r5781 - in trunk/BOOK: . introduction/welcome postlfs/security

randy at linuxfromscratch.org randy at linuxfromscratch.org
Fri Mar 31 07:16:40 PST 2006


Author: randy
Date: 2006-03-31 08:16:39 -0700 (Fri, 31 Mar 2006)
New Revision: 5781

Modified:
   trunk/BOOK/general.ent
   trunk/BOOK/introduction/welcome/changelog.xml
   trunk/BOOK/postlfs/security/shadow.xml
Log:
Updated to Shadow-4.0.15 (now current with the LFS version)

Modified: trunk/BOOK/general.ent
===================================================================
--- trunk/BOOK/general.ent	2006-03-31 13:34:31 UTC (rev 5780)
+++ trunk/BOOK/general.ent	2006-03-31 15:16:39 UTC (rev 5781)
@@ -51,7 +51,7 @@
 
 <!ENTITY cracklib-version             "2.8.9">
 <!ENTITY linux-pam-version            "0.99.2.0">
-<!ENTITY shadow-version               "4.0.13">
+<!ENTITY shadow-version               "4.0.15">
 <!ENTITY iptables-version             "1.3.3">
 <!ENTITY gnupg-version                "1.4.2.2">
 <!ENTITY tripwire-version             "portable-0.9">

Modified: trunk/BOOK/introduction/welcome/changelog.xml
===================================================================
--- trunk/BOOK/introduction/welcome/changelog.xml	2006-03-31 13:34:31 UTC (rev 5780)
+++ trunk/BOOK/introduction/welcome/changelog.xml	2006-03-31 15:16:39 UTC (rev 5781)
@@ -45,6 +45,10 @@
       <para>March 31st, 2006</para>
       <itemizedlist>
         <listitem>
+          <para>[randy] - Updated to Shadow-4.0.15 (now current with the
+          LFS version).</para>
+        </listitem>
+        <listitem>
           <para>[randy] - Updated to PHP-5.1.2.</para>
         </listitem>
         <listitem>

Modified: trunk/BOOK/postlfs/security/shadow.xml
===================================================================
--- trunk/BOOK/postlfs/security/shadow.xml	2006-03-31 13:34:31 UTC (rev 5780)
+++ trunk/BOOK/postlfs/security/shadow.xml	2006-03-31 15:16:39 UTC (rev 5781)
@@ -6,9 +6,9 @@
 
   <!ENTITY shadow-download-http "http://ftp.pld.org.pl/software/shadow/shadow-&shadow-version;.tar.bz2">
   <!ENTITY shadow-download-ftp  "ftp://ftp.pld.org.pl/software/shadow/shadow-&shadow-version;.tar.bz2">
-  <!ENTITY shadow-md5sum        "5c6a105d89afb0900922260e9c5650cc">
-  <!ENTITY shadow-size          "1.0 MB">
-  <!ENTITY shadow-buildsize     "13.6 MB">
+  <!ENTITY shadow-md5sum        "a0452fa989f8ba45023cc5a08136568e">
+  <!ENTITY shadow-size          "1.2 MB">
+  <!ENTITY shadow-buildsize     "15.5 MB">
   <!ENTITY shadow-time          "0.3 SBU">
 ]>
 
@@ -65,6 +65,7 @@
       </listitem>
     </itemizedlist>
 
+    <!--
     <bridgehead renderas="sect3">Additional Downloads</bridgehead>
     <itemizedlist spacing='compact'>
       <listitem>
@@ -72,6 +73,7 @@
         url="&patch-root;/shadow-&shadow-version;-configure_fix-1.patch"/></para>
       </listitem>
     </itemizedlist>
+    -->
 
     <bridgehead renderas="sect3">Shadow Dependencies</bridgehead>
 
@@ -93,18 +95,34 @@
       reinstalling <application>Shadow</application> to provide strong
       password support via the <application>CrackLib</application> library
       and you have not installed <application>Linux-PAM</application>, ensure
-      you replace the <parameter>--with-libpam --without-libcrack</parameter>
-      parameters with <parameter>--with-libcrack</parameter>.</para>
+      you add the <parameter>--with-libcrack</parameter> parameter to the
+      <command>configure</command> script below.</para>
     </important>
 
     <para>Reinstall <application>Shadow</application> by running the following
     commands:</para>
 
-<screen><userinput>patch -Np1 -i ../shadow-&shadow-version;-configure_fix-1.patch &&
-./configure --libdir=/lib --enable-shared \
-    --with-libpam --without-libcrack &&
+<screen><userinput>./configure --libdir=/lib \
+            --enable-shared \
+            --without-selinux &&
 sed -i 's/groups$(EXEEXT) //' src/Makefile &&
 find man -name Makefile -exec sed -i '/groups/d' {} \; &&
+sed -i -e 's/ ko//' \
+       -e 's/ zh_CN zh_TW//' \
+    man/Makefile &&
+
+for i in de es fi fr id it pt_BR; do
+    convert-mans UTF-8 ISO-8859-1 man/${i}/*.?
+done &&
+
+for i in cs hu pl; do
+    convert-mans UTF-8 ISO-8859-2 man/${i}/*.?
+done &&
+
+convert-mans UTF-8 EUC-JP man/ja/*.? &&
+convert-mans UTF-8 KOI8-R man/ru/*.? &&
+convert-mans UTF-8 ISO-8859-9 man/tr/*.? &&
+
 make</userinput></screen>
 
     <para>This package does not come with a test suite.</para>
@@ -122,22 +140,66 @@
   <sect2 role="commands">
     <title>Command Explanations</title>
 
-    <para><parameter>--without-libcrack</parameter>: This switch tells
+    <!-- Removed the -with-libpam and -without-libcrack options from the
+         default as these are the defaults. Pam will automatically be picked
+         up if it is installed, and CrackLib won't be used unless specifically
+         requested via -with-libcrack
+    <para><parameter>-without-libcrack</parameter>: This switch tells
     <application>Shadow</application> not to use
     <filename class='libraryfile'>libcrack</filename>. This is desired as
     <application>Linux-PAM</application> will provide
     <filename class='libraryfile'>libcrack</filename> functionality.</para>
+    -->
 
-    <para><command>sed -i ...</command>: These commands are used to suppress
-    the installation of the <command>groups</command> program and man pages
-    as the version from the <application>Coreutils</application> package
-    installed during LFS is preferred.</para>
+    <para><parameter>--without-selinux</parameter>: Support for selinux is
+    enabled by default, but selinux is not built in a base LFS system. The
+    <command>configure</command> script will fail if this option is not
+    used.</para>
 
+    <para><command>sed -i 's/groups$(EXEEXT) //' src/Makefile</command>: This
+    command is used to suppress the installation of the
+    <command>groups</command> program as the version from the
+    <application>Coreutils</application> package installed during LFS is
+    preferred.</para>
+
+    <para><command>find man -name Makefile -exec ... {} \;</command>: This
+    command is used to suppress the installation of the
+    <command>groups</command> man pages so the existing ones installed from
+    the <application>Coreutils</application> package are not replaced.</para>
+
+    <para><command>sed -i -e '...' -e '...' man/Makefile</command>: This
+    command disables the installation of Chinese and Korean manual pages, since
+    <application>Man-DB</application> cannot format them properly.</para>
+
+    <para><command>convert-mans ...</command>: These commands are used to
+    convert some of the man pages so that <application>Man-DB</application>
+    will display them in the recommended encodings.</para>
+
+    <para><command>mv -v /usr/bin/passwd /bin</command>: The
+    <command>passwd</command> program may be needed during times when the
+    <filename class='directory'>/usr</filename> filesystem is not mounted so
+    it is moved into the root partition.</para>
+
+    <para><command>mv -v ...; rm -v ...; ln -v ...</command>: These commands
+    are used to move the <filename class='libraryfile'>libshadow</filename>
+    library to the root partition to support the moving of the
+    <command>passwd</command> program earlier.</para>
+
   </sect2>
 
   <sect2 role="configuration">
     <title>Configuring Linux-PAM to Work with Shadow</title>
 
+    <note>
+      <para>The rest of the page is devoted to configuring
+      <application>Shadow</application> to work properly with
+      <application>Linux-PAM</application>. If you do not have
+      <application>Linux-PAM</application> installed, and you reinstalled
+      <application>Shadow</application> to support strong passwords via
+      the <application>CrackLib</application> library, no further configuration
+      is required.</para>
+    </note>
+
     <sect3 id="pam.d">
       <title>Config Files</title>
 
@@ -166,6 +228,28 @@
     <sect3>
       <title>Configuration Information</title>
 
+      <para>Configuring your system to use <application>Linux-PAM</application>
+      can be a complex task. The information below will provide a basic setup
+      so that <application>Shadow</application>'s login and password
+      functionality will work effectively with
+      <application>Linux-PAM</application>. Review the information and links on
+      the <xref linkend="linux-pam"/> page for further configuration
+      information. For information specific to integrating
+      <application>Shadow</application>, <application>Linux-PAM</application>
+      and <application>CrackLib</application>, you can visit the following
+      links:</para>
+
+      <itemizedlist spacing="compact">
+      <listitem>
+        <para><ulink
+        url="http://www.kernel.org/pub/linux/libs/pam/Linux-PAM-html/pam-6.html#ss6.3"/></para>
+      </listitem>
+      <listitem>
+        <para><ulink
+        url="http://www.deer-run.com/~hal/sysadmin/pam_cracklib.html"/></para>
+      </listitem>
+      </itemizedlist>
+
       <sect4 id="pam-login-defs">
         <title>Configuring /etc/login.defs</title>
 
@@ -190,11 +274,17 @@
                 CONSOLE_GROUPS ENVIRON_FILE \
                 ULIMIT ENV_TZ ENV_HZ ENV_SUPATH \
                 ENV_PATH QMAIL_DIR MAIL_DIR MAIL_FILE \
-                CHFN_AUTH FAILLOG_ENAB QUOTAS_ENAB FTMP_FILE
+                CHFN_AUTH FAILLOG_ENAB QUOTAS_ENAB FTMP_FILE \
+                OBSCURE_CHECKS_ENAB CRACKLIB_DICTPATH \
+                PASS_CHANGE_TRIES PASS_ALWAYS_WARN
 do
     sed -i "s/^$FUNCTION/# &/" /etc/login.defs
 done</userinput></screen>
 
+        <!-- Moved the commenting of these four parameters into the section
+        above. If PAM is installed, it complains if these are not commented
+        regardless if CrackLib is installed.
+
         <para>If you have <application>CrackLib</application> installed,
         also comment out four more lines using the following command as the
         <systemitem class="username">root</systemitem> user:</para>
@@ -205,6 +295,8 @@
     sed -i "s/^$FUNCTION/# &/" /etc/login.defs
 done</userinput></screen>
 
+        -->
+
       </sect4>
 
       <sect4>




More information about the blfs-book mailing list