- add password-auth, fingerprint-auth, and smartcard-auth for applications

which can use them namely gdm (#494874) patch by Ray Strode
2009-04-10 16:06:24 +00:00 · 2009-04-10 16:06:24 +00:00 · 4b9fc2208b
commit 4b9fc2208b
parent 02fa35ccd2
5 changed files with 99 additions and 15 deletions
--- a/fingerprint-auth.pamd
+++ b/fingerprint-auth.pamd
@ -0,0 +1,18 @@
 #%PAM-1.0
 # This file is auto-generated.
 # User changes will be destroyed the next time authconfig is run.
 auth        required      pam_env.so
 auth        sufficient    pam_fprintd.so
 auth        required      pam_deny.so
 account     required      pam_unix.so
 account     sufficient    pam_localuser.so
 account     sufficient    pam_succeed_if.so uid < 500 quiet
 account     required      pam_permit.so
 password    required      pam_deny.so
 session     optional      pam_keyinit.so revoke
 session     required      pam_limits.so
 session     [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid
 session     required      pam_unix.so
--- a/pam.spec
+++ b/pam.spec
@ -3,7 +3,7 @@
 Summary: An extensible library which provides authentication for applications
 Name: pam
 Version: 1.0.91
-Release: 5%{?dist}
+Release: 6%{?dist}
 # The library is BSD licensed with option to relicense as GPLv2+ - this option is redundant
 # as the BSD license allows that anyway. pam_timestamp and pam_console modules are GPLv2+,
 # pam_rhosts_auth module is BSD with advertising
@ -14,11 +14,14 @@ Source1: http://ftp.us.kernel.org/pub/linux/libs/pam/beta/Linux-PAM-%{version}.t
 Source2: https://fedorahosted.org/releases/p/a/pam-redhat/pam-redhat-%{pam_redhat_version}.tar.bz2
 Source5: other.pamd
 Source6: system-auth.pamd
-Source7: config-util.pamd
+Source7: password-auth.pamd
-Source8: dlopen.sh
+Source8: fingerprint-auth.pamd
-Source9: system-auth.5
+Source9: smartcard-auth.pamd
-Source10: config-util.5
+Source10: config-util.pamd
-Source11: 90-nproc.conf
+Source11: dlopen.sh
 Source12: system-auth.5
 Source13: config-util.5
 Source14: 90-nproc.conf
 Patch1:  pam-1.0.90-redhat-modules.patch
 Patch2:  pam-1.0.91-std-noclose.patch
@ -84,6 +87,7 @@ mv pam-redhat-%{pam_redhat_version}/* modules
 %patch1 -p1 -b .redhat-modules
 %patch2 -p1 -b .std-noclose
 libtoolize -f
 autoreconf
 %build
@ -126,15 +130,18 @@ rm -f $RPM_BUILD_ROOT%{_sysconfdir}/environment
 install -d -m 755 $RPM_BUILD_ROOT%{_pamconfdir}
 install -m 644 %{SOURCE5} $RPM_BUILD_ROOT%{_pamconfdir}/other
 install -m 644 %{SOURCE6} $RPM_BUILD_ROOT%{_pamconfdir}/system-auth
-install -m 644 %{SOURCE7} $RPM_BUILD_ROOT%{_pamconfdir}/config-util
+install -m 644 %{SOURCE7} $RPM_BUILD_ROOT%{_pamconfdir}/password-auth
-install -m 644 %{SOURCE11} $RPM_BUILD_ROOT%{_secconfdir}/limits.d/90-nproc.conf
+install -m 644 %{SOURCE8} $RPM_BUILD_ROOT%{_pamconfdir}/fingerprint-auth
 install -m 644 %{SOURCE9} $RPM_BUILD_ROOT%{_pamconfdir}/smartcard-auth
 install -m 644 %{SOURCE10} $RPM_BUILD_ROOT%{_pamconfdir}/config-util
 install -m 644 %{SOURCE14} $RPM_BUILD_ROOT%{_secconfdir}/limits.d/90-nproc.conf
 install -m 600 /dev/null $RPM_BUILD_ROOT%{_secconfdir}/opasswd
 install -d -m 755 $RPM_BUILD_ROOT/var/log
 install -m 600 /dev/null $RPM_BUILD_ROOT/var/log/faillog
 install -m 600 /dev/null $RPM_BUILD_ROOT/var/log/tallylog
 # Install man pages.
-install -m 644 %{SOURCE9} %{SOURCE10} $RPM_BUILD_ROOT%{_mandir}/man5/
+install -m 644 %{SOURCE12} %{SOURCE13} $RPM_BUILD_ROOT%{_mandir}/man5/
 for phase in auth acct passwd session ; do
 	ln -sf pam_unix.so $RPM_BUILD_ROOT%{_moduledir}/pam_unix_${phase}.so 
@ -179,7 +186,7 @@ done
 /sbin/ldconfig -n $RPM_BUILD_ROOT/%{_lib}
 for module in $RPM_BUILD_ROOT%{_moduledir}/pam*.so ; do
 	if ! env LD_LIBRARY_PATH=$RPM_BUILD_ROOT/%{_lib} \
-		 %{SOURCE8} -ldl -lpam -L$RPM_BUILD_ROOT/%{_libdir} ${module} ; then
+		 %{SOURCE11} -ldl -lpam -L$RPM_BUILD_ROOT/%{_libdir} ${module} ; then
 		echo ERROR module: ${module} cannot be loaded.
 		exit 1
 	fi
@ -204,6 +211,9 @@ fi
 %dir %{_pamconfdir}
 %config(noreplace) %{_pamconfdir}/other
 %config(noreplace) %{_pamconfdir}/system-auth
 %config(noreplace) %{_pamconfdir}/password-auth
 %config(noreplace) %{_pamconfdir}/fingerprint-auth
 %config(noreplace) %{_pamconfdir}/smartcard-auth
 %config(noreplace) %{_pamconfdir}/config-util
 %doc Copyright
 %doc doc/txts
@ -315,6 +325,11 @@ fi
 %doc doc/adg/*.txt doc/adg/html
 %changelog
 * Fri Apr 10 2009 Tomas Mraz <tmraz@redhat.com> 1.0.91-6
 - add password-auth, fingerprint-auth, and smartcard-auth
  for applications which can use them namely gdm (#494874)
  patch by Ray Strode
 * Thu Mar 26 2009 Tomas Mraz <tmraz@redhat.com> 1.0.91-5
 - replace also other std descriptors (#491471)
--- a/password-auth.pamd
+++ b/password-auth.pamd
@ -0,0 +1,20 @@
 #%PAM-1.0
 # This file is auto-generated.
 # User changes will be destroyed the next time authconfig is run.
 auth        required      pam_env.so
 auth        sufficient    pam_unix.so nullok try_first_pass
 auth        required      pam_deny.so
 account     required      pam_unix.so
 account     sufficient    pam_localuser.so
 account     sufficient    pam_succeed_if.so uid < 500 quiet
 account     required      pam_permit.so
 password    requisite     pam_cracklib.so try_first_pass retry=3 type=
 password    sufficient    pam_unix.so nullok try_first_pass use_authtok
 password    required      pam_deny.so
 session     optional      pam_keyinit.so revoke
 session     required      pam_limits.so
 session     [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid
 session     required      pam_unix.so
--- a/smartcard-auth.pamd
+++ b/smartcard-auth.pamd
@ -0,0 +1,19 @@
 #%PAM-1.0
 # This file is auto-generated.
 # User changes will be destroyed the next time authconfig is run.
 auth        required      pam_env.so
 auth        [success=done ignore=ignore default=die] pam_pkcs11.so wait_for_card
 auth        required      pam_deny.so
 account     required      pam_unix.so
 account     sufficient    pam_localuser.so
 account     sufficient    pam_succeed_if.so uid < 500 quiet
 account     required      pam_permit.so
 password    optional      pam_pkcs11.so
 password    requisite     pam_cracklib.so try_first_pass retry=3 type=
 session     optional      pam_keyinit.so revoke
 session     required      pam_limits.so
 session     [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid
 session     required      pam_unix.so
--- a/system-auth.5
+++ b/system-auth.5
@ -1,25 +1,37 @@
-.TH SYSTEM-AUTH 5 "2006 Feb 3" "Red Hat" "Linux-PAM Manual"
+.TH SYSTEM-AUTH 5 "2009 Apr 10" "Red Hat" "Linux-PAM Manual"
 .SH NAME
 system-auth \- Common configuration file for PAMified services
 .SH SYNOPSIS
 .B /etc/pam.d/system-auth
 .B /etc/pam.d/password-auth
 .B /etc/pam.d/fingerprint-auth
 .B /etc/pam.d/smartcard-auth
 .sp 2
 .SH DESCRIPTION
-The purpose of this configuration file is to provide common 
+The purpose of these configuration files are to provide a common
-configuration file for all applications and service daemons
+interface for all applications and service daemons calling into
-calling PAM library.
+the PAM library.
 .sp
 The
 .BR system-auth
-configuration file is included from all individual service configuration
+configuration file is included from nearly all individual service configuration
 files with the help of the
 .BR include
 directive.
 .sp
 The
 .BR password-auth
 .BR fingerprint-auth
 .BR smartcard-auth
 configuration files are for applications which handle authentication from
 different types of devices via simultaneously running individual conversations
 instead of one aggregate conversation.
 .SH NOTES
 There should be no
 .BR sufficient