Difference between revisions of "PAM Library"

From CBLFS
Jump to navigationJump to search
(Introduction to PAM Library)
Line 14: Line 14:
 
The PAM Library package contains Pluggable Authentication Modules. This is useful for enabling the local system administrator to choose how applications authenticate users.
 
The PAM Library package contains Pluggable Authentication Modules. This is useful for enabling the local system administrator to choose how applications authenticate users.
  
RedHat develops a set of external modules for use with [[Linux-Pam]]. This includes the '''pam_console''' module which can be used by some programs such as [[HAL]] and [[gnome-volume-manager]]. The purpose of '''pam_console''' is to indicate which user is active at the console and take appropriate actions. It does this by listing active users in the ''/var/run/console'' directory and assigning one to the ''console.lock'' file.
+
RedHat develops a set of external modules for use with [[Linux-PAM]]. This includes the '''pam_console''' module which can be used by some programs such as [[HAL]] and [[gnome-volume-manager]]. The purpose of '''pam_console''' is to indicate which user is active at the console and take appropriate actions. It does this by listing active users in the ''/var/run/console'' directory and assigning one to the ''console.lock'' file.
  
 
== Dependencies ==
 
== Dependencies ==

Revision as of 08:45, 23 December 2006

Download Source: ftp://ftp.kernel.org/pub/linux/libs/pam/pre/library/Linux-PAM-1.1.3.tar.bz2
Download (To build pam_console): http://cvs.fedora.redhat.com/repo/dist/pam/pam-redhat-0.99.5-1.tar.bz2/e2edde7861c48195728bc531e5a277e0/pam-redhat-0.99.5-1.tar.bz2

Introduction to PAM Library

The PAM Library package contains Pluggable Authentication Modules. This is useful for enabling the local system administrator to choose how applications authenticate users.

RedHat develops a set of external modules for use with Linux-PAM. This includes the pam_console module which can be used by some programs such as HAL and gnome-volume-manager. The purpose of pam_console is to indicate which user is active at the console and take appropriate actions. It does this by listing active users in the /var/run/console directory and assigning one to the console.lock file.

Dependencies

Optional

Non-Multilib

If you would like to build the pam_console module run the following commands:

tar -xf ../pam-redhat-0.99.5-1.tar.bz2 && 
sed -i 's,modules/Makefile,& modules/pam_console/Makefile,' configure.in && 
sed -i 's/SUBDIRS =/& pam_console/' modules/Makefile.am && 
sed -i '/^permsd_DATA/d' modules/pam_console/Makefile.am && 
autoreconf -v

Configure and compile the package:

./configure --libdir=/usr/lib --sbindir=/lib/security \
           --enable-securedir=/lib/security \
           --enable-docdir=/usr/share/doc/Linux-PAM-1.1.3 \
           --enable-read-both-confs &&
make

Install the package:

make install &&
chmod -v 4755 /lib/security/unix_chkpwd &&
mv -v /lib/security/pam_tally /sbin &&
mv -v /usr/lib/libpam*.so.0* /lib &&
LIBNAME=$(cat libpam/libpam.la | grep library_names | cut -f2 -d"'" | cut -f1 -d" ") &&
ln -sf ../../lib/$LIBNAME /usr/lib/libpam.so &&
LIBNAME=$(cat libpamc/libpamc.la | grep library_names | cut -f2 -d"'" | cut -f1 -d" ") &&
ln -sf ../../lib/$LIBNAME /usr/lib/libpamc.so &&
LIBNAME=$(cat libpam_misc/libpam_misc.la | grep library_names | cut -f2 -d"'" | cut -f1 -d" ") &&
ln -sf ../../lib/$LIBNAME /usr/lib/libpam_misc.so


Multilib

32Bit

If you would like to build the pam_console module run the following commands:

tar -xf ../pam-redhat-0.99.5-1.tar.bz2 && 
sed -i 's,modules/Makefile,& modules/pam_console/Makefile,' configure.in && 
sed -i 's/SUBDIRS =/& pam_console/' modules/Makefile.am && 
sed -i '/^permsd_DATA/d' modules/pam_console/Makefile.am && 
autoreconf -v

Configure and compile the package:

CC="gcc ${BUILD32}" ./configure --libdir=/usr/lib --sbindir=/lib/security \
           --enable-securedir=/lib/security \
           --enable-docdir=/usr/share/doc/Linux-PAM-1.1.3 \
           --enable-read-both-confs &&
make

Install the package:

make install &&
chmod -v 4755 /lib/security/unix_chkpwd &&
mv -v /lib/security/pam_tally /sbin &&
mv -v /usr/lib/libpam*.so.0* /lib &&
LIBNAME=$(cat libpam/libpam.la | grep library_names | cut -f2 -d"'" | cut -f1 -d" ") &&
ln -sf ../../lib/$LIBNAME /usr/lib/libpam.so &&
LIBNAME=$(cat libpamc/libpamc.la | grep library_names | cut -f2 -d"'" | cut -f1 -d" ") &&
ln -sf ../../lib/$LIBNAME /usr/lib/libpamc.so &&
LIBNAME=$(cat libpam_misc/libpam_misc.la | grep library_names | cut -f2 -d"'" | cut -f1 -d" ") &&
ln -sf ../../lib/$LIBNAME /usr/lib/libpam_misc.so

N32

If you would like to build the pam_console module run the following commands:

tar -xf ../pam-redhat-0.99.5-1.tar.bz2 && 
sed -i 's,modules/Makefile,& modules/pam_console/Makefile,' configure.in && 
sed -i 's/SUBDIRS =/& pam_console/' modules/Makefile.am && 
sed -i '/^permsd_DATA/d' modules/pam_console/Makefile.am && 
autoreconf -v

Configure and compile the package:

CC="gcc ${BUILDN32}" ./configure --libdir=/usr/lib32 --sbindir=/lib32/security \
           --enable-securedir=/lib32/security \
           --enable-docdir=/usr/share/doc/Linux-PAM-1.1.3 \
           --enable-read-both-confs &&
make

Install the package:

make install &&
chmod -v 4755 /lib32/security/unix_chkpwd &&
mv -v /lib32/security/pam_tally /sbin &&
mv -v /usr/lib32/libpam*.so.0* /lib32 &&
LIBNAME=$(cat libpam/libpam.la | grep library_names | cut -f2 -d"'" | cut -f1 -d" ") &&
ln -sf ../../lib32/$LIBNAME /usr/lib32/libpam.so &&
LIBNAME=$(cat libpamc/libpamc.la | grep library_names | cut -f2 -d"'" | cut -f1 -d" ") &&
ln -sf ../../lib32/$LIBNAME /usr/lib32/libpamc.so &&
LIBNAME=$(cat libpam_misc/libpam_misc.la | grep library_names | cut -f2 -d"'" | cut -f1 -d" ") &&
ln -sf ../../lib32/$LIBNAME /usr/lib32/libpam_misc.so

64Bit

If you would like to build the pam_console module run the following commands:

tar -xf ../pam-redhat-0.99.5-1.tar.bz2 && 
sed -i 's,modules/Makefile,& modules/pam_console/Makefile,' configure.in && 
sed -i 's/SUBDIRS =/& pam_console/' modules/Makefile.am && 
sed -i '/^permsd_DATA/d' modules/pam_console/Makefile.am && 
autoreconf -v

Configure and compile the package:

CC="gcc ${BUILD64}" ./configure --libdir=/usr/lib64 --sbindir=/lib64/security \
           --enable-securedir=/lib64/security \
           --enable-docdir=/usr/share/doc/Linux-PAM-1.1.3 \
           --enable-read-both-confs &&
make

Install the package:

make install &&
chmod -v 4755 /lib64/security/unix_chkpwd &&
mv -v /lib64/security/pam_tally /sbin &&
mv -v /usr/lib64/libpam*.so.0* /lib64 &&
LIBNAME=$(cat libpam/libpam.la | grep library_names | cut -f2 -d"'" | cut -f1 -d" ") &&
ln -sf ../../lib64/$LIBNAME /usr/lib64/libpam.so &&
LIBNAME=$(cat libpamc/libpamc.la | grep library_names | cut -f2 -d"'" | cut -f1 -d" ") &&
ln -sf ../../lib64/$LIBNAME /usr/lib64/libpamc.so &&
LIBNAME=$(cat libpam_misc/libpam_misc.la | grep library_names | cut -f2 -d"'" | cut -f1 -d" ") &&
ln -sf ../../lib64/$LIBNAME /usr/lib64/libpam_misc.so

Confuguring pam_console

You only need to view this section if you built the pam_console module.

The altering of device permissions is unnecessary. In this case, only the console locking actions are needed. Replace one of the pam_console configuration files to achieve this.

cat > /etc/security/console.handlers << "EOF"
# Begin /etc/security/console.handlers
console consoledevs tty[0-9][0-9]* vc/[0-9][0-9]* :[0-9]\.[0-9] :[0-9]
EOF


Contents

Note:
The files that come with pam_console need to be added to this list.
Installed Programs: pam_tally
Installed Libraries: libpam.{so,a}, libpamc.{so,a}, libpam_misc.{so,a}
Installed Directories: /etc/pam.d, /etc/security, /lib/security, /usr/include/security

Short Descriptions

pam_tally is used to view or manipulate the faillog file.
libpam.{so,a} provide the interfaces between applications and the PAM modules.