+.SH DESCRIPTION
+
+The purpose of these configuration files are to provide a common
+interface for all applications and service daemons calling into
+the PAM library.
+
+.sp
+The
+.BR system-auth
+configuration file is included from nearly all individual service configuration
+files with the help of the
+.BR substack
+directive.
+
+.sp
+The
+.BR password-auth
+.BR fingerprint-auth
+.BR smartcard-auth
+configuration files are for applications which handle authentication from
+different types of devices via simultaneously running individual conversations
+instead of one aggregate conversation.
+
+.SH NOTES
+Previously these common configuration files were included with the help
+of the
+.BR include
+directive. This limited the use of the different action types of modules.
+With the use of
+.BR substack
+directive to include these common configuration files this limitation
+no longer applies.
+
+.SH BUGS
+.sp 2
+None known.
+
+.SH "SEE ALSO"
+pam(8), config-util(5), postlogin(5)
+
+The three
+.BR Linux-PAM
+Guides, for
+.BR "system administrators" ", "
+.BR "module developers" ", "
+and
+.BR "application developers" ". "
diff --git a/pam/pam.d/config-util b/pam/pam.d/config-util
new file mode 100644
index 0000000..8e70d9a
--- /dev/null
+++ b/pam/pam.d/config-util
@@ -0,0 +1,8 @@
+#%PAM-1.0
+auth sufficient pam_rootok.so
+auth sufficient pam_timestamp.so
+auth include system-auth
+account required pam_permit.so
+session required pam_permit.so
+session optional pam_xauth.so
+session optional pam_timestamp.so
diff --git a/pam/pam.d/fingerprint-auth b/pam/pam.d/fingerprint-auth
new file mode 100644
index 0000000..fdcbcc0
--- /dev/null
+++ b/pam/pam.d/fingerprint-auth
@@ -0,0 +1,18 @@
+#%PAM-1.0
+# This file is auto-generated.
+# User changes will be destroyed the next time authconfig is run.
+auth required pam_env.so
+auth sufficient pam_fprintd.so
+auth required pam_deny.so
+
+account required pam_unix.so
+account sufficient pam_localuser.so
+account sufficient pam_succeed_if.so uid < 500 quiet
+account required pam_permit.so
+
+password required pam_deny.so
+
+session optional pam_keyinit.so revoke
+session required pam_limits.so
+session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid
+session required pam_unix.so
diff --git a/pam/pam.d/password-auth b/pam/pam.d/password-auth
new file mode 100644
index 0000000..d598c67
--- /dev/null
+++ b/pam/pam.d/password-auth
@@ -0,0 +1,17 @@
+#%PAM-1.0
+# This file is auto-generated.
+# User changes will be destroyed the next time authconfig is run.
+auth required pam_env.so
+auth sufficient pam_unix.so try_first_pass nullok
+auth required pam_deny.so
+
+account required pam_unix.so
+
+password requisite pam_pwquality.so try_first_pass retry=3 type=
+password sufficient pam_unix.so try_first_pass use_authtok nullok sha512 shadow
+password required pam_deny.so
+
+session optional pam_keyinit.so revoke
+session required pam_limits.so
+session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid
+session required pam_unix.so
diff --git a/pam/pam.d/postlogin b/pam/pam.d/postlogin
new file mode 100644
index 0000000..43d25c5
--- /dev/null
+++ b/pam/pam.d/postlogin
@@ -0,0 +1,3 @@
+#%PAM-1.0
+# This file is auto-generated.
+# User changes will be destroyed the next time authconfig is run.
diff --git a/pam/pam.d/smartcard-auth b/pam/pam.d/smartcard-auth
new file mode 100644
index 0000000..07f03f3
--- /dev/null
+++ b/pam/pam.d/smartcard-auth
@@ -0,0 +1,18 @@
+#%PAM-1.0
+# This file is auto-generated.
+# User changes will be destroyed the next time authconfig is run.
+auth required pam_env.so
+auth [success=done ignore=ignore default=die] pam_pkcs11.so wait_for_card
+auth required pam_deny.so
+
+account required pam_unix.so
+account sufficient pam_localuser.so
+account sufficient pam_succeed_if.so uid < 500 quiet
+account required pam_permit.so
+
+password optional pam_pkcs11.so
+
+session optional pam_keyinit.so revoke
+session required pam_limits.so
+session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid
+session required pam_unix.so
diff --git a/pam/pam.d/system-auth b/pam/pam.d/system-auth
index 0fa221b..d598c67 100644
--- a/pam/pam.d/system-auth
+++ b/pam/pam.d/system-auth
@@ -1,23 +1,17 @@
#%PAM-1.0
+# This file is auto-generated.
+# User changes will be destroyed the next time authconfig is run.
auth required pam_env.so
-auth sufficient pam_unix.so nullok try_first_pass
-auth requisite pam_succeed_if.so uid >= 500 quiet
-auth sufficient pam_ldap.so use_first_pass
+auth sufficient pam_unix.so try_first_pass nullok
auth required pam_deny.so
-account required pam_unix.so broken_shadow
-account sufficient pam_localuser.so
-account sufficient pam_succeed_if.so uid < 500 quiet
-account [default=bad success=ok user_unknown=ignore] pam_ldap.so
-account required pam_permit.so
+account required pam_unix.so
-password requisite pam_cracklib.so try_first_pass retry=3
-password sufficient pam_unix.so sha512 shadow nullok try_first_pass use_authtok
-password sufficient pam_ldap.so use_authtok
+password requisite pam_pwquality.so try_first_pass retry=3 type=
+password sufficient pam_unix.so try_first_pass use_authtok nullok sha512 shadow
password required pam_deny.so
session optional pam_keyinit.so revoke
session required pam_limits.so
session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid
session required pam_unix.so
-session optional pam_ldap.so
diff --git a/pam/pam.nm b/pam/pam.nm
index 71f4a09..be4f7a2 100644
--- a/pam/pam.nm
+++ b/pam/pam.nm
@@ -5,7 +5,7 @@
name = pam
version = 1.1.5
-release = 2
+release = 3
thisapp = Linux-PAM-%{version}
groups = System/Base
@@ -48,14 +48,25 @@ build
# Included in setup package
rm -f %{BUILDROOT}/etc/environment
+
+ # Install man pages.
+ mkdir -pv %{BUILDROOT}%{mandir}/man5
+ for file in config-util.5 postlogin.5 system-auth.5; do
+ install -v -m 644 %{DIR_SOURCE}/man/${file} \
+ %{BUILDROOT}%{mandir}/man5
+ done
end
end
packages
package %{name}
- #requires
- # pam_ldap
- #end
+ requires
+ pam_ldap
+ end
+
+ configfiles
+ /etc/pam.d
+ end
end
package %{name}-devel
hooks/post-receive
--
IPFire 3.x development tree
reply other threads:[~2012-04-27 10:34 UTC|newest]
Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20120427103407.47C2520188@argus.ipfire.org \
--to=git@ipfire.org \
--cc=ipfire-scm@lists.ipfire.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox