mailarchive of the ptxdist mailing list
 help / color / mirror / Atom feed
* [ptxdist] [PATCHv6] linux-pam: this patch add Linux-PAM support to ptxdist
@ 2015-07-09 13:59 Oliver Graute
  2015-07-16 11:00 ` Michael Olbrich
  0 siblings, 1 reply; 2+ messages in thread
From: Oliver Graute @ 2015-07-09 13:59 UTC (permalink / raw)
  To: ptxdist; +Cc: Oliver Graute

this patch add Linux-PAM support to ptxdist

Signed-off-by: Oliver Graute <oliver.graute@neuhaus.de>
---
 configs/platform-dnt3202/projectroot/etc/pam.conf |  125 +++++++++++++++++++++
 rules/linux-pam.in                                |   14 +++
 rules/linux-pam.make                              |   57 ++++++++++
 3 files changed, 196 insertions(+)
 create mode 100644 configs/platform-dnt3202/projectroot/etc/pam.conf
 create mode 100644 rules/linux-pam.in
 create mode 100644 rules/linux-pam.make

diff --git a/configs/platform-dnt3202/projectroot/etc/pam.conf b/configs/platform-dnt3202/projectroot/etc/pam.conf
new file mode 100644
index 0000000..3a06bd6
--- /dev/null
+++ b/configs/platform-dnt3202/projectroot/etc/pam.conf
@@ -0,0 +1,125 @@
+# ---------------------------------------------------------------------------#
+# /etc/pam.conf								     #
+#									     #
+# Last modified by Andrew G. Morgan <morgan@kernel.org>		             #
+# ---------------------------------------------------------------------------#
+# $Id$
+# ---------------------------------------------------------------------------#
+# serv.	module	   ctrl	      module [path]	...[args..]		     #
+# name	type	   flag							     #
+# ---------------------------------------------------------------------------#
+#
+# The PAM configuration file for the `chfn' service
+#
+chfn	auth       required   pam_unix.so
+chfn	account    required   pam_unix.so
+chfn	password   required   pam_cracklib.so retry=3
+chfn	password   required   pam_unix.so shadow md5 use_authtok
+#
+# The PAM configuration file for the `chsh' service
+#
+chsh	auth       required   pam_unix.so
+chsh	account    required   pam_unix.so
+chsh	password   required   pam_cracklib.so retry=3
+chsh	password   required   pam_unix.so shadow md5 use_authtok
+#
+# The PAM configuration file for the `ftp' service
+#
+ftp	auth       requisite  pam_listfile.so \
+		item=user sense=deny file=/etc/ftpusers onerr=succeed
+ftp	auth       requisite  pam_shells.so
+ftp	auth       required   pam_unix.so
+ftp	account    required   pam_unix.so
+#
+# The PAM configuration file for the `imap' service
+#
+imap	auth       required   pam_unix.so
+imap	account    required   pam_unix.so
+#
+# The PAM configuration file for the `login' service
+#
+login	auth       requisite  pam_securetty.so
+login	auth       required   pam_unix.so
+login	auth       optional   pam_group.so
+login	account    requisite  pam_time.so
+login	account    required   pam_unix.so
+login	password   required   pam_cracklib.so retry=3
+login	password   required   pam_unix.so shadow md5 use_authtok
+login	session    required   pam_unix.so
+#
+# The PAM configuration file for the `netatalk' service
+#
+netatalk	auth       required   pam_unix.so
+netatalk	account    required   pam_unix.so
+#
+# The PAM configuration file for the `other' service
+#
+other	auth       required   pam_deny.so
+other	auth       required   pam_warn.so
+other	account    required   pam_deny.so
+other	password   required   pam_deny.so
+other	password   required   pam_warn.so
+other	session    required   pam_deny.so
+#
+# The PAM configuration file for the `passwd' service
+#
+passwd	password   requisite  pam_cracklib.so retry=3
+passwd	password   required   pam_unix.so shadow md5 use_authtok
+#
+# The PAM configuration file for the `rexec' service
+#
+rexec	auth       requisite  pam_securetty.so
+rexec	auth       requisite  pam_nologin.so
+rexec	auth       sufficient pam_rhosts_auth.so
+rexec	auth       required   pam_unix.so
+rexec	account    required   pam_unix.so
+rexec	session    required   pam_unix.so
+rexec	session    required   pam_limits.so
+#
+# The PAM configuration file for the `rlogin' service
+# this application passes control to `login' if it fails
+#
+rlogin	auth       requisite  pam_securetty.so
+rlogin	auth       requisite  pam_nologin.so
+rlogin	auth       required   pam_rhosts_auth.so
+rlogin	account    required   pam_unix.so
+rlogin	password   required   pam_cracklib.so retry=3
+rlogin	password   required   pam_unix.so shadow md5 use_authtok
+rlogin	session    required   pam_unix.so
+rlogin	session    required   pam_limits.so
+#
+# The PAM configuration file for the `rsh' service
+#
+rsh	auth       requisite  pam_securetty.so
+rsh	auth       requisite  pam_nologin.so
+rsh	auth       sufficient pam_rhosts_auth.so
+rsh	auth       required   pam_unix.so
+rsh	account    required   pam_unix.so
+rsh	session    required   pam_unix.so
+rsh	session    required   pam_limits.so
+#
+# The PAM configuration file for the `samba' service
+#
+samba	auth       required   pam_unix.so
+samba	account    required   pam_unix.so
+#
+# The PAM configuration file for the `su' service
+#
+su	auth       required   pam_wheel.so
+su	auth       sufficient pam_rootok.so
+su	auth       required   pam_unix.so
+su	account    required   pam_unix.so
+su	session    required   pam_unix.so
+#
+# The PAM configuration file for the `vlock' service
+#
+vlock	auth       required   pam_unix.so
+#
+# The PAM configuration file for the `xdm' service
+#
+xdm	auth       required   pam_unix.so
+xdm	account    required   pam_unix.so
+#
+# The PAM configuration file for the `xlock' service
+#
+xlock	auth       required   pam_unix.so
diff --git a/rules/linux-pam.in b/rules/linux-pam.in
new file mode 100644
index 0000000..a68de92
--- /dev/null
+++ b/rules/linux-pam.in
@@ -0,0 +1,14 @@
+## SECTION=networking
+
+config LINUX_PAM
+	tristate
+	select FLEX
+	prompt "linux-pam"
+	help
+	  Linux-PAM is a free implementation of the following DCE-RFC from
+	  Sunsoft. PAM provides a way to develop programs that are
+	  independent of authentication scheme. These programs need
+	  "authentication modules" to be attatched to them at run-time
+	  in order to work. Which authentication module is to be attatched
+	  is dependent upon the local system setup and is at the discretion
+	  of the local system administrator.
diff --git a/rules/linux-pam.make b/rules/linux-pam.make
new file mode 100644
index 0000000..bdb150d
--- /dev/null
+++ b/rules/linux-pam.make
@@ -0,0 +1,57 @@
+# -*-makefile-*-
+#
+# Copyright (C) 2015 Dr. Neuhaus Telekommunikation GmbH, Hamburg Germany, Oliver Graute <oliver.graute@neuhaus.de>
+#
+# See CREDITS for details about who has contributed to this project.
+#
+# For further information about the PTXdist project and license conditions
+# see the README file.
+#
+
+#
+# We provide this package
+#
+PACKAGES-$(PTXCONF_LINUX_PAM) += linux-pam
+
+#
+# Paths and names
+#
+LINUX_PAM_VERSION	:= 1.1.8
+LINUX_PAM_MD5		:= 35b6091af95981b1b2cd60d813b5e4ee
+LINUX_PAM		:= Linux-PAM-$(LINUX_PAM_VERSION)
+LINUX_PAM_SUFFIX	:= tar.bz2
+LINUX_PAM_URL		:= http://www.linux-pam.org/library/$(LINUX_PAM).$(LINUX_PAM_SUFFIX)
+LINUX_PAM_SOURCE	:= $(SRCDIR)/$(LINUX_PAM).$(LINUX_PAM_SUFFIX)
+LINUX_PAM_DIR		:= $(BUILDDIR)/$(LINUX_PAM)
+LINUX_PAM_LICENSE	:= GPL, BSD
+
+# ----------------------------------------------------------------------------
+# Prepare
+# ----------------------------------------------------------------------------
+
+#
+# autoconf
+#
+LINUX_PAM_CONF_TOOL	:= autoconf
+
+# ----------------------------------------------------------------------------
+# Target-Install
+# ----------------------------------------------------------------------------
+
+$(STATEDIR)/linux-pam.targetinstall:
+	@$(call targetinfo)
+
+	@$(call install_init, linux-pam)
+	@$(call install_fixup, linux-pam,PRIORITY,optional)
+	@$(call install_fixup, linux-pam,SECTION,base)
+	@$(call install_fixup, linux-pam,AUTHOR,"<oliver.graute@neuhaus.de>")
+	@$(call install_fixup, linux-pam,DESCRIPTION,missing)
+
+	@$(call install_lib, linux-pam, 0, 0, 0644, libpam)
+
+	@$(call install_alternative, linux-pam, 0, 0, 0644, /etc/pam.conf)
+	@$(call install_finish, linux-pam)
+
+	@$(call touch)
+
+# vim: syntax=make
-- 
1.7.9.5


-- 
ptxdist mailing list
ptxdist@pengutronix.de

^ permalink raw reply	[flat|nested] 2+ messages in thread

* Re: [ptxdist] [PATCHv6] linux-pam: this patch add Linux-PAM support to ptxdist
  2015-07-09 13:59 [ptxdist] [PATCHv6] linux-pam: this patch add Linux-PAM support to ptxdist Oliver Graute
@ 2015-07-16 11:00 ` Michael Olbrich
  0 siblings, 0 replies; 2+ messages in thread
From: Michael Olbrich @ 2015-07-16 11:00 UTC (permalink / raw)
  To: ptxdist

On Thu, Jul 09, 2015 at 03:59:16PM +0200, Oliver Graute wrote:
> this patch add Linux-PAM support to ptxdist
> 
> Signed-off-by: Oliver Graute <oliver.graute@neuhaus.de>
> ---
>  configs/platform-dnt3202/projectroot/etc/pam.conf |  125 +++++++++++++++++++++

This should be just projectroot/etc/pam.conf

>  rules/linux-pam.in                                |   14 +++
>  rules/linux-pam.make                              |   57 ++++++++++
>  3 files changed, 196 insertions(+)
>  create mode 100644 configs/platform-dnt3202/projectroot/etc/pam.conf
>  create mode 100644 rules/linux-pam.in
>  create mode 100644 rules/linux-pam.make
> 
> diff --git a/configs/platform-dnt3202/projectroot/etc/pam.conf b/configs/platform-dnt3202/projectroot/etc/pam.conf
> new file mode 100644
> index 0000000..3a06bd6
> --- /dev/null
> +++ b/configs/platform-dnt3202/projectroot/etc/pam.conf
> @@ -0,0 +1,125 @@
> +# ---------------------------------------------------------------------------#
> +# /etc/pam.conf								     #
> +#									     #
> +# Last modified by Andrew G. Morgan <morgan@kernel.org>		             #
> +# ---------------------------------------------------------------------------#
> +# $Id$
> +# ---------------------------------------------------------------------------#
> +# serv.	module	   ctrl	      module [path]	...[args..]		     #
> +# name	type	   flag							     #
> +# ---------------------------------------------------------------------------#
> +#
> +# The PAM configuration file for the `chfn' service
> +#
> +chfn	auth       required   pam_unix.so
> +chfn	account    required   pam_unix.so
> +chfn	password   required   pam_cracklib.so retry=3
> +chfn	password   required   pam_unix.so shadow md5 use_authtok
> +#
> +# The PAM configuration file for the `chsh' service
> +#
> +chsh	auth       required   pam_unix.so
> +chsh	account    required   pam_unix.so
> +chsh	password   required   pam_cracklib.so retry=3
> +chsh	password   required   pam_unix.so shadow md5 use_authtok
> +#
> +# The PAM configuration file for the `ftp' service
> +#
> +ftp	auth       requisite  pam_listfile.so \
> +		item=user sense=deny file=/etc/ftpusers onerr=succeed
> +ftp	auth       requisite  pam_shells.so
> +ftp	auth       required   pam_unix.so
> +ftp	account    required   pam_unix.so
> +#
> +# The PAM configuration file for the `imap' service
> +#
> +imap	auth       required   pam_unix.so
> +imap	account    required   pam_unix.so
> +#
> +# The PAM configuration file for the `login' service
> +#
> +login	auth       requisite  pam_securetty.so
> +login	auth       required   pam_unix.so
> +login	auth       optional   pam_group.so
> +login	account    requisite  pam_time.so
> +login	account    required   pam_unix.so
> +login	password   required   pam_cracklib.so retry=3
> +login	password   required   pam_unix.so shadow md5 use_authtok
> +login	session    required   pam_unix.so
> +#
> +# The PAM configuration file for the `netatalk' service
> +#
> +netatalk	auth       required   pam_unix.so
> +netatalk	account    required   pam_unix.so
> +#
> +# The PAM configuration file for the `other' service
> +#
> +other	auth       required   pam_deny.so
> +other	auth       required   pam_warn.so
> +other	account    required   pam_deny.so
> +other	password   required   pam_deny.so
> +other	password   required   pam_warn.so
> +other	session    required   pam_deny.so
> +#
> +# The PAM configuration file for the `passwd' service
> +#
> +passwd	password   requisite  pam_cracklib.so retry=3
> +passwd	password   required   pam_unix.so shadow md5 use_authtok
> +#
> +# The PAM configuration file for the `rexec' service
> +#
> +rexec	auth       requisite  pam_securetty.so
> +rexec	auth       requisite  pam_nologin.so
> +rexec	auth       sufficient pam_rhosts_auth.so
> +rexec	auth       required   pam_unix.so
> +rexec	account    required   pam_unix.so
> +rexec	session    required   pam_unix.so
> +rexec	session    required   pam_limits.so
> +#
> +# The PAM configuration file for the `rlogin' service
> +# this application passes control to `login' if it fails
> +#
> +rlogin	auth       requisite  pam_securetty.so
> +rlogin	auth       requisite  pam_nologin.so
> +rlogin	auth       required   pam_rhosts_auth.so
> +rlogin	account    required   pam_unix.so
> +rlogin	password   required   pam_cracklib.so retry=3
> +rlogin	password   required   pam_unix.so shadow md5 use_authtok
> +rlogin	session    required   pam_unix.so
> +rlogin	session    required   pam_limits.so
> +#
> +# The PAM configuration file for the `rsh' service
> +#
> +rsh	auth       requisite  pam_securetty.so
> +rsh	auth       requisite  pam_nologin.so
> +rsh	auth       sufficient pam_rhosts_auth.so
> +rsh	auth       required   pam_unix.so
> +rsh	account    required   pam_unix.so
> +rsh	session    required   pam_unix.so
> +rsh	session    required   pam_limits.so
> +#
> +# The PAM configuration file for the `samba' service
> +#
> +samba	auth       required   pam_unix.so
> +samba	account    required   pam_unix.so
> +#
> +# The PAM configuration file for the `su' service
> +#
> +su	auth       required   pam_wheel.so
> +su	auth       sufficient pam_rootok.so
> +su	auth       required   pam_unix.so
> +su	account    required   pam_unix.so
> +su	session    required   pam_unix.so
> +#
> +# The PAM configuration file for the `vlock' service
> +#
> +vlock	auth       required   pam_unix.so
> +#
> +# The PAM configuration file for the `xdm' service
> +#
> +xdm	auth       required   pam_unix.so
> +xdm	account    required   pam_unix.so
> +#
> +# The PAM configuration file for the `xlock' service
> +#
> +xlock	auth       required   pam_unix.so
> diff --git a/rules/linux-pam.in b/rules/linux-pam.in
> new file mode 100644
> index 0000000..a68de92
> --- /dev/null
> +++ b/rules/linux-pam.in
> @@ -0,0 +1,14 @@
> +## SECTION=networking
> +
> +config LINUX_PAM
> +	tristate
> +	select FLEX
> +	prompt "linux-pam"
> +	help
> +	  Linux-PAM is a free implementation of the following DCE-RFC from
> +	  Sunsoft. PAM provides a way to develop programs that are
> +	  independent of authentication scheme. These programs need
> +	  "authentication modules" to be attatched to them at run-time
> +	  in order to work. Which authentication module is to be attatched
> +	  is dependent upon the local system setup and is at the discretion
> +	  of the local system administrator.
> diff --git a/rules/linux-pam.make b/rules/linux-pam.make
> new file mode 100644
> index 0000000..bdb150d
> --- /dev/null
> +++ b/rules/linux-pam.make
> @@ -0,0 +1,57 @@
> +# -*-makefile-*-
> +#
> +# Copyright (C) 2015 Dr. Neuhaus Telekommunikation GmbH, Hamburg Germany, Oliver Graute <oliver.graute@neuhaus.de>
> +#
> +# See CREDITS for details about who has contributed to this project.
> +#
> +# For further information about the PTXdist project and license conditions
> +# see the README file.
> +#
> +
> +#
> +# We provide this package
> +#
> +PACKAGES-$(PTXCONF_LINUX_PAM) += linux-pam
> +
> +#
> +# Paths and names
> +#
> +LINUX_PAM_VERSION	:= 1.1.8
> +LINUX_PAM_MD5		:= 35b6091af95981b1b2cd60d813b5e4ee
> +LINUX_PAM		:= Linux-PAM-$(LINUX_PAM_VERSION)
> +LINUX_PAM_SUFFIX	:= tar.bz2
> +LINUX_PAM_URL		:= http://www.linux-pam.org/library/$(LINUX_PAM).$(LINUX_PAM_SUFFIX)
> +LINUX_PAM_SOURCE	:= $(SRCDIR)/$(LINUX_PAM).$(LINUX_PAM_SUFFIX)
> +LINUX_PAM_DIR		:= $(BUILDDIR)/$(LINUX_PAM)
> +LINUX_PAM_LICENSE	:= GPL, BSD
> +
> +# ----------------------------------------------------------------------------
> +# Prepare
> +# ----------------------------------------------------------------------------
> +
> +#
> +# autoconf
> +#
> +LINUX_PAM_CONF_TOOL	:= autoconf

Again, missing configure options. Same rules as in my last mail. Other than
that, ignore the options that specify a dir. We have a global selinux
option. This requires a conditional select. See systemd.in / systemd.make
for an example. I assume you're not using that, so just add it and I'll do
the build testing here for the with selinux case.

Michael

> +
> +# ----------------------------------------------------------------------------
> +# Target-Install
> +# ----------------------------------------------------------------------------
> +
> +$(STATEDIR)/linux-pam.targetinstall:
> +	@$(call targetinfo)
> +
> +	@$(call install_init, linux-pam)
> +	@$(call install_fixup, linux-pam,PRIORITY,optional)
> +	@$(call install_fixup, linux-pam,SECTION,base)
> +	@$(call install_fixup, linux-pam,AUTHOR,"<oliver.graute@neuhaus.de>")
> +	@$(call install_fixup, linux-pam,DESCRIPTION,missing)
> +
> +	@$(call install_lib, linux-pam, 0, 0, 0644, libpam)
> +
> +	@$(call install_alternative, linux-pam, 0, 0, 0644, /etc/pam.conf)
> +	@$(call install_finish, linux-pam)
> +
> +	@$(call touch)
> +
> +# vim: syntax=make
> -- 
> 1.7.9.5
> 
> 
> -- 
> ptxdist mailing list
> ptxdist@pengutronix.de

-- 
Pengutronix e.K.                           |                             |
Industrial Linux Solutions                 | http://www.pengutronix.de/  |
Peiner Str. 6-8, 31137 Hildesheim, Germany | Phone: +49-5121-206917-0    |
Amtsgericht Hildesheim, HRA 2686           | Fax:   +49-5121-206917-5555 |

-- 
ptxdist mailing list
ptxdist@pengutronix.de

^ permalink raw reply	[flat|nested] 2+ messages in thread

end of thread, other threads:[~2015-07-16  9:01 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2015-07-09 13:59 [ptxdist] [PATCHv6] linux-pam: this patch add Linux-PAM support to ptxdist Oliver Graute
2015-07-16 11:00 ` Michael Olbrich

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox