r7764 - in trunk/BOOK: . introduction/welcome postlfs/security

randy at linuxfromscratch.org randy at linuxfromscratch.org
Sun Feb 15 09:59:51 PST 2009


Author: randy
Date: 2009-02-15 10:59:51 -0700 (Sun, 15 Feb 2009)
New Revision: 7764

Modified:
   trunk/BOOK/general.ent
   trunk/BOOK/introduction/welcome/changelog.xml
   trunk/BOOK/postlfs/security/linux-pam.xml
Log:
Updated to Linux-PAM-1.0.3

Modified: trunk/BOOK/general.ent
===================================================================
--- trunk/BOOK/general.ent	2009-02-13 17:41:27 UTC (rev 7763)
+++ trunk/BOOK/general.ent	2009-02-15 17:59:51 UTC (rev 7764)
@@ -3,7 +3,7 @@
 $Date$
 -->
 
-<!ENTITY day          "13">                   <!-- Always 2 digits -->
+<!ENTITY day          "15">                   <!-- Always 2 digits -->
 <!ENTITY month        "02">                   <!-- Always 2 digits -->
 <!ENTITY year         "2009">
 <!ENTITY copyrightdate "2001-&year;">
@@ -62,7 +62,7 @@
 <!ENTITY openssl-version              "0.9.8j">
 <!ENTITY gnutls-version               "1.6.3">
 <!ENTITY cracklib-version             "2.8.13">
-<!ENTITY linux-pam-version            "0.99.10.0">
+<!ENTITY linux-pam-version            "1.0.3">
 <!ENTITY shadow-version               "4.0.18.1">
 <!ENTITY iptables-version             "1.3.8">
 <!ENTITY gnupg-version                "1.4.9">

Modified: trunk/BOOK/introduction/welcome/changelog.xml
===================================================================
--- trunk/BOOK/introduction/welcome/changelog.xml	2009-02-13 17:41:27 UTC (rev 7763)
+++ trunk/BOOK/introduction/welcome/changelog.xml	2009-02-15 17:59:51 UTC (rev 7764)
@@ -42,6 +42,15 @@
 -->
 
     <listitem>
+      <para>February 15th, 2009</para>
+      <itemizedlist>
+        <listitem>
+          <para>[randy] - Updated to Linux-PAM-1.0.3.</para>
+        </listitem>
+      </itemizedlist>
+    </listitem>
+
+    <listitem>
       <para>February 13th, 2009</para>
       <itemizedlist>
         <listitem>

Modified: trunk/BOOK/postlfs/security/linux-pam.xml
===================================================================
--- trunk/BOOK/postlfs/security/linux-pam.xml	2009-02-13 17:41:27 UTC (rev 7763)
+++ trunk/BOOK/postlfs/security/linux-pam.xml	2009-02-15 17:59:51 UTC (rev 7764)
@@ -4,13 +4,16 @@
   <!ENTITY % general-entities SYSTEM "../../general.ent">
   %general-entities;
 
-  <!ENTITY linux-pam-download-http "http://www.kernel.org/pub/linux/libs/pam/pre/library/Linux-PAM-&linux-pam-version;.tar.bz2">
-  <!ENTITY linux-pam-download-ftp  "ftp://ftp.kernel.org/pub/linux/libs/pam/pre/library/Linux-PAM-&linux-pam-version;.tar.bz2">
-  <!ENTITY linux-pam-md5sum        "be4dd1d34ac5933408e13e48f3eb710a">
-  <!ENTITY linux-pam-size          "911 kB">
-  <!ENTITY linux-pam-buildsize     "23 MB">
+  <!ENTITY linux-pam-download-http "http://www.kernel.org/pub/linux/libs/pam/library/Linux-PAM-&linux-pam-version;.tar.bz2">
+  <!ENTITY linux-pam-download-ftp  "ftp://ftp.kernel.org/pub/linux/libs/pam/library/Linux-PAM-&linux-pam-version;.tar.bz2">
+  <!ENTITY linux-pam-md5sum        "7cc8653cb31717dbb1380bde980c9fdf">
+  <!ENTITY linux-pam-size          "1.0 MB">
+  <!ENTITY linux-pam-buildsize     "19 MB (includes installing the optional documentation)">
   <!ENTITY linux-pam-time          "0.6 SBU">
-  <!ENTITY linux-pam-docs-download "&sources-anduin-http;/l/Linux-PAM-&linux-pam-version;-docs.tar.bz2">
+
+  <!ENTITY linux-pam-docs-download "http://www.kernel.org/pub/linux/libs/pam/documentation/Linux-PAM-&linux-pam-version;-docs.tar.bz2">
+  <!ENTITY linux-pam-docs-md5sum   "119bffcb3e99e1d6d53a4d992584c03d">
+  <!ENTITY linux-pam-docs-size     "714 KB">
 ]>
 
 <sect1 id="linux-pam" xreflabel="Linux-PAM-&linux-pam-version;">
@@ -60,15 +63,21 @@
     <bridgehead renderas="sect3">Additional Downloads</bridgehead>
     <itemizedlist spacing='compact'>
       <listitem>
-        <para>Optional documentation:
-        <ulink url="&linux-pam-docs-download;"/></para>
+        <para>Optional documentation: <ulink url="&linux-pam-docs-download;"/></para>
       </listitem>
+      <listitem>
+        <para>Download MD5sum: &linux-pam-docs-md5sum;</para>
+      </listitem>
+      <listitem>
+        <para>Download size &linux-pam-docs-size;</para>
+      </listitem>
     </itemizedlist>
 
     <bridgehead renderas="sect3">Linux-PAM Dependencies</bridgehead>
 
     <bridgehead renderas="sect4">Optional</bridgehead>
-    <para role="optional"><xref linkend="cracklib"/>, and
+    <para role="optional"><xref linkend="cracklib"/>,
+    <xref linkend="x-window-system"/>, and
     <!-- <xref linkend="db"/> (for the pam_userdb module), -->
     <ulink url="http://www.prelude-ids.org/">Prelude</ulink></para>
 
@@ -87,39 +96,42 @@
   <sect2 role="installation">
     <title>Installation of Linux-PAM</title>
 
-    <para>If you downloaded the documentation, unpack the tarball from the
-    same top-level directory you unpacked the source tarball from. The files
-    will unpack into the correct directories of the source tree.</para>
+    <para>If you downloaded the documentation, unpack the tarball by issuing
+    the following command.</para>
 
+<screen><userinput>tar xf ../Linux-PAM-&linux-pam-version;.tar.bz2 --strip-components=1</userinput></screen>
+
     <para>Install <application>Linux-PAM</application> by
     running the following commands:</para>
 
-<screen><userinput>./configure --libdir=/lib \
-            --sbindir=/lib/security \
-            --enable-securedir=/lib/security \
+<screen><userinput>./configure --sbindir=/lib/security \
             --docdir=/usr/share/doc/Linux-PAM-&linux-pam-version; \
-            --enable-read-both-confs \
-            --with-xauth=/usr/X11R6/bin/xauth &&
+            --enable-read-both-confs &&
 make</userinput></screen>
 
-    <!-- <para>To test the results, issue <command>make check</command>.</para> -->
+    <para>To test the results, a configuration file must be created. This file
+    will be removed after the tests have completed. Ensure there are no errors
+    produced by the tests before continuing the installation. First create the
+    configuration file by issuing the following commands as the
+    <systemitem class="username">root</systemitem> user:</para>
 
-    <para>The test suite will not provide meaningful results until the package
-    has been installed and minimally configured. If, after installing the
-    package and creating a minimum configuration as shown below in the 'other'
-    example, you wish to run the tests, issue
-    <command>make check</command>.</para>
+<screen role="root"><userinput>install -v -m755 -d /etc/pam.d &&
 
-    <!-- <tip>
-      <para>Don't delete the <application>Linux-PAM</application> source tree
-      until after you reinstall the <application>Shadow</application> package.
-      The reinstallation of the Shadow package includes much more stringent
-      security for the PAM configuration, and you can run the
-      <application>Linux-PAM</application> test suite after completing the
-      <application>Shadow</application> instructions to test the new setup. All
-      the tests should pass.</para>
-    </tip> -->
+cat > /etc/pam.d/other << "EOF"
+auth     required       pam_deny.so
+account  required       pam_deny.so
+password required       pam_deny.so
+session  required       pam_deny.so
+EOF</userinput></screen>
 
+    <para>Now run the tests by issuing <command>make check</command>.</para>
+
+    <para>Remove the configuration file created earlier by issuing the
+    following command as the
+    <systemitem class="username">root</systemitem> user:</para>
+
+<screen role="root"><userinput>rm -rfv /etc/pam.d</userinput></screen>
+
     <para>Now, as the <systemitem class="username">root</systemitem> user:</para>
 
 <screen role="root"><userinput>make install &&
@@ -137,34 +149,17 @@
    done
 fi</userinput></screen>
 
-    <!-- <para>If you downloaded the documentation, install it using the following
-    command:</para>
-
-<screen role="root"><userinput>for DOCTYPE in html pdf ps txts
-do
-    cp -v -R doc/$DOCTYPE /usr/share/doc/Linux-PAM-&linux-pam-version;
-done</userinput></screen> -->
-
   </sect2>
 
   <sect2 role="commands">
     <title>Command Explanations</title>
 
-    <para><parameter>--libdir=/lib</parameter>: This parameter results in
-    the libraries being installed in
-    <filename class='directory'>/lib</filename> as they may be required in
-    single-user mode.</para>
-
     <para><parameter>--sbindir=/lib/security</parameter>: This parameter
-    results in two executables, one of which is not intended to be run from the
-    command line, being installed in the same directory as the PAM modules.
+    results in three executables, two of which are not intended to be run from
+    the command line, being installed in the same directory as the PAM modules.
     The other executable is later moved to the
     <filename class='directory'>/sbin</filename> directory.</para>
 
-    <para><parameter>--enable-securedir=/lib/security</parameter>: This
-    parameter results in the PAM modules being installed in
-    <filename class='directory'>/lib/security</filename>.</para>
-
     <para><parameter>--docdir=...</parameter>: This parameter results in
     the documentation being installed in a versioned directory name.</para>
 
@@ -172,11 +167,13 @@
     allows the local administrator to choose which configuration file setup to
     use.</para>
 
-    <para><parameter>--with-xauth=/usr/X11R6/bin/xauth</parameter>: This
+    <!-- This appears unnecessary as the xauth module is created even if X
+         has not yet been installed.
+    <para><parameter>-with-xauth=/usr/X11R6/bin/xauth</parameter>: This
     parameter forces the build of the pam_xauth module, even if xauth is not
     yet installed.  Omit this switch if you have no plans to build
     <application>Xorg</application>, or modify the path if you intend to
-    install <application>Xorg</application> into a non-standard path.</para>
+    install <application>Xorg</application> into a non-standard path.</para> -->
 
     <para><command>chmod -v 4755 /lib/security/unix_chkpwd</command>:
     The <command>unix_chkpwd</command> password-helper program must be setuid
@@ -265,7 +262,7 @@
 
       <para>Refer to <ulink
       url="http://www.kernel.org/pub/linux/libs/pam/modules.html"/>
-      for a list of various modules available.</para>
+      for a list of various third-party modules available.</para>
 
       <important>
         <para>You should now reinstall the <xref linkend="shadow"/>
@@ -286,9 +283,11 @@
 
       <seglistitem>
         <seg>pam_tally</seg>
-        <seg>libpam.{so,a}, libpamc.{so,a}, and libpam_misc.{so,a}</seg>
-        <seg>/etc/pam.d, /etc/security, /lib/security and
-        /usr/include/security</seg>
+        <seg>libpam.{so,a}, libpamc.{so,a}, libpam_misc.{so,a} and
+        numerous PAM modules</seg>
+        <seg>/etc/pam.d, /etc/security, /lib/security,
+        /usr/include/security, /usr/share/doc/Linux-PAM-&linux-pam-version;
+        and /var/run/sepermit</seg>
       </seglistitem>
     </segmentedlist>
 




More information about the blfs-book mailing list