* [ptxdist] [PATCHv7] linux-pam: this patch add Linux-PAM support to ptxdist
@ 2015-10-22 14:04 Oliver Graute
2015-12-10 8:38 ` Oliver Graute
2015-12-17 10:39 ` [ptxdist] " Michael Olbrich
0 siblings, 2 replies; 5+ messages in thread
From: Oliver Graute @ 2015-10-22 14:04 UTC (permalink / raw)
To: ptxdist; +Cc: Oliver Graute
this patch add Linux-PAM support to ptxdist
Signed-off-by: Oliver Graute <oliver.graute@neuhaus.de>
---
projectroot/etc/pam.conf | 125 ++++++++++++++++++++++++++++++++++++++++++++++
rules/linux-pam.in | 32 ++++++++++++
rules/linux-pam.make | 70 ++++++++++++++++++++++++++
3 files changed, 227 insertions(+)
create mode 100644 projectroot/etc/pam.conf
create mode 100644 rules/linux-pam.in
create mode 100644 rules/linux-pam.make
diff --git a/projectroot/etc/pam.conf b/projectroot/etc/pam.conf
new file mode 100644
index 0000000..3a06bd6
--- /dev/null
+++ b/projectroot/etc/pam.conf
@@ -0,0 +1,125 @@
+# ---------------------------------------------------------------------------#
+# /etc/pam.conf #
+# #
+# Last modified by Andrew G. Morgan <morgan@kernel.org> #
+# ---------------------------------------------------------------------------#
+# $Id$
+# ---------------------------------------------------------------------------#
+# serv. module ctrl module [path] ...[args..] #
+# name type flag #
+# ---------------------------------------------------------------------------#
+#
+# The PAM configuration file for the `chfn' service
+#
+chfn auth required pam_unix.so
+chfn account required pam_unix.so
+chfn password required pam_cracklib.so retry=3
+chfn password required pam_unix.so shadow md5 use_authtok
+#
+# The PAM configuration file for the `chsh' service
+#
+chsh auth required pam_unix.so
+chsh account required pam_unix.so
+chsh password required pam_cracklib.so retry=3
+chsh password required pam_unix.so shadow md5 use_authtok
+#
+# The PAM configuration file for the `ftp' service
+#
+ftp auth requisite pam_listfile.so \
+ item=user sense=deny file=/etc/ftpusers onerr=succeed
+ftp auth requisite pam_shells.so
+ftp auth required pam_unix.so
+ftp account required pam_unix.so
+#
+# The PAM configuration file for the `imap' service
+#
+imap auth required pam_unix.so
+imap account required pam_unix.so
+#
+# The PAM configuration file for the `login' service
+#
+login auth requisite pam_securetty.so
+login auth required pam_unix.so
+login auth optional pam_group.so
+login account requisite pam_time.so
+login account required pam_unix.so
+login password required pam_cracklib.so retry=3
+login password required pam_unix.so shadow md5 use_authtok
+login session required pam_unix.so
+#
+# The PAM configuration file for the `netatalk' service
+#
+netatalk auth required pam_unix.so
+netatalk account required pam_unix.so
+#
+# The PAM configuration file for the `other' service
+#
+other auth required pam_deny.so
+other auth required pam_warn.so
+other account required pam_deny.so
+other password required pam_deny.so
+other password required pam_warn.so
+other session required pam_deny.so
+#
+# The PAM configuration file for the `passwd' service
+#
+passwd password requisite pam_cracklib.so retry=3
+passwd password required pam_unix.so shadow md5 use_authtok
+#
+# The PAM configuration file for the `rexec' service
+#
+rexec auth requisite pam_securetty.so
+rexec auth requisite pam_nologin.so
+rexec auth sufficient pam_rhosts_auth.so
+rexec auth required pam_unix.so
+rexec account required pam_unix.so
+rexec session required pam_unix.so
+rexec session required pam_limits.so
+#
+# The PAM configuration file for the `rlogin' service
+# this application passes control to `login' if it fails
+#
+rlogin auth requisite pam_securetty.so
+rlogin auth requisite pam_nologin.so
+rlogin auth required pam_rhosts_auth.so
+rlogin account required pam_unix.so
+rlogin password required pam_cracklib.so retry=3
+rlogin password required pam_unix.so shadow md5 use_authtok
+rlogin session required pam_unix.so
+rlogin session required pam_limits.so
+#
+# The PAM configuration file for the `rsh' service
+#
+rsh auth requisite pam_securetty.so
+rsh auth requisite pam_nologin.so
+rsh auth sufficient pam_rhosts_auth.so
+rsh auth required pam_unix.so
+rsh account required pam_unix.so
+rsh session required pam_unix.so
+rsh session required pam_limits.so
+#
+# The PAM configuration file for the `samba' service
+#
+samba auth required pam_unix.so
+samba account required pam_unix.so
+#
+# The PAM configuration file for the `su' service
+#
+su auth required pam_wheel.so
+su auth sufficient pam_rootok.so
+su auth required pam_unix.so
+su account required pam_unix.so
+su session required pam_unix.so
+#
+# The PAM configuration file for the `vlock' service
+#
+vlock auth required pam_unix.so
+#
+# The PAM configuration file for the `xdm' service
+#
+xdm auth required pam_unix.so
+xdm account required pam_unix.so
+#
+# The PAM configuration file for the `xlock' service
+#
+xlock auth required pam_unix.so
diff --git a/rules/linux-pam.in b/rules/linux-pam.in
new file mode 100644
index 0000000..481fa88
--- /dev/null
+++ b/rules/linux-pam.in
@@ -0,0 +1,32 @@
+## SECTION=networking
+
+menuconfig LINUX_PAM
+ tristate
+ select FLEX
+ prompt "linux-pam"
+ help
+ Linux-PAM is a free implementation of the following DCE-RFC from
+ Sunsoft. PAM provides a way to develop programs that are
+ independent of authentication scheme. These programs need
+ "authentication modules" to be attatched to them at run-time
+ in order to work. Which authentication module is to be attatched
+ is dependent upon the local system setup and is at the discretion
+ of the local system administrator.
+
+if LINUX_PAM
+
+config LINUX_PAM_LOCKING
+ bool
+ default n
+ prompt "enable pamlocking"
+ help
+ configure libpam to observe a global authentication lock
+
+config LINUX_PAM_DEBUG
+ bool
+ default n
+ prompt "enable debug"
+ help
+ specify you are building with debugging on
+
+endif
diff --git a/rules/linux-pam.make b/rules/linux-pam.make
new file mode 100644
index 0000000..40b8b5e
--- /dev/null
+++ b/rules/linux-pam.make
@@ -0,0 +1,70 @@
+# -*-makefile-*-
+#
+# Copyright (C) 2015 Dr. Neuhaus Telekommunikation GmbH, Hamburg Germany, Oliver Graute <oliver.graute@neuhaus.de>
+#
+# See CREDITS for details about who has contributed to this project.
+#
+# For further information about the PTXdist project and license conditions
+# see the README file.
+#
+
+#
+# We provide this package
+#
+PACKAGES-$(PTXCONF_LINUX_PAM) += linux-pam
+
+#
+# Paths and names
+#
+LINUX_PAM_VERSION := 1.1.8
+LINUX_PAM_MD5 := 35b6091af95981b1b2cd60d813b5e4ee
+LINUX_PAM := Linux-PAM-$(LINUX_PAM_VERSION)
+LINUX_PAM_SUFFIX := tar.bz2
+LINUX_PAM_URL := http://www.linux-pam.org/library/$(LINUX_PAM).$(LINUX_PAM_SUFFIX)
+LINUX_PAM_SOURCE := $(SRCDIR)/$(LINUX_PAM).$(LINUX_PAM_SUFFIX)
+LINUX_PAM_DIR := $(BUILDDIR)/$(LINUX_PAM)
+LINUX_PAM_LICENSE := GPL, BSD
+
+# ----------------------------------------------------------------------------
+# Prepare
+# ----------------------------------------------------------------------------
+
+#LINUX_PAM_CONF_ENV := $(CROSS_ENV)
+
+#
+# autoconf
+#
+LINUX_PAM_CONF_TOOL := autoconf
+LINUX_PAM_OPT :=\
+ $(CROSS_AUTOCONF_USR) \
+ $(GLOBAL_SELINUX_OPTION)
+
+ifdef PTXCONF_LINUX_PAM_LOCKING
+LINUX_PAM_OPT += --enable-pamlocking
+endif
+
+ifdef PTXCONF_LINUX_PAM_DEBUG
+LINUX_PAM_OPT += --enable-debug
+endif
+
+# ----------------------------------------------------------------------------
+# Target-Install
+# ----------------------------------------------------------------------------
+
+$(STATEDIR)/linux-pam.targetinstall:
+ @$(call targetinfo)
+
+ @$(call install_init, linux-pam)
+ @$(call install_fixup, linux-pam,PRIORITY,optional)
+ @$(call install_fixup, linux-pam,SECTION,base)
+ @$(call install_fixup, linux-pam,AUTHOR,"<oliver.graute@neuhaus.de>")
+ @$(call install_fixup, linux-pam,DESCRIPTION,missing)
+
+ @$(call install_lib, linux-pam, 0, 0, 0644, libpam)
+
+ @$(call install_alternative, linux-pam, 0, 0, 0644, /etc/pam.conf)
+ @$(call install_finish, linux-pam)
+
+ @$(call touch)
+
+# vim: syntax=make
--
1.7.9.5
--
ptxdist mailing list
ptxdist@pengutronix.de
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [ptxdist] [PATCHv7] linux-pam: this patch add Linux-PAM support to ptxdist
2015-10-22 14:04 [ptxdist] [PATCHv7] linux-pam: this patch add Linux-PAM support to ptxdist Oliver Graute
@ 2015-12-10 8:38 ` Oliver Graute
2015-12-11 6:58 ` Bruno Thomsen
2015-12-17 10:39 ` [ptxdist] " Michael Olbrich
1 sibling, 1 reply; 5+ messages in thread
From: Oliver Graute @ 2015-12-10 8:38 UTC (permalink / raw)
To: ptxdist
On 22/10/15, Oliver Graute wrote:
> this patch add Linux-PAM support to ptxdist
some feedback to this patch?
best regards,
Oliver
_______________________________________________
ptxdist mailing list
ptxdist@pengutronix.de
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [ptxdist] [PATCHv7] linux-pam: this patch add Linux-PAM support to ptxdist
2015-10-22 14:04 [ptxdist] [PATCHv7] linux-pam: this patch add Linux-PAM support to ptxdist Oliver Graute
2015-12-10 8:38 ` Oliver Graute
@ 2015-12-17 10:39 ` Michael Olbrich
1 sibling, 0 replies; 5+ messages in thread
From: Michael Olbrich @ 2015-12-17 10:39 UTC (permalink / raw)
To: ptxdist
On Thu, Oct 22, 2015 at 04:04:15PM +0200, Oliver Graute wrote:
> this patch add Linux-PAM support to ptxdist
>
> Signed-off-by: Oliver Graute <oliver.graute@neuhaus.de>
> ---
> projectroot/etc/pam.conf | 125 ++++++++++++++++++++++++++++++++++++++++++++++
> rules/linux-pam.in | 32 ++++++++++++
> rules/linux-pam.make | 70 ++++++++++++++++++++++++++
> 3 files changed, 227 insertions(+)
> create mode 100644 projectroot/etc/pam.conf
> create mode 100644 rules/linux-pam.in
> create mode 100644 rules/linux-pam.make
>
> diff --git a/projectroot/etc/pam.conf b/projectroot/etc/pam.conf
> new file mode 100644
> index 0000000..3a06bd6
> --- /dev/null
> +++ b/projectroot/etc/pam.conf
> @@ -0,0 +1,125 @@
> +# ---------------------------------------------------------------------------#
> +# /etc/pam.conf #
> +# #
> +# Last modified by Andrew G. Morgan <morgan@kernel.org> #
> +# ---------------------------------------------------------------------------#
> +# $Id$
> +# ---------------------------------------------------------------------------#
> +# serv. module ctrl module [path] ...[args..] #
> +# name type flag #
> +# ---------------------------------------------------------------------------#
> +#
> +# The PAM configuration file for the `chfn' service
> +#
> +chfn auth required pam_unix.so
> +chfn account required pam_unix.so
> +chfn password required pam_cracklib.so retry=3
> +chfn password required pam_unix.so shadow md5 use_authtok
> +#
> +# The PAM configuration file for the `chsh' service
> +#
> +chsh auth required pam_unix.so
> +chsh account required pam_unix.so
> +chsh password required pam_cracklib.so retry=3
> +chsh password required pam_unix.so shadow md5 use_authtok
> +#
> +# The PAM configuration file for the `ftp' service
> +#
> +ftp auth requisite pam_listfile.so \
> + item=user sense=deny file=/etc/ftpusers onerr=succeed
> +ftp auth requisite pam_shells.so
> +ftp auth required pam_unix.so
> +ftp account required pam_unix.so
> +#
> +# The PAM configuration file for the `imap' service
> +#
> +imap auth required pam_unix.so
> +imap account required pam_unix.so
> +#
> +# The PAM configuration file for the `login' service
> +#
> +login auth requisite pam_securetty.so
> +login auth required pam_unix.so
> +login auth optional pam_group.so
> +login account requisite pam_time.so
> +login account required pam_unix.so
> +login password required pam_cracklib.so retry=3
> +login password required pam_unix.so shadow md5 use_authtok
> +login session required pam_unix.so
> +#
> +# The PAM configuration file for the `netatalk' service
> +#
> +netatalk auth required pam_unix.so
> +netatalk account required pam_unix.so
> +#
> +# The PAM configuration file for the `other' service
> +#
> +other auth required pam_deny.so
> +other auth required pam_warn.so
> +other account required pam_deny.so
> +other password required pam_deny.so
> +other password required pam_warn.so
> +other session required pam_deny.so
> +#
> +# The PAM configuration file for the `passwd' service
> +#
> +passwd password requisite pam_cracklib.so retry=3
> +passwd password required pam_unix.so shadow md5 use_authtok
> +#
> +# The PAM configuration file for the `rexec' service
> +#
> +rexec auth requisite pam_securetty.so
> +rexec auth requisite pam_nologin.so
> +rexec auth sufficient pam_rhosts_auth.so
> +rexec auth required pam_unix.so
> +rexec account required pam_unix.so
> +rexec session required pam_unix.so
> +rexec session required pam_limits.so
> +#
> +# The PAM configuration file for the `rlogin' service
> +# this application passes control to `login' if it fails
> +#
> +rlogin auth requisite pam_securetty.so
> +rlogin auth requisite pam_nologin.so
> +rlogin auth required pam_rhosts_auth.so
> +rlogin account required pam_unix.so
> +rlogin password required pam_cracklib.so retry=3
> +rlogin password required pam_unix.so shadow md5 use_authtok
> +rlogin session required pam_unix.so
> +rlogin session required pam_limits.so
> +#
> +# The PAM configuration file for the `rsh' service
> +#
> +rsh auth requisite pam_securetty.so
> +rsh auth requisite pam_nologin.so
> +rsh auth sufficient pam_rhosts_auth.so
> +rsh auth required pam_unix.so
> +rsh account required pam_unix.so
> +rsh session required pam_unix.so
> +rsh session required pam_limits.so
> +#
> +# The PAM configuration file for the `samba' service
> +#
> +samba auth required pam_unix.so
> +samba account required pam_unix.so
> +#
> +# The PAM configuration file for the `su' service
> +#
> +su auth required pam_wheel.so
> +su auth sufficient pam_rootok.so
> +su auth required pam_unix.so
> +su account required pam_unix.so
> +su session required pam_unix.so
> +#
> +# The PAM configuration file for the `vlock' service
> +#
> +vlock auth required pam_unix.so
> +#
> +# The PAM configuration file for the `xdm' service
> +#
> +xdm auth required pam_unix.so
> +xdm account required pam_unix.so
> +#
> +# The PAM configuration file for the `xlock' service
> +#
> +xlock auth required pam_unix.so
This is the example from the source tree, right?
I think we should have a minimal config for the stuff we need in /etc/pam.d
instead of one large file.
> diff --git a/rules/linux-pam.in b/rules/linux-pam.in
> new file mode 100644
> index 0000000..481fa88
> --- /dev/null
> +++ b/rules/linux-pam.in
> @@ -0,0 +1,32 @@
> +## SECTION=networking
> +
> +menuconfig LINUX_PAM
> + tristate
> + select FLEX
> + prompt "linux-pam"
> + help
> + Linux-PAM is a free implementation of the following DCE-RFC from
> + Sunsoft. PAM provides a way to develop programs that are
> + independent of authentication scheme. These programs need
> + "authentication modules" to be attatched to them at run-time
> + in order to work. Which authentication module is to be attatched
> + is dependent upon the local system setup and is at the discretion
> + of the local system administrator.
> +
> +if LINUX_PAM
> +
> +config LINUX_PAM_LOCKING
> + bool
> + default n
> + prompt "enable pamlocking"
> + help
> + configure libpam to observe a global authentication lock
> +
> +config LINUX_PAM_DEBUG
> + bool
> + default n
> + prompt "enable debug"
> + help
> + specify you are building with debugging on
No options for debuging. If this is needed, the makefile can be modified locally.
> +
> +endif
> diff --git a/rules/linux-pam.make b/rules/linux-pam.make
> new file mode 100644
> index 0000000..40b8b5e
> --- /dev/null
> +++ b/rules/linux-pam.make
> @@ -0,0 +1,70 @@
> +# -*-makefile-*-
> +#
> +# Copyright (C) 2015 Dr. Neuhaus Telekommunikation GmbH, Hamburg Germany, Oliver Graute <oliver.graute@neuhaus.de>
> +#
> +# See CREDITS for details about who has contributed to this project.
> +#
> +# For further information about the PTXdist project and license conditions
> +# see the README file.
> +#
> +
> +#
> +# We provide this package
> +#
> +PACKAGES-$(PTXCONF_LINUX_PAM) += linux-pam
> +
> +#
> +# Paths and names
> +#
> +LINUX_PAM_VERSION := 1.1.8
> +LINUX_PAM_MD5 := 35b6091af95981b1b2cd60d813b5e4ee
> +LINUX_PAM := Linux-PAM-$(LINUX_PAM_VERSION)
> +LINUX_PAM_SUFFIX := tar.bz2
> +LINUX_PAM_URL := http://www.linux-pam.org/library/$(LINUX_PAM).$(LINUX_PAM_SUFFIX)
> +LINUX_PAM_SOURCE := $(SRCDIR)/$(LINUX_PAM).$(LINUX_PAM_SUFFIX)
> +LINUX_PAM_DIR := $(BUILDDIR)/$(LINUX_PAM)
> +LINUX_PAM_LICENSE := GPL, BSD
> +
> +# ----------------------------------------------------------------------------
> +# Prepare
> +# ----------------------------------------------------------------------------
> +
> +#LINUX_PAM_CONF_ENV := $(CROSS_ENV)
> +
> +#
> +# autoconf
> +#
> +LINUX_PAM_CONF_TOOL := autoconf
> +LINUX_PAM_OPT :=\
> + $(CROSS_AUTOCONF_USR) \
> + $(GLOBAL_SELINUX_OPTION)
> +
> +ifdef PTXCONF_LINUX_PAM_LOCKING
> +LINUX_PAM_OPT += --enable-pamlocking
> +endif
> +
> +ifdef PTXCONF_LINUX_PAM_DEBUG
> +LINUX_PAM_OPT += --enable-debug
> +endif
use ptx/endis
check my other mail about what options should be added.
Add --disable-nls --disable-rpath
> +
> +# ----------------------------------------------------------------------------
> +# Target-Install
> +# ----------------------------------------------------------------------------
> +
> +$(STATEDIR)/linux-pam.targetinstall:
> + @$(call targetinfo)
> +
> + @$(call install_init, linux-pam)
> + @$(call install_fixup, linux-pam,PRIORITY,optional)
> + @$(call install_fixup, linux-pam,SECTION,base)
> + @$(call install_fixup, linux-pam,AUTHOR,"<oliver.graute@neuhaus.de>")
> + @$(call install_fixup, linux-pam,DESCRIPTION,missing)
> +
> + @$(call install_lib, linux-pam, 0, 0, 0644, libpam)
> +
what about the other libs and pam modules?
Michael
> + @$(call install_alternative, linux-pam, 0, 0, 0644, /etc/pam.conf)
> + @$(call install_finish, linux-pam)
> +
> + @$(call touch)
> +
> +# vim: syntax=make
> --
> 1.7.9.5
>
>
> --
> ptxdist mailing list
> ptxdist@pengutronix.de
--
Pengutronix e.K. | |
Industrial Linux Solutions | http://www.pengutronix.de/ |
Peiner Str. 6-8, 31137 Hildesheim, Germany | Phone: +49-5121-206917-0 |
Amtsgericht Hildesheim, HRA 2686 | Fax: +49-5121-206917-5555 |
_______________________________________________
ptxdist mailing list
ptxdist@pengutronix.de
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2015-12-17 10:39 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2015-10-22 14:04 [ptxdist] [PATCHv7] linux-pam: this patch add Linux-PAM support to ptxdist Oliver Graute
2015-12-10 8:38 ` Oliver Graute
2015-12-11 6:58 ` Bruno Thomsen
2015-12-11 7:57 ` [ptxdist] Antwort: " Oliver.Graute
2015-12-17 10:39 ` [ptxdist] " Michael Olbrich
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox