* [ptxdist] [PATCHv6] linux-pam: this patch add Linux-PAM support to ptxdist
@ 2015-07-09 13:59 Oliver Graute
2015-07-16 11:00 ` Michael Olbrich
0 siblings, 1 reply; 2+ messages in thread
From: Oliver Graute @ 2015-07-09 13:59 UTC (permalink / raw)
To: ptxdist; +Cc: Oliver Graute
this patch add Linux-PAM support to ptxdist
Signed-off-by: Oliver Graute <oliver.graute@neuhaus.de>
---
configs/platform-dnt3202/projectroot/etc/pam.conf | 125 +++++++++++++++++++++
rules/linux-pam.in | 14 +++
rules/linux-pam.make | 57 ++++++++++
3 files changed, 196 insertions(+)
create mode 100644 configs/platform-dnt3202/projectroot/etc/pam.conf
create mode 100644 rules/linux-pam.in
create mode 100644 rules/linux-pam.make
diff --git a/configs/platform-dnt3202/projectroot/etc/pam.conf b/configs/platform-dnt3202/projectroot/etc/pam.conf
new file mode 100644
index 0000000..3a06bd6
--- /dev/null
+++ b/configs/platform-dnt3202/projectroot/etc/pam.conf
@@ -0,0 +1,125 @@
+# ---------------------------------------------------------------------------#
+# /etc/pam.conf #
+# #
+# Last modified by Andrew G. Morgan <morgan@kernel.org> #
+# ---------------------------------------------------------------------------#
+# $Id$
+# ---------------------------------------------------------------------------#
+# serv. module ctrl module [path] ...[args..] #
+# name type flag #
+# ---------------------------------------------------------------------------#
+#
+# The PAM configuration file for the `chfn' service
+#
+chfn auth required pam_unix.so
+chfn account required pam_unix.so
+chfn password required pam_cracklib.so retry=3
+chfn password required pam_unix.so shadow md5 use_authtok
+#
+# The PAM configuration file for the `chsh' service
+#
+chsh auth required pam_unix.so
+chsh account required pam_unix.so
+chsh password required pam_cracklib.so retry=3
+chsh password required pam_unix.so shadow md5 use_authtok
+#
+# The PAM configuration file for the `ftp' service
+#
+ftp auth requisite pam_listfile.so \
+ item=user sense=deny file=/etc/ftpusers onerr=succeed
+ftp auth requisite pam_shells.so
+ftp auth required pam_unix.so
+ftp account required pam_unix.so
+#
+# The PAM configuration file for the `imap' service
+#
+imap auth required pam_unix.so
+imap account required pam_unix.so
+#
+# The PAM configuration file for the `login' service
+#
+login auth requisite pam_securetty.so
+login auth required pam_unix.so
+login auth optional pam_group.so
+login account requisite pam_time.so
+login account required pam_unix.so
+login password required pam_cracklib.so retry=3
+login password required pam_unix.so shadow md5 use_authtok
+login session required pam_unix.so
+#
+# The PAM configuration file for the `netatalk' service
+#
+netatalk auth required pam_unix.so
+netatalk account required pam_unix.so
+#
+# The PAM configuration file for the `other' service
+#
+other auth required pam_deny.so
+other auth required pam_warn.so
+other account required pam_deny.so
+other password required pam_deny.so
+other password required pam_warn.so
+other session required pam_deny.so
+#
+# The PAM configuration file for the `passwd' service
+#
+passwd password requisite pam_cracklib.so retry=3
+passwd password required pam_unix.so shadow md5 use_authtok
+#
+# The PAM configuration file for the `rexec' service
+#
+rexec auth requisite pam_securetty.so
+rexec auth requisite pam_nologin.so
+rexec auth sufficient pam_rhosts_auth.so
+rexec auth required pam_unix.so
+rexec account required pam_unix.so
+rexec session required pam_unix.so
+rexec session required pam_limits.so
+#
+# The PAM configuration file for the `rlogin' service
+# this application passes control to `login' if it fails
+#
+rlogin auth requisite pam_securetty.so
+rlogin auth requisite pam_nologin.so
+rlogin auth required pam_rhosts_auth.so
+rlogin account required pam_unix.so
+rlogin password required pam_cracklib.so retry=3
+rlogin password required pam_unix.so shadow md5 use_authtok
+rlogin session required pam_unix.so
+rlogin session required pam_limits.so
+#
+# The PAM configuration file for the `rsh' service
+#
+rsh auth requisite pam_securetty.so
+rsh auth requisite pam_nologin.so
+rsh auth sufficient pam_rhosts_auth.so
+rsh auth required pam_unix.so
+rsh account required pam_unix.so
+rsh session required pam_unix.so
+rsh session required pam_limits.so
+#
+# The PAM configuration file for the `samba' service
+#
+samba auth required pam_unix.so
+samba account required pam_unix.so
+#
+# The PAM configuration file for the `su' service
+#
+su auth required pam_wheel.so
+su auth sufficient pam_rootok.so
+su auth required pam_unix.so
+su account required pam_unix.so
+su session required pam_unix.so
+#
+# The PAM configuration file for the `vlock' service
+#
+vlock auth required pam_unix.so
+#
+# The PAM configuration file for the `xdm' service
+#
+xdm auth required pam_unix.so
+xdm account required pam_unix.so
+#
+# The PAM configuration file for the `xlock' service
+#
+xlock auth required pam_unix.so
diff --git a/rules/linux-pam.in b/rules/linux-pam.in
new file mode 100644
index 0000000..a68de92
--- /dev/null
+++ b/rules/linux-pam.in
@@ -0,0 +1,14 @@
+## SECTION=networking
+
+config LINUX_PAM
+ tristate
+ select FLEX
+ prompt "linux-pam"
+ help
+ Linux-PAM is a free implementation of the following DCE-RFC from
+ Sunsoft. PAM provides a way to develop programs that are
+ independent of authentication scheme. These programs need
+ "authentication modules" to be attatched to them at run-time
+ in order to work. Which authentication module is to be attatched
+ is dependent upon the local system setup and is at the discretion
+ of the local system administrator.
diff --git a/rules/linux-pam.make b/rules/linux-pam.make
new file mode 100644
index 0000000..bdb150d
--- /dev/null
+++ b/rules/linux-pam.make
@@ -0,0 +1,57 @@
+# -*-makefile-*-
+#
+# Copyright (C) 2015 Dr. Neuhaus Telekommunikation GmbH, Hamburg Germany, Oliver Graute <oliver.graute@neuhaus.de>
+#
+# See CREDITS for details about who has contributed to this project.
+#
+# For further information about the PTXdist project and license conditions
+# see the README file.
+#
+
+#
+# We provide this package
+#
+PACKAGES-$(PTXCONF_LINUX_PAM) += linux-pam
+
+#
+# Paths and names
+#
+LINUX_PAM_VERSION := 1.1.8
+LINUX_PAM_MD5 := 35b6091af95981b1b2cd60d813b5e4ee
+LINUX_PAM := Linux-PAM-$(LINUX_PAM_VERSION)
+LINUX_PAM_SUFFIX := tar.bz2
+LINUX_PAM_URL := http://www.linux-pam.org/library/$(LINUX_PAM).$(LINUX_PAM_SUFFIX)
+LINUX_PAM_SOURCE := $(SRCDIR)/$(LINUX_PAM).$(LINUX_PAM_SUFFIX)
+LINUX_PAM_DIR := $(BUILDDIR)/$(LINUX_PAM)
+LINUX_PAM_LICENSE := GPL, BSD
+
+# ----------------------------------------------------------------------------
+# Prepare
+# ----------------------------------------------------------------------------
+
+#
+# autoconf
+#
+LINUX_PAM_CONF_TOOL := autoconf
+
+# ----------------------------------------------------------------------------
+# Target-Install
+# ----------------------------------------------------------------------------
+
+$(STATEDIR)/linux-pam.targetinstall:
+ @$(call targetinfo)
+
+ @$(call install_init, linux-pam)
+ @$(call install_fixup, linux-pam,PRIORITY,optional)
+ @$(call install_fixup, linux-pam,SECTION,base)
+ @$(call install_fixup, linux-pam,AUTHOR,"<oliver.graute@neuhaus.de>")
+ @$(call install_fixup, linux-pam,DESCRIPTION,missing)
+
+ @$(call install_lib, linux-pam, 0, 0, 0644, libpam)
+
+ @$(call install_alternative, linux-pam, 0, 0, 0644, /etc/pam.conf)
+ @$(call install_finish, linux-pam)
+
+ @$(call touch)
+
+# vim: syntax=make
--
1.7.9.5
--
ptxdist mailing list
ptxdist@pengutronix.de
^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: [ptxdist] [PATCHv6] linux-pam: this patch add Linux-PAM support to ptxdist
2015-07-09 13:59 [ptxdist] [PATCHv6] linux-pam: this patch add Linux-PAM support to ptxdist Oliver Graute
@ 2015-07-16 11:00 ` Michael Olbrich
0 siblings, 0 replies; 2+ messages in thread
From: Michael Olbrich @ 2015-07-16 11:00 UTC (permalink / raw)
To: ptxdist
On Thu, Jul 09, 2015 at 03:59:16PM +0200, Oliver Graute wrote:
> this patch add Linux-PAM support to ptxdist
>
> Signed-off-by: Oliver Graute <oliver.graute@neuhaus.de>
> ---
> configs/platform-dnt3202/projectroot/etc/pam.conf | 125 +++++++++++++++++++++
This should be just projectroot/etc/pam.conf
> rules/linux-pam.in | 14 +++
> rules/linux-pam.make | 57 ++++++++++
> 3 files changed, 196 insertions(+)
> create mode 100644 configs/platform-dnt3202/projectroot/etc/pam.conf
> create mode 100644 rules/linux-pam.in
> create mode 100644 rules/linux-pam.make
>
> diff --git a/configs/platform-dnt3202/projectroot/etc/pam.conf b/configs/platform-dnt3202/projectroot/etc/pam.conf
> new file mode 100644
> index 0000000..3a06bd6
> --- /dev/null
> +++ b/configs/platform-dnt3202/projectroot/etc/pam.conf
> @@ -0,0 +1,125 @@
> +# ---------------------------------------------------------------------------#
> +# /etc/pam.conf #
> +# #
> +# Last modified by Andrew G. Morgan <morgan@kernel.org> #
> +# ---------------------------------------------------------------------------#
> +# $Id$
> +# ---------------------------------------------------------------------------#
> +# serv. module ctrl module [path] ...[args..] #
> +# name type flag #
> +# ---------------------------------------------------------------------------#
> +#
> +# The PAM configuration file for the `chfn' service
> +#
> +chfn auth required pam_unix.so
> +chfn account required pam_unix.so
> +chfn password required pam_cracklib.so retry=3
> +chfn password required pam_unix.so shadow md5 use_authtok
> +#
> +# The PAM configuration file for the `chsh' service
> +#
> +chsh auth required pam_unix.so
> +chsh account required pam_unix.so
> +chsh password required pam_cracklib.so retry=3
> +chsh password required pam_unix.so shadow md5 use_authtok
> +#
> +# The PAM configuration file for the `ftp' service
> +#
> +ftp auth requisite pam_listfile.so \
> + item=user sense=deny file=/etc/ftpusers onerr=succeed
> +ftp auth requisite pam_shells.so
> +ftp auth required pam_unix.so
> +ftp account required pam_unix.so
> +#
> +# The PAM configuration file for the `imap' service
> +#
> +imap auth required pam_unix.so
> +imap account required pam_unix.so
> +#
> +# The PAM configuration file for the `login' service
> +#
> +login auth requisite pam_securetty.so
> +login auth required pam_unix.so
> +login auth optional pam_group.so
> +login account requisite pam_time.so
> +login account required pam_unix.so
> +login password required pam_cracklib.so retry=3
> +login password required pam_unix.so shadow md5 use_authtok
> +login session required pam_unix.so
> +#
> +# The PAM configuration file for the `netatalk' service
> +#
> +netatalk auth required pam_unix.so
> +netatalk account required pam_unix.so
> +#
> +# The PAM configuration file for the `other' service
> +#
> +other auth required pam_deny.so
> +other auth required pam_warn.so
> +other account required pam_deny.so
> +other password required pam_deny.so
> +other password required pam_warn.so
> +other session required pam_deny.so
> +#
> +# The PAM configuration file for the `passwd' service
> +#
> +passwd password requisite pam_cracklib.so retry=3
> +passwd password required pam_unix.so shadow md5 use_authtok
> +#
> +# The PAM configuration file for the `rexec' service
> +#
> +rexec auth requisite pam_securetty.so
> +rexec auth requisite pam_nologin.so
> +rexec auth sufficient pam_rhosts_auth.so
> +rexec auth required pam_unix.so
> +rexec account required pam_unix.so
> +rexec session required pam_unix.so
> +rexec session required pam_limits.so
> +#
> +# The PAM configuration file for the `rlogin' service
> +# this application passes control to `login' if it fails
> +#
> +rlogin auth requisite pam_securetty.so
> +rlogin auth requisite pam_nologin.so
> +rlogin auth required pam_rhosts_auth.so
> +rlogin account required pam_unix.so
> +rlogin password required pam_cracklib.so retry=3
> +rlogin password required pam_unix.so shadow md5 use_authtok
> +rlogin session required pam_unix.so
> +rlogin session required pam_limits.so
> +#
> +# The PAM configuration file for the `rsh' service
> +#
> +rsh auth requisite pam_securetty.so
> +rsh auth requisite pam_nologin.so
> +rsh auth sufficient pam_rhosts_auth.so
> +rsh auth required pam_unix.so
> +rsh account required pam_unix.so
> +rsh session required pam_unix.so
> +rsh session required pam_limits.so
> +#
> +# The PAM configuration file for the `samba' service
> +#
> +samba auth required pam_unix.so
> +samba account required pam_unix.so
> +#
> +# The PAM configuration file for the `su' service
> +#
> +su auth required pam_wheel.so
> +su auth sufficient pam_rootok.so
> +su auth required pam_unix.so
> +su account required pam_unix.so
> +su session required pam_unix.so
> +#
> +# The PAM configuration file for the `vlock' service
> +#
> +vlock auth required pam_unix.so
> +#
> +# The PAM configuration file for the `xdm' service
> +#
> +xdm auth required pam_unix.so
> +xdm account required pam_unix.so
> +#
> +# The PAM configuration file for the `xlock' service
> +#
> +xlock auth required pam_unix.so
> diff --git a/rules/linux-pam.in b/rules/linux-pam.in
> new file mode 100644
> index 0000000..a68de92
> --- /dev/null
> +++ b/rules/linux-pam.in
> @@ -0,0 +1,14 @@
> +## SECTION=networking
> +
> +config LINUX_PAM
> + tristate
> + select FLEX
> + prompt "linux-pam"
> + help
> + Linux-PAM is a free implementation of the following DCE-RFC from
> + Sunsoft. PAM provides a way to develop programs that are
> + independent of authentication scheme. These programs need
> + "authentication modules" to be attatched to them at run-time
> + in order to work. Which authentication module is to be attatched
> + is dependent upon the local system setup and is at the discretion
> + of the local system administrator.
> diff --git a/rules/linux-pam.make b/rules/linux-pam.make
> new file mode 100644
> index 0000000..bdb150d
> --- /dev/null
> +++ b/rules/linux-pam.make
> @@ -0,0 +1,57 @@
> +# -*-makefile-*-
> +#
> +# Copyright (C) 2015 Dr. Neuhaus Telekommunikation GmbH, Hamburg Germany, Oliver Graute <oliver.graute@neuhaus.de>
> +#
> +# See CREDITS for details about who has contributed to this project.
> +#
> +# For further information about the PTXdist project and license conditions
> +# see the README file.
> +#
> +
> +#
> +# We provide this package
> +#
> +PACKAGES-$(PTXCONF_LINUX_PAM) += linux-pam
> +
> +#
> +# Paths and names
> +#
> +LINUX_PAM_VERSION := 1.1.8
> +LINUX_PAM_MD5 := 35b6091af95981b1b2cd60d813b5e4ee
> +LINUX_PAM := Linux-PAM-$(LINUX_PAM_VERSION)
> +LINUX_PAM_SUFFIX := tar.bz2
> +LINUX_PAM_URL := http://www.linux-pam.org/library/$(LINUX_PAM).$(LINUX_PAM_SUFFIX)
> +LINUX_PAM_SOURCE := $(SRCDIR)/$(LINUX_PAM).$(LINUX_PAM_SUFFIX)
> +LINUX_PAM_DIR := $(BUILDDIR)/$(LINUX_PAM)
> +LINUX_PAM_LICENSE := GPL, BSD
> +
> +# ----------------------------------------------------------------------------
> +# Prepare
> +# ----------------------------------------------------------------------------
> +
> +#
> +# autoconf
> +#
> +LINUX_PAM_CONF_TOOL := autoconf
Again, missing configure options. Same rules as in my last mail. Other than
that, ignore the options that specify a dir. We have a global selinux
option. This requires a conditional select. See systemd.in / systemd.make
for an example. I assume you're not using that, so just add it and I'll do
the build testing here for the with selinux case.
Michael
> +
> +# ----------------------------------------------------------------------------
> +# Target-Install
> +# ----------------------------------------------------------------------------
> +
> +$(STATEDIR)/linux-pam.targetinstall:
> + @$(call targetinfo)
> +
> + @$(call install_init, linux-pam)
> + @$(call install_fixup, linux-pam,PRIORITY,optional)
> + @$(call install_fixup, linux-pam,SECTION,base)
> + @$(call install_fixup, linux-pam,AUTHOR,"<oliver.graute@neuhaus.de>")
> + @$(call install_fixup, linux-pam,DESCRIPTION,missing)
> +
> + @$(call install_lib, linux-pam, 0, 0, 0644, libpam)
> +
> + @$(call install_alternative, linux-pam, 0, 0, 0644, /etc/pam.conf)
> + @$(call install_finish, linux-pam)
> +
> + @$(call touch)
> +
> +# vim: syntax=make
> --
> 1.7.9.5
>
>
> --
> ptxdist mailing list
> ptxdist@pengutronix.de
--
Pengutronix e.K. | |
Industrial Linux Solutions | http://www.pengutronix.de/ |
Peiner Str. 6-8, 31137 Hildesheim, Germany | Phone: +49-5121-206917-0 |
Amtsgericht Hildesheim, HRA 2686 | Fax: +49-5121-206917-5555 |
--
ptxdist mailing list
ptxdist@pengutronix.de
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2015-07-16 9:01 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2015-07-09 13:59 [ptxdist] [PATCHv6] linux-pam: this patch add Linux-PAM support to ptxdist Oliver Graute
2015-07-16 11:00 ` Michael Olbrich
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox