Difference between revisions of "PAM Library"

From CBLFS
Jump to navigationJump to search
Line 45: Line 45:
 
  ln -svf ../../lib/libpamc.so.0 /usr/lib/libpamc.so &&
 
  ln -svf ../../lib/libpamc.so.0 /usr/lib/libpamc.so &&
 
  ln -svf ../../lib/libpam_misc.so.0 /usr/lib/libpam_misc.so
 
  ln -svf ../../lib/libpam_misc.so.0 /usr/lib/libpam_misc.so
 
  
 
== Multilib ==
 
== Multilib ==
Line 118: Line 117:
 
  ln -svf ../../lib64/libpam_misc.so.0 /usr/lib64/libpam_misc.so
 
  ln -svf ../../lib64/libpam_misc.so.0 /usr/lib64/libpam_misc.so
  
== Configuring pam_console ==
+
== Configuring ==
 +
 
 +
=== Configuring pam_console ===
  
 
The altering of device permissions is unnecessary. In this case, only the console locking actions are needed. Replace one of the '''pam_console''' configuration files to achieve this.
 
The altering of device permissions is unnecessary. In this case, only the console locking actions are needed. Replace one of the '''pam_console''' configuration files to achieve this.
Line 126: Line 127:
 
  console consoledevs tty[0-9][0-9]* vc/[0-9][0-9]* :[0-9]\.[0-9] :[0-9]
 
  console consoledevs tty[0-9][0-9]* vc/[0-9][0-9]* :[0-9]\.[0-9] :[0-9]
 
  EOF
 
  EOF
 +
 +
=== /etc/securetty ===
 +
 +
cat > /etc/securetty << "EOF"
 +
# /etc/securetty: list of terminals on which root is allowed to login.
 +
# See securetty(5) and login(1).
 +
console
 +
tty0
 +
tty1
 +
tty2
 +
tty3
 +
tty4
 +
tty5
 +
tty6
 +
tty7
 +
tty8
 +
tty9
 +
tty10
 +
tty11
 +
tty12
 +
ttyp0
 +
ttyp1
 +
ttyp2
 +
ttyp3
 +
ttyp4
 +
ttyp5
 +
ttyp6
 +
ttyp7
 +
ttyp8
 +
ttyp9
 +
ttyp10
 +
ttyp11
 +
ttyp12
 +
ttyS0
 +
EOF
 +
 +
=== /etc/environment ===
 +
 +
We create a blank file here for pam_env.so, without this file an error will occur during bootup:
 +
 +
echo > /etc/environment
 +
 +
=== /etc/shells ===
 +
 +
Pam will only let users login if their shell appears in /etc/shells. Now would be a good time to create this file:
 +
 +
cat > /etc/shells << "EOF"
 +
# Begin /etc/shells
 +
 +
/bin/sh
 +
/bin/bash
 +
 +
# End /etc/shells
 +
EOF
 +
 +
=== /etc/pam.d ===
 +
This is where all the pam configuration happens
 +
 +
install -d /etc/pam.d
  
 
= Contents =
 
= Contents =

Revision as of 08:21, 14 September 2008

Download Source: ftp://ftp.kernel.org/pub/linux/libs/pam/library/Linux-PAM-1.1.3.tar.bz2
Required Patch: http://svn.cross-lfs.org/svn/repos/patches/Linux-PAM/Linux-PAM-1.1.3-pam_console-1.patch

Introduction to PAM Library

The PAM Library package contains Pluggable Authentication Modules. This is useful for enabling the local system administrator to choose how applications authenticate users.

RedHat develops a set of external modules for use with Linux-PAM. This includes the pam_console module which can be used by some programs such as HAL and gnome-volume-manager. The purpose of pam_console is to indicate which user is active at the console and take appropriate actions. It does this by listing active users in the /var/run/console directory and assigning one to the console.lock file.

Project Homepage: http://www.kernel.org/pub/linux/libs/pam/

Dependencies

Optional

Caution.png

Note

Autoconf-2.60 or greater is required to execute the following instructions. Build instructions for an acceptable version of Autoconf may be found in the development version of CLFS.

Non-Multilib

Configure and compile the package:

patch -Np1 -i ../Linux-PAM-1.1.3-pam_console-1.patch &&
automake && libtoolize -i -f &&
./configure --libdir=/usr/lib --sbindir=/lib/security \
           --enable-securedir=/lib/security \
           --docdir=/usr/share/doc/Linux-PAM-1.1.3 \
           --enable-shared \
           --enable-read-both-confs &&
make

Install the package:

make install &&
chmod -v 4755 /lib/security/unix_chkpwd &&
mv -v /lib/security/pam_tally /sbin &&
mv -v /usr/lib/libpam*.so.0* /lib &&
ln -svf ../../lib/libpam.so.0 /usr/lib/libpam.so &&
ln -svf ../../lib/libpamc.so.0 /usr/lib/libpamc.so &&
ln -svf ../../lib/libpam_misc.so.0 /usr/lib/libpam_misc.so

Multilib

32Bit

Configure and compile the package:

patch -Np1 -i ../Linux-PAM-1.1.3-pam_console-1.patch &&
automake && libtoolize -i -f &&
CC="gcc ${BUILD32}" ./configure --libdir=/usr/lib --sbindir=/lib/security \
           --enable-securedir=/lib/security \
           --docdir=/usr/share/doc/Linux-PAM-1.1.3 \
           --enable-shared \
           --enable-read-both-confs &&
make

Install the package:

make install &&
chmod -v 4755 /lib/security/unix_chkpwd &&
mv -v /lib/security/pam_tally /sbin &&
mv -v /usr/lib/libpam*.so.0* /lib &&
ln -svf ../../lib/libpam.so.0 /usr/lib/libpam.so &&
ln -svf ../../lib/libpamc.so.0 /usr/lib/libpamc.so &&
ln -svf ../../lib/libpam_misc.so.0 /usr/lib/libpam_misc.so

N32

Configure and compile the package:

patch -Np1 -i ../Linux-PAM-1.1.3-pam_console-1.patch &&
automake && libtoolize -i -f &&
CC="gcc ${BUILDN32}" ./configure --libdir=/usr/lib32 --sbindir=/lib32/security \
           --enable-securedir=/lib32/security \
           --docdir=/usr/share/doc/Linux-PAM-1.1.3 \
           --enable-shared \
           --enable-read-both-confs &&
make

Install the package:

make install &&
chmod -v 4755 /lib32/security/unix_chkpwd &&
mv -v /lib32/security/pam_tally /sbin &&
mv -v /usr/lib32/libpam*.so.0* /lib32 &&
ln -svf ../../lib32/libpam.so.0 /usr/lib32/libpam.so &&
ln -svf ../../lib32/libpamc.so.0 /usr/lib32/libpamc.so &&
ln -svf ../../lib32/libpam_misc.so.0 /usr/lib32/libpam_misc.so

64Bit

Configure and compile the package:

patch -Np1 -i ../Linux-PAM-1.1.3-pam_console-1.patch &&
automake && libtoolize -i -f &&
CC="gcc ${BUILD64}" ./configure --libdir=/usr/lib64 --sbindir=/lib64/security \
           --enable-securedir=/lib64/security \
           --docdir=/usr/share/doc/Linux-PAM-1.1.3 \
           --enable-shared \
           --enable-read-both-confs &&
make

Install the package:

make install &&
chmod -v 4755 /lib64/security/unix_chkpwd &&
mv -v /lib64/security/pam_tally /sbin &&
mv -v /usr/lib64/libpam*.so.0* /lib64 &&
ln -svf ../../lib64/libpam.so.0 /usr/lib64/libpam.so &&
ln -svf ../../lib64/libpamc.so.0 /usr/lib64/libpamc.so &&
ln -svf ../../lib64/libpam_misc.so.0 /usr/lib64/libpam_misc.so

Configuring

Configuring pam_console

The altering of device permissions is unnecessary. In this case, only the console locking actions are needed. Replace one of the pam_console configuration files to achieve this.

cat > /etc/security/console.handlers << "EOF"
# Begin /etc/security/console.handlers
console consoledevs tty[0-9][0-9]* vc/[0-9][0-9]* :[0-9]\.[0-9] :[0-9]
EOF

/etc/securetty

cat > /etc/securetty << "EOF"
# /etc/securetty: list of terminals on which root is allowed to login.
# See securetty(5) and login(1).
console
tty0
tty1
tty2
tty3
tty4
tty5
tty6
tty7
tty8
tty9
tty10
tty11
tty12
ttyp0
ttyp1
ttyp2
ttyp3
ttyp4
ttyp5
ttyp6
ttyp7
ttyp8
ttyp9
ttyp10
ttyp11
ttyp12
ttyS0
EOF

/etc/environment

We create a blank file here for pam_env.so, without this file an error will occur during bootup:

echo > /etc/environment

/etc/shells

Pam will only let users login if their shell appears in /etc/shells. Now would be a good time to create this file:

cat > /etc/shells << "EOF"
# Begin /etc/shells

/bin/sh
/bin/bash

# End /etc/shells
EOF

/etc/pam.d

This is where all the pam configuration happens

install -d /etc/pam.d 

Contents

Note:
The files that come with pam_console need to be added to this list.
Installed Programs: pam_tally
Installed Libraries: libpam.{so,a}, libpamc.{so,a}, libpam_misc.{so,a}
Installed Directories: /etc/pam.d, /etc/security, /lib/security, /usr/include/security

Short Descriptions

pam_tally is used to view or manipulate the faillog file.
libpam.{so,a} provide the interfaces between applications and the PAM modules.