New Linux-PAM need testing

Stefan Wold ratler at lunar-linux.org
Sun Apr 15 17:02:46 CEST 2007 

Hey everyone!

I would appreciate if you gave Linux-PAM 0.99.7.1 at test run. I have 
compiled and tested the most basic features on the following platforms:

x86_64: Kernel 2.6, gcc 4.1.2, glibc 2.3.6
x86: Kernel 2.6, gcc 4.1.2, glibc 2.3.6
x86: Kernel 2.4, gcc 4.1.2, glibc 2.3.6

If you have modified /etc/pam.d/system-auth make sure you either copy the 
differences from the provided system-auth or just remove the old one 
before installing Linux-PAM to test the changes.

The big change in system-auth is that we now supress the successful logins 
by crond everytime a job is executed, which is nice, less logspam.

Another change is that db is optional_depends so it's now possible to 
disable build of pam_userdb.so completely, most users will never use it. 
Heck I would say no one should ever use it since there are far better 
backends to use such as ldap or sql.

I have attached the patchset in case the mirrors havn't fetched it yet. 
Just apply Linux-PAM-0.99.7.1.patch on our current Linux-PAM module and 
put Linux-PAM-patches-1.8.tar.bz2 in /var/spool/lunar

Sincerely
Stefan
-------------- next part --------------
A non-text attachment was scrubbed...
Name: Linux-PAM-patches-1.8.tar.bz2
Type: application/octet-stream
Size: 73405 bytes
Desc: 
Url : http://foo-projects.org/pipermail/lunar-dev/attachments/20070415/2261429d/Linux-PAM-patches-1.8.tar-0001.obj
-------------- next part --------------
--- Linux-PAM/BUILD	2006-11-12 20:31:02.000000000 +0100
+++ Linux-PAM/BUILD	2007-04-15 16:28:26.000000000 +0200
@@ -15,7 +15,8 @@
   ./configure  --libdir=/lib                            \
                --enable-docdir=/usr/share/doc/Linux-PAM \
                --disable-prelude                        \
-               --mandir=/usr/share/man                  &&
+               --mandir=/usr/share/man                  \
+               $OPTS &&
 
   sedit  "s/examples//"  Makefile              &&
   sedit  "s/read yes//"     conf/install_conf  &&
@@ -30,11 +31,11 @@
   chmod 4711 /sbin/pam_timestamp_check &&
 
   # Module documents are nice
-  if [ ! -d /usr/share/doc/Linux-PAM/text ]; then
-      mkdir -p /usr/share/doc/Linux-PAM/text
+  if [ ! -d /usr/share/doc/Linux-PAM/txt ]; then
+      mkdir -p /usr/share/doc/Linux-PAM/txt
   fi &&
   for i in $SOURCE_DIRECTORY/modules/pam_*/README; do
-      cp -f ${i} /usr/share/doc/Linux-PAM/text/README.$(echo ${i} | awk -F/ '{ print $(NF-1) }')
+      cp -f ${i} /usr/share/doc/Linux-PAM/txt/README.$(echo ${i} | awk -F/ '{ print $(NF-1) }')
   done &&
 
   # More doc
--- Linux-PAM/DEPENDS	2006-10-23 00:29:59.000000000 +0200
+++ Linux-PAM/DEPENDS	2007-04-15 16:36:00.000000000 +0200
@@ -1,2 +1,4 @@
 depends  automake  &&
-depends  cracklib
+depends  cracklib  &&
+optional_depends "db" "" "--disable-berkdb" "for pam_userdb support (${PROBLEM_COLOR}NOT RECOMMENDED${DEFAULT_COLOR})"
+
--- Linux-PAM/DETAILS	2007-01-05 17:01:09.000000000 +0100
+++ Linux-PAM/DETAILS	2007-04-15 15:55:42.000000000 +0200
@@ -1,18 +1,18 @@
           MODULE=Linux-PAM
-         VERSION=0.99.6.3
-        PVERSION=1.7
-       RHVERSION=0.99.6-1
+         VERSION=0.99.7.1
+        PVERSION=1.8
+       RHVERSION=0.99.7-1
           SOURCE=$MODULE-$VERSION.tar.bz2
          SOURCE2=$MODULE-patches-$PVERSION.tar.bz2
    SOURCE_URL[0]=$KERNEL_URL/pub/linux/libs/pam/pre/library/
    SOURCE_URL[1]=ftp://ftp.kernel.org/pub/linux/libs/pam/pre/library/
      SOURCE2_URL=$PATCH_URL
-      SOURCE_VFY=sha1:984f86b5a767fba1572c7963b8f8c997132fff2b
-     SOURCE2_VFY=sha1:2a48f18b10acd4292ccdb0cc5a6306b1525d8d1b
+      SOURCE_VFY=sha1:40f8ba7280fbd8260cfe2ec06b86f972c79eb9d2
+     SOURCE2_VFY=sha1:fea43efb7fe728c06424ee573f2029269f91c8f6
         WEB_SITE=http://www.us.kernel.org/pub/linux/libs/pam
       MAINTAINER=ratler at lunar-linux.org
          ENTERED=20010922
-         UPDATED=20060910
+         UPDATED=20070415
            SHORT="Flexibile authentication mechanisms."
 PSAFE=no
 cat << EOF
--- Linux-PAM/pam.d/system-auth	2006-10-23 00:29:59.000000000 +0200
+++ Linux-PAM/pam.d/system-auth	2007-04-15 16:26:10.000000000 +0200
@@ -1,15 +1,14 @@
 #%PAM-1.0
 auth        required      pam_env.so
-auth        sufficient    pam_unix.so likeauth nullok
+auth        sufficient    pam_unix.so try_first_pass nullok
 auth        required      pam_deny.so
 
 account     required      pam_unix.so
-account     sufficient	  pam_succeed_if.so uid < 100 quiet
-account     required      pam_permit.so
 
-password    requisite     pam_cracklib.so retry=3
-password    sufficient    pam_unix.so nullok use_authtok md5 shadow
+password    required      pam_cracklib.so try_first_pass retry=3
+password    sufficient    pam_unix.so try_first_pass use_authtok nullok md5 shadow
 password    required      pam_deny.so
 
 session     required      pam_limits.so
+session     [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid
 session     required      pam_unix.so

More information about the Lunar-dev mailing list