[blfs-book] r10656 - in trunk/BOOK: . introduction/welcome postlfs/security

krejzi at linuxfromscratch.org krejzi at linuxfromscratch.org
Wed Sep 12 08:58:39 PDT 2012


Author: krejzi
Date: 2012-09-12 09:58:34 -0600 (Wed, 12 Sep 2012)
New Revision: 10656

Modified:
   trunk/BOOK/general.ent
   trunk/BOOK/introduction/welcome/changelog.xml
   trunk/BOOK/postlfs/security/linux-pam.xml
Log:
Linux PAM 1.1.6.

Modified: trunk/BOOK/general.ent
===================================================================
--- trunk/BOOK/general.ent	2012-09-12 14:44:38 UTC (rev 10655)
+++ trunk/BOOK/general.ent	2012-09-12 15:58:34 UTC (rev 10656)
@@ -170,7 +170,7 @@
 <!ENTITY libcap2-version              "2.22">
 <!ENTITY liboauth-version             "0.9.7">
 <!ENTITY libpwquality-version         "1.2.0">
-<!ENTITY linux-pam-version            "1.1.5">
+<!ENTITY linux-pam-version            "1.1.6">
 <!ENTITY mitkrb-version               "1.10.3">
 <!ENTITY nettle-version               "2.5">
 <!ENTITY nss-major-version            "13">

Modified: trunk/BOOK/introduction/welcome/changelog.xml
===================================================================
--- trunk/BOOK/introduction/welcome/changelog.xml	2012-09-12 14:44:38 UTC (rev 10655)
+++ trunk/BOOK/introduction/welcome/changelog.xml	2012-09-12 15:58:34 UTC (rev 10656)
@@ -47,6 +47,9 @@
       <para>September 12th, 2012</para>
       <itemizedlist>
         <listitem>
+          <para>[krejzi] - Linux PAM 1.1.6.</para>
+        </listitem>
+        <listitem>
           <para>[krejzi] - Thunderbird 15.0.1.</para>
         </listitem>
       </itemizedlist>

Modified: trunk/BOOK/postlfs/security/linux-pam.xml
===================================================================
--- trunk/BOOK/postlfs/security/linux-pam.xml	2012-09-12 14:44:38 UTC (rev 10655)
+++ trunk/BOOK/postlfs/security/linux-pam.xml	2012-09-12 15:58:34 UTC (rev 10656)
@@ -4,16 +4,16 @@
   <!ENTITY % general-entities SYSTEM "../../general.ent">
   %general-entities;
 
-  <!ENTITY linux-pam-download-http "https://fedorahosted.org/releases/l/i/linux-pam/Linux-PAM-&linux-pam-version;.tar.bz2">
+  <!ENTITY linux-pam-download-http "http://linux-pam.org/library/Linux-PAM-&linux-pam-version;.tar.bz2">
   <!ENTITY linux-pam-download-ftp  " ">
-  <!ENTITY linux-pam-md5sum        "927ee5585bdec5256c75117e9348aa47">
+  <!ENTITY linux-pam-md5sum        "7b73e58b7ce79ffa321d408de06db2c4">
   <!ENTITY linux-pam-size          "1.1 MB">
-  <!ENTITY linux-pam-buildsize     "28 MB (includes installing the optional documentation)">
+  <!ENTITY linux-pam-buildsize     "28 MB">
   <!ENTITY linux-pam-time          "0.3 SBU">
 
-  <!ENTITY linux-pam-docs-download "https://fedorahosted.org/releases/l/i/linux-pam/Linux-PAM-&linux-pam-version;-docs.tar.bz2">
-  <!ENTITY linux-pam-docs-md5sum   "987e14ddce375ec7ddd2b91fbc2bd46d">
-  <!ENTITY linux-pam-docs-size     "487 KB">
+  <!ENTITY linux-pam-docs-download "http://linux-pam.org/documentation/Linux-PAM-&linux-pam-version;-docs.tar.bz2">
+  <!ENTITY linux-pam-docs-md5sum   "43d19ccf40c1feb074e29922626f4971">
+  <!ENTITY linux-pam-docs-size     "144 KB">
   <!ENTITY debian-pam-docs         "http://debian.securedservers.com/kernel/pub/linux/libs/pam">
 ]>
 
@@ -32,92 +32,123 @@
   </indexterm>
 
   <sect2 role="package">
-    <title>Introduction to Linux-PAM</title>
+    <title>Introduction to Linux PAM</title>
 
-    <para>The <application>Linux-PAM</application> package contains
-    Pluggable Authentication Modules. This is useful to enable the
-    local system administrator to choose how applications authenticate
-    users.</para>
+    <para>
+      The <application>Linux PAM</application> package contains
+      Pluggable Authentication Modules used to enable the local
+      system administrator to choose how applications authenticate
+      users.
+    </para>
 
-    &lfs70_checked;
+    &lfs72_checked;
 
     <bridgehead renderas="sect3">Package Information</bridgehead>
     <itemizedlist spacing="compact">
       <listitem>
-        <para>Download (HTTP): <ulink url="&linux-pam-download-http;"/></para>
+        <para>
+          Download (HTTP): <ulink url="&linux-pam-download-http;"/>
+        </para>
       </listitem>
       <listitem>
-        <para>Download (FTP): <ulink url="&linux-pam-download-ftp;"/></para>
+        <para>
+          Download (FTP): <ulink url="&linux-pam-download-ftp;"/>
+        </para>
       </listitem>
       <listitem>
-        <para>Download MD5 sum: &linux-pam-md5sum;</para>
+        <para>
+          Download MD5 sum: &linux-pam-md5sum;
+        </para>
       </listitem>
       <listitem>
-        <para>Download size: &linux-pam-size;</para>
+        <para>
+          Download size: &linux-pam-size;
+        </para>
       </listitem>
       <listitem>
-        <para>Estimated disk space required: &linux-pam-buildsize;</para>
+        <para>
+          Estimated disk space required: &linux-pam-buildsize;
+        </para>
       </listitem>
       <listitem>
-        <para>Estimated build time: &linux-pam-time;</para>
+        <para>
+          Estimated build time: &linux-pam-time;
+        </para>
       </listitem>
     </itemizedlist>
 
     <bridgehead renderas="sect3">Additional Downloads</bridgehead>
-    <itemizedlist spacing='compact'>
+    <itemizedlist spacing="compact">
     <title>Optional Documentation</title>
       <listitem>
-        <para>Download (HTTP): <ulink url="&linux-pam-docs-download;"/></para>
+        <para>
+          Download (HTTP): <ulink url="&linux-pam-docs-download;"/>
+        </para>
       </listitem>
       <listitem>
-        <para>Download MD5 sum: &linux-pam-docs-md5sum;</para>
+        <para>
+          Download MD5 sum: &linux-pam-docs-md5sum;
+        </para>
       </listitem>
       <listitem>
-        <para>Download size &linux-pam-docs-size;</para>
+        <para>
+          Download size &linux-pam-docs-size;
+        </para>
       </listitem>
     </itemizedlist>
 
-    <bridgehead renderas="sect3">Linux-PAM Dependencies</bridgehead>
+    <bridgehead renderas="sect3">Linux PAM Dependencies</bridgehead>
 
     <bridgehead renderas="sect4">Optional</bridgehead>
-    <para role="optional"><xref linkend="cracklib"/>,
-    <xref linkend="libtirpc"/>, <xref linkend="x-window-system"/>,
-    <xref linkend="db"/> (for the pam_userdb module), and
-    <ulink url="http://www.prelude-ids.org/">Prelude</ulink></para>
+    <para role="optional">
+      <xref linkend="db"/>,
+      <xref linkend="cracklib"/>,
+      <xref linkend="libtirpc"/> and
+      <ulink url="http://www.prelude-ids.org/">Prelude</ulink>
+    </para>
 
-    <bridgehead renderas="sect4">Optional (To {,Re}build the Documentation)</bridgehead>
-    <para role="optional"><xref linkend="libxslt"/>,
-    <xref linkend="DocBook"/>,
-    <xref linkend="docbook-xsl"/>,
-    <xref linkend="w3m"/>, and
-    <xref linkend="fop"/></para>
+    <bridgehead renderas="sect4">Optional (To Rebuild the Documentation)</bridgehead>
+    <para role="optional">
+      <xref linkend="DocBook"/>,
+      <xref linkend="docbook-xsl"/>,
+      <xref linkend="fop"/>,
+      <xref linkend="libxslt"/> and
+      <xref linkend="w3m"/>
+    </para>
 
     <para condition="html" role="usernotes">User Notes:
-    <ulink url="&blfs-wiki;/linux-pam"/></para>
+      <ulink url="&blfs-wiki;/linux-pam"/>
+    </para>
   </sect2>
 
   <sect2 role="installation">
-    <title>Installation of Linux-PAM</title>
+    <title>Installation of Linux PAM</title>
 
-    <para>If you downloaded the documentation, unpack the tarball by issuing
-    the following command.</para>
+    <para>
+      If you downloaded the documentation, unpack the tarball by issuing
+      the following command.
+    </para>
 
 <screen><userinput>tar -xf ../Linux-PAM-&linux-pam-version;-docs.tar.bz2 --strip-components=1</userinput></screen>
 
-    <para>Install <application>Linux-PAM</application> by
-    running the following commands:</para>
+    <para>
+      Install <application>Linux PAM</application> by
+      running the following commands:
+    </para>
 
-<screen><userinput>./configure --sbindir=/lib/security \
+<screen><userinput>./configure --prefix=/usr \
+            --sysconfdir=/etc \
             --docdir=/usr/share/doc/Linux-PAM-&linux-pam-version; \
-            --disable-nis \
-            --enable-read-both-confs &&
+            --disable-nis &&
 make</userinput></screen>
 
-    <para>To test the results, a configuration file must be created. This file
-    will be removed after the tests have completed. Ensure there are no errors
-    produced by the tests before continuing the installation. First create the
-    configuration file by issuing the following commands as the
-    <systemitem class="username">root</systemitem> user:</para>
+    <para>
+      To test the results, a configuration file must be created. This file
+      will be removed after the tests have completed. Ensure there are no errors
+      produced by the tests before continuing the installation. First create the
+      configuration file by issuing the following commands as the
+      <systemitem class="username">root</systemitem> user:
+    </para>
 
 <screen role="root"><userinput>install -v -m755 -d /etc/pam.d &&
 
@@ -128,55 +159,44 @@
 session  required       pam_deny.so
 EOF</userinput></screen>
 
-    <para>Now run the tests by issuing <command>make check</command>.</para>
+    <para>
+      Now run the tests by issuing <command>make check</command>.
+    </para>
 
-    <para>Remove the configuration file created earlier by issuing the
-    following command as the
-    <systemitem class="username">root</systemitem> user:</para>
+    <para>
+      Remove the configuration file created earlier by issuing the
+      following command as the
+      <systemitem class="username">root</systemitem> user:
+    </para>
 
 <screen role="root"><userinput>rm -rfv /etc/pam.d</userinput></screen>
 
-    <para>Now, as the <systemitem class="username">root</systemitem>
-    user:</para>
+    <para>
+      Now, as the <systemitem class="username">root</systemitem>
+      user:
+    </para>
 
 <screen role="root"><userinput>make install &&
-chmod -v 4755 /lib/security/unix_chkpwd &&
-mv -v /lib/security/pam_tally /sbin</userinput></screen>
+chmod -v 4755 /sbin/security/unix_chkpwd</userinput></screen>
   </sect2>
 
   <sect2 role="commands">
     <title>Command Explanations</title>
 
-    <para><parameter>--sbindir=/lib/security</parameter>: This parameter
-    results in three executables, two of which are not intended to be run from
-    the command line, being installed in the same directory as the PAM modules.
-    The other executable is later moved to the
-    <filename class="directory">/sbin</filename> directory.</para>
+    <para>
+      <option>--disable-nis</option>: This switch disables building
+      of the Network Information Service/Yellow Pages support in
+      pam_unix and pam_access modules. Remove it if you have installed
+      <xref linkend="libtirpc"/>.
+    </para>
 
-    <para><parameter>--docdir=...</parameter>: This parameter results in
-    the documentation being installed in a versioned directory name.</para>
+    <para>
+      <command>chmod -v 4755 /sbin/security/unix_chkpwd</command>:
+      The <command>unix_chkpwd</command> helper program must be setuid
+      so that non-<systemitem class="username">root</systemitem>
+      processes can access the shadow file.
+    </para>
 
-    <para><parameter>--disable-nis</parameter>: This option disables building
-    Network Information Service/Yellow Pages support in pam_unix and pam_access.
-    The RPC implementation in glibc (on which NIS/YP depends) is deprecated.
-    However, the same functionality is provided by
-    <application>Libtirpc</application> so if you've installed
-    <xref linkend="libtirpc"/> you can remove the
-    <parameter>--disable-nis</parameter> option.</para>
-
-    <para><parameter>--enable-read-both-confs</parameter>: This parameter
-    allows the local administrator to choose which configuration file setup to
-    use.</para>
-
-    <para><command>chmod -v 4755 /lib/security/unix_chkpwd</command>:
-    The <command>unix_chkpwd</command> password-helper program must be setuid
-    so that non-<systemitem class="username">root</systemitem> processes can
-    access the shadow-password file.</para>
-
-    <para><command>mv -v /lib/security/pam_tally /sbin</command>: The
-    <command>pam_tally</command> program is designed to be run by the system
-    administrator, possibly in single-user mode, so it is moved to the
-    appropriate directory.</para>
   </sect2>
 
   <sect2 role="configuration">
@@ -185,9 +205,10 @@
     <sect3 id="pam-config">
       <title>Config Files</title>
 
-      <para><filename>/etc/security/*</filename> and
-      <filename>/etc/pam.d/*</filename> or
-      <filename>/etc/pam.conf</filename></para>
+      <para>
+        <filename>/etc/security/*</filename> and
+        <filename>/etc/pam.d/*</filename>
+      </para>
 
       <indexterm zone="linux-pam pam-config">
         <primary sortas="e-etc-security">/etc/security/*</primary>
@@ -197,18 +218,16 @@
         <primary sortas="e-etc-pam.d">/etc/pam.d/*</primary>
       </indexterm>
 
-      <indexterm zone="linux-pam pam-config">
-        <primary sortas="e-etc-pam.conf">/etc/pam.conf</primary>
-      </indexterm>
     </sect3>
 
     <sect3>
       <title>Configuration Information</title>
 
-      <para>Configuration information is placed in
-      <filename class="directory">/etc/pam.d/</filename> or
-      <filename>/etc/pam.conf</filename> depending on system administrator
-       preference. Below are example files of each type:</para>
+      <para>
+        Configuration information is placed in
+        <filename class="directory">/etc/pam.d/</filename>.
+        Below is an example file:
+      </para>
 
 <screen><literal># Begin /etc/pam.d/other
 
@@ -217,32 +236,31 @@
 session         required        pam_unix.so
 password        required        pam_unix.so     nullok
 
-# End /etc/pam.d/other
+# End /etc/pam.d/other</literal></screen>
 
-# Begin /etc/pam.conf
+      <para>
+        The <application>PAM</application> man page (<command>man
+        pam</command>) provides a good starting point for descriptions
+        of fields and allowable entries. The <ulink
+        url="&debian-pam-docs;/Linux-PAM-html/Linux-PAM_SAG.html">Linux-PAM
+        System Administrators' Guide</ulink> is recommended for additional
+        information.
+      </para>
 
-other           auth            required        pam_unix.so     nullok
-other           account         required        pam_unix.so
-other           session         required        pam_unix.so
-other           password        required        pam_unix.so     nullok
+      <para>
+        Refer to <ulink url="&debian-pam-docs;/modules.html"/> for a list
+        of various third-party modules available.
+      </para>
 
-# End /etc/pam.conf</literal></screen>
-
-      <para>The <application>PAM</application> man page (<command>man
-      pam</command>) provides a good starting point for descriptions of fields
-      and allowable entries. The <ulink
-      url="&debian-pam-docs;/Linux-PAM-html/Linux-PAM_SAG.html"> Linux-PAM
-      System Administrators' Guide</ulink> is recommended for additional
-      information.</para>
-
-      <para>Refer to <ulink url="&debian-pam-docs;/modules.html"/> for a list
-      of various third-party modules available.</para>
-
       <important>
-        <para>You should now reinstall the <xref linkend="shadow"/>
-        package.</para>
+        <para>
+          You should now reinstall the <xref linkend="shadow"/>
+          package.
+        </para>
       </important>
+
     </sect3>
+
   </sect2>
 
   <sect2 role="content">
@@ -254,12 +272,20 @@
       <segtitle>Installed Directories</segtitle>
 
       <seglistitem>
-        <seg>pam_tally</seg>
-        <seg>libpam.{so,a}, libpamc.{so,a}, libpam_misc.{so,a} and
-        numerous PAM modules</seg>
-        <seg>/etc/security, /lib/security, /usr/include/security,
-        /usr/share/doc/Linux-PAM-&linux-pam-version;,
-        and /var/run/sepermit</seg>
+        <seg>
+          mkhomedir_helper, pam_tally, pam_tally2,
+          pam_timestamp_check, unix_chkpwd and
+          unix_update
+        </seg>
+        <seg>
+          libpam.so, libpamc.so and libpam_misc.so
+        </seg>
+        <seg>
+          /etc/security,
+          /lib/security,
+          /usr/include/security and
+          /usr/share/doc/Linux-PAM-&linux-pam-version;
+        </seg>
       </seglistitem>
     </segmentedlist>
 
@@ -268,27 +294,95 @@
       <?dbfo list-presentation="list"?>
       <?dbhtml list-presentation="table"?>
 
+      <varlistentry id="mkhomedir_helper">
+        <term><command>mkhomedir_helper</command></term>
+        <listitem>
+          <para>
+            is a helper binary that creates home directories.
+          </para>
+          <indexterm zone="linux-pam mkhomedir_helper">
+            <primary sortas="b-mkhomedir_helper">mkhomedir_helper</primary>
+          </indexterm>
+        </listitem>
+      </varlistentry>
+
       <varlistentry id="pam_tally">
         <term><command>pam_tally</command></term>
         <listitem>
-          <para>is used to view or manipulate the <filename>faillog</filename>
-          file.</para>
+          <para>
+            is used to interrogate and manipulate the login counter file.
+          </para>
           <indexterm zone="linux-pam pam_tally">
             <primary sortas="b-pam_tally">pam_tally</primary>
           </indexterm>
         </listitem>
       </varlistentry>
 
+      <varlistentry id="pam_tally2">
+        <term><command>pam_tally2</command></term>
+        <listitem>
+          <para>
+            is used to interrogate and manipulate the login counter file, but
+            does not have some limitations that <command>pam_tally</command>
+            does.
+          </para>
+          <indexterm zone="linux-pam pam_tally2">
+            <primary sortas="b-pam_tally2">pam_tally2</primary>
+          </indexterm>
+        </listitem>
+      </varlistentry>
+
+      <varlistentry id="pam_timestamp_check">
+        <term><command>pam_timestamp_check</command></term>
+        <listitem>
+          <para>
+            is used to check if the default timestamp is valid
+          </para>
+          <indexterm zone="linux-pam pam_timestamp_check">
+            <primary sortas="b-pam_timestamp_check">pam_timestamp_check</primary>
+          </indexterm>
+        </listitem>
+      </varlistentry>
+
+      <varlistentry id="unix_chkpwd">
+        <term><command>unix_chkpwd</command></term>
+        <listitem>
+          <para>
+            is a helper binary that verifies the password of the current user.
+          </para>
+          <indexterm zone="linux-pam unix_chkpwd">
+            <primary sortas="b-unix_chkpwd">unix_chkpwd</primary>
+          </indexterm>
+        </listitem>
+      </varlistentry>
+
+      <varlistentry id="unix_update">
+        <term><command>unix_update</command></term>
+        <listitem>
+          <para>
+            is a helper binary that updates the password of a given user.
+          </para>
+          <indexterm zone="linux-pam unix_update">
+            <primary sortas="b-unix_update">unix_update</primary>
+          </indexterm>
+        </listitem>
+      </varlistentry>
+
       <varlistentry id="libpam">
-        <term><filename class="libraryfile">libpam.{so,a}</filename></term>
+        <term><filename class="libraryfile">libpam.so</filename></term>
         <listitem>
-          <para>provides the interfaces between applications and the
-          PAM modules.</para>
+          <para>
+            provides the interfaces between applications and the
+            PAM modules.
+          </para>
           <indexterm zone="linux-pam libpam">
-            <primary sortas="c-libpam">libpam.{so,a}</primary>
+            <primary sortas="c-libpam">libpam.so</primary>
           </indexterm>
         </listitem>
       </varlistentry>
+
     </variablelist>
+
   </sect2>
+
 </sect1>




More information about the blfs-book mailing list