- add password-auth, fingerprint-auth, and smartcard-auth for applications
which can use them namely gdm (#494874) patch by Ray Strode
This commit is contained in:
parent
02fa35ccd2
commit
4b9fc2208b
18
fingerprint-auth.pamd
Normal file
18
fingerprint-auth.pamd
Normal file
@ -0,0 +1,18 @@
|
||||
#%PAM-1.0
|
||||
# This file is auto-generated.
|
||||
# User changes will be destroyed the next time authconfig is run.
|
||||
auth required pam_env.so
|
||||
auth sufficient pam_fprintd.so
|
||||
auth required pam_deny.so
|
||||
|
||||
account required pam_unix.so
|
||||
account sufficient pam_localuser.so
|
||||
account sufficient pam_succeed_if.so uid < 500 quiet
|
||||
account required pam_permit.so
|
||||
|
||||
password required pam_deny.so
|
||||
|
||||
session optional pam_keyinit.so revoke
|
||||
session required pam_limits.so
|
||||
session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid
|
||||
session required pam_unix.so
|
35
pam.spec
35
pam.spec
@ -3,7 +3,7 @@
|
||||
Summary: An extensible library which provides authentication for applications
|
||||
Name: pam
|
||||
Version: 1.0.91
|
||||
Release: 5%{?dist}
|
||||
Release: 6%{?dist}
|
||||
# The library is BSD licensed with option to relicense as GPLv2+ - this option is redundant
|
||||
# as the BSD license allows that anyway. pam_timestamp and pam_console modules are GPLv2+,
|
||||
# pam_rhosts_auth module is BSD with advertising
|
||||
@ -14,11 +14,14 @@ Source1: http://ftp.us.kernel.org/pub/linux/libs/pam/beta/Linux-PAM-%{version}.t
|
||||
Source2: https://fedorahosted.org/releases/p/a/pam-redhat/pam-redhat-%{pam_redhat_version}.tar.bz2
|
||||
Source5: other.pamd
|
||||
Source6: system-auth.pamd
|
||||
Source7: config-util.pamd
|
||||
Source8: dlopen.sh
|
||||
Source9: system-auth.5
|
||||
Source10: config-util.5
|
||||
Source11: 90-nproc.conf
|
||||
Source7: password-auth.pamd
|
||||
Source8: fingerprint-auth.pamd
|
||||
Source9: smartcard-auth.pamd
|
||||
Source10: config-util.pamd
|
||||
Source11: dlopen.sh
|
||||
Source12: system-auth.5
|
||||
Source13: config-util.5
|
||||
Source14: 90-nproc.conf
|
||||
Patch1: pam-1.0.90-redhat-modules.patch
|
||||
Patch2: pam-1.0.91-std-noclose.patch
|
||||
|
||||
@ -84,6 +87,7 @@ mv pam-redhat-%{pam_redhat_version}/* modules
|
||||
%patch1 -p1 -b .redhat-modules
|
||||
%patch2 -p1 -b .std-noclose
|
||||
|
||||
libtoolize -f
|
||||
autoreconf
|
||||
|
||||
%build
|
||||
@ -126,15 +130,18 @@ rm -f $RPM_BUILD_ROOT%{_sysconfdir}/environment
|
||||
install -d -m 755 $RPM_BUILD_ROOT%{_pamconfdir}
|
||||
install -m 644 %{SOURCE5} $RPM_BUILD_ROOT%{_pamconfdir}/other
|
||||
install -m 644 %{SOURCE6} $RPM_BUILD_ROOT%{_pamconfdir}/system-auth
|
||||
install -m 644 %{SOURCE7} $RPM_BUILD_ROOT%{_pamconfdir}/config-util
|
||||
install -m 644 %{SOURCE11} $RPM_BUILD_ROOT%{_secconfdir}/limits.d/90-nproc.conf
|
||||
install -m 644 %{SOURCE7} $RPM_BUILD_ROOT%{_pamconfdir}/password-auth
|
||||
install -m 644 %{SOURCE8} $RPM_BUILD_ROOT%{_pamconfdir}/fingerprint-auth
|
||||
install -m 644 %{SOURCE9} $RPM_BUILD_ROOT%{_pamconfdir}/smartcard-auth
|
||||
install -m 644 %{SOURCE10} $RPM_BUILD_ROOT%{_pamconfdir}/config-util
|
||||
install -m 644 %{SOURCE14} $RPM_BUILD_ROOT%{_secconfdir}/limits.d/90-nproc.conf
|
||||
install -m 600 /dev/null $RPM_BUILD_ROOT%{_secconfdir}/opasswd
|
||||
install -d -m 755 $RPM_BUILD_ROOT/var/log
|
||||
install -m 600 /dev/null $RPM_BUILD_ROOT/var/log/faillog
|
||||
install -m 600 /dev/null $RPM_BUILD_ROOT/var/log/tallylog
|
||||
|
||||
# Install man pages.
|
||||
install -m 644 %{SOURCE9} %{SOURCE10} $RPM_BUILD_ROOT%{_mandir}/man5/
|
||||
install -m 644 %{SOURCE12} %{SOURCE13} $RPM_BUILD_ROOT%{_mandir}/man5/
|
||||
|
||||
for phase in auth acct passwd session ; do
|
||||
ln -sf pam_unix.so $RPM_BUILD_ROOT%{_moduledir}/pam_unix_${phase}.so
|
||||
@ -179,7 +186,7 @@ done
|
||||
/sbin/ldconfig -n $RPM_BUILD_ROOT/%{_lib}
|
||||
for module in $RPM_BUILD_ROOT%{_moduledir}/pam*.so ; do
|
||||
if ! env LD_LIBRARY_PATH=$RPM_BUILD_ROOT/%{_lib} \
|
||||
%{SOURCE8} -ldl -lpam -L$RPM_BUILD_ROOT/%{_libdir} ${module} ; then
|
||||
%{SOURCE11} -ldl -lpam -L$RPM_BUILD_ROOT/%{_libdir} ${module} ; then
|
||||
echo ERROR module: ${module} cannot be loaded.
|
||||
exit 1
|
||||
fi
|
||||
@ -204,6 +211,9 @@ fi
|
||||
%dir %{_pamconfdir}
|
||||
%config(noreplace) %{_pamconfdir}/other
|
||||
%config(noreplace) %{_pamconfdir}/system-auth
|
||||
%config(noreplace) %{_pamconfdir}/password-auth
|
||||
%config(noreplace) %{_pamconfdir}/fingerprint-auth
|
||||
%config(noreplace) %{_pamconfdir}/smartcard-auth
|
||||
%config(noreplace) %{_pamconfdir}/config-util
|
||||
%doc Copyright
|
||||
%doc doc/txts
|
||||
@ -315,6 +325,11 @@ fi
|
||||
%doc doc/adg/*.txt doc/adg/html
|
||||
|
||||
%changelog
|
||||
* Fri Apr 10 2009 Tomas Mraz <tmraz@redhat.com> 1.0.91-6
|
||||
- add password-auth, fingerprint-auth, and smartcard-auth
|
||||
for applications which can use them namely gdm (#494874)
|
||||
patch by Ray Strode
|
||||
|
||||
* Thu Mar 26 2009 Tomas Mraz <tmraz@redhat.com> 1.0.91-5
|
||||
- replace also other std descriptors (#491471)
|
||||
|
||||
|
20
password-auth.pamd
Normal file
20
password-auth.pamd
Normal file
@ -0,0 +1,20 @@
|
||||
#%PAM-1.0
|
||||
# This file is auto-generated.
|
||||
# User changes will be destroyed the next time authconfig is run.
|
||||
auth required pam_env.so
|
||||
auth sufficient pam_unix.so nullok try_first_pass
|
||||
auth required pam_deny.so
|
||||
|
||||
account required pam_unix.so
|
||||
account sufficient pam_localuser.so
|
||||
account sufficient pam_succeed_if.so uid < 500 quiet
|
||||
account required pam_permit.so
|
||||
|
||||
password requisite pam_cracklib.so try_first_pass retry=3 type=
|
||||
password sufficient pam_unix.so nullok try_first_pass use_authtok
|
||||
password required pam_deny.so
|
||||
|
||||
session optional pam_keyinit.so revoke
|
||||
session required pam_limits.so
|
||||
session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid
|
||||
session required pam_unix.so
|
19
smartcard-auth.pamd
Normal file
19
smartcard-auth.pamd
Normal file
@ -0,0 +1,19 @@
|
||||
#%PAM-1.0
|
||||
# This file is auto-generated.
|
||||
# User changes will be destroyed the next time authconfig is run.
|
||||
auth required pam_env.so
|
||||
auth [success=done ignore=ignore default=die] pam_pkcs11.so wait_for_card
|
||||
auth required pam_deny.so
|
||||
|
||||
account required pam_unix.so
|
||||
account sufficient pam_localuser.so
|
||||
account sufficient pam_succeed_if.so uid < 500 quiet
|
||||
account required pam_permit.so
|
||||
|
||||
password optional pam_pkcs11.so
|
||||
password requisite pam_cracklib.so try_first_pass retry=3 type=
|
||||
|
||||
session optional pam_keyinit.so revoke
|
||||
session required pam_limits.so
|
||||
session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid
|
||||
session required pam_unix.so
|
@ -1,25 +1,37 @@
|
||||
.TH SYSTEM-AUTH 5 "2006 Feb 3" "Red Hat" "Linux-PAM Manual"
|
||||
.TH SYSTEM-AUTH 5 "2009 Apr 10" "Red Hat" "Linux-PAM Manual"
|
||||
.SH NAME
|
||||
|
||||
system-auth \- Common configuration file for PAMified services
|
||||
|
||||
.SH SYNOPSIS
|
||||
.B /etc/pam.d/system-auth
|
||||
.B /etc/pam.d/password-auth
|
||||
.B /etc/pam.d/fingerprint-auth
|
||||
.B /etc/pam.d/smartcard-auth
|
||||
.sp 2
|
||||
.SH DESCRIPTION
|
||||
|
||||
The purpose of this configuration file is to provide common
|
||||
configuration file for all applications and service daemons
|
||||
calling PAM library.
|
||||
The purpose of these configuration files are to provide a common
|
||||
interface for all applications and service daemons calling into
|
||||
the PAM library.
|
||||
|
||||
.sp
|
||||
The
|
||||
.BR system-auth
|
||||
configuration file is included from all individual service configuration
|
||||
configuration file is included from nearly all individual service configuration
|
||||
files with the help of the
|
||||
.BR include
|
||||
directive.
|
||||
|
||||
.sp
|
||||
The
|
||||
.BR password-auth
|
||||
.BR fingerprint-auth
|
||||
.BR smartcard-auth
|
||||
configuration files are for applications which handle authentication from
|
||||
different types of devices via simultaneously running individual conversations
|
||||
instead of one aggregate conversation.
|
||||
|
||||
.SH NOTES
|
||||
There should be no
|
||||
.BR sufficient
|
||||
|
Loading…
Reference in New Issue
Block a user