The Linux-PAM package contains Pluggable Authentication Modules. This is useful to enable the local system administrator to choose how applications authenticate users.
This package is known to build and work properly using an LFS-7.0 platform.
Download (HTTP): https://fedorahosted.org/releases/l/i/linux-pam/Linux-PAM-1.1.5.tar.bz2
Download MD5 sum: 927ee5585bdec5256c75117e9348aa47
Download size: 1.1 MB
Estimated disk space required: 28 MB (includes installing the optional documentation)
Estimated build time: 0.3 SBU
Optional Documentation
Download (HTTP): https://fedorahosted.org/releases/l/i/linux-pam/Linux-PAM-1.1.5-docs.tar.bz2
Download MD5 sum: 987e14ddce375ec7ddd2b91fbc2bd46d
Download size 487 KB
CrackLib-2.8.18, X Window System, Berkeley DB-5.2.36 (for the pam_userdb module), and Prelude
libxslt-1.1.26, DocBook XML DTD-4.5, DocBook XSL Stylesheets-1.76.1, w3m-0.5.2, and FOP-1.0
User Notes: http://wiki.linuxfromscratch.org/blfs/wiki/linux-pam
If you downloaded the documentation, unpack the tarball by issuing the following command.
tar -xf ../Linux-PAM-1.1.5-docs.tar.bz2 --strip-components=1
Install Linux-PAM by running the following commands:
./configure --sbindir=/lib/security \ --docdir=/usr/share/doc/Linux-PAM-1.1.5 \ --enable-read-both-confs && make
To test the results, a configuration file must be created. This
file will be removed after the tests have completed. Ensure there
are no errors produced by the tests before continuing the
installation. First create the configuration file by issuing the
following commands as the root
user:
install -v -m755 -d /etc/pam.d && cat > /etc/pam.d/other << "EOF" auth required pam_deny.so account required pam_deny.so password required pam_deny.so session required pam_deny.so EOF
Now run the tests by issuing make check.
Remove the configuration file created earlier by issuing the
following command as the root
user:
rm -rfv /etc/pam.d
Now, as the root
user:
make install && chmod -v 4755 /lib/security/unix_chkpwd && mv -v /lib/security/pam_tally /sbin && mv -v /lib/libpam{,c,_misc}.la /usr/lib && sed -i 's| /lib| /usr/lib|' /usr/lib/libpam_misc.la && if [ -L /lib/libpam.so ]; then for LINK in libpam{,c,_misc}.so; do ln -v -sf ../../lib/$(readlink /lib/${LINK}) /usr/lib/${LINK} && rm -v /lib/${LINK} done fi
--sbindir=/lib/security
:
This parameter results in three executables, two of which are not
intended to be run from the command line, being installed in the
same directory as the PAM modules. The other executable is later
moved to the /sbin
directory.
--docdir=...
: This
parameter results in the documentation being installed in a
versioned directory name.
--enable-read-both-confs
:
This parameter allows the local administrator to choose which
configuration file setup to use.
chmod -v 4755
/lib/security/unix_chkpwd: The unix_chkpwd password-helper
program must be setuid so that non-root
processes can access the shadow-password
file.
mv -v /lib/security/pam_tally /sbin: The pam_tally program is designed to be run by the system administrator, possibly in single-user mode, so it is moved to the appropriate directory.
mv -v /lib/libpam{,c,_misc}.la
/usr/lib: This command moves the Libtool library files to /usr/lib
as they are expected to reside there.
sed -i 's| /lib| /usr/lib|' /usr/lib/libpam_misc.la: This command corrects an installation reference due to the file being moved in the previous step.
for ...; do ...;
done: These commands are used to relocate the
.so
symbolic links into the
/usr/lib
directory by cloning and
then removing the existing symlinks. Using readlink ensures the new symlinks
point at the correct library filenames.
Configuration information is placed in /etc/pam.d/
or /etc/pam.conf
depending on system administrator
preference. Below are example files of each type:
# Begin /etc/pam.d/other
auth required pam_unix.so nullok
account required pam_unix.so
session required pam_unix.so
password required pam_unix.so nullok
# End /etc/pam.d/other
# Begin /etc/pam.conf
other auth required pam_unix.so nullok
other account required pam_unix.so
other session required pam_unix.so
other password required pam_unix.so nullok
# End /etc/pam.conf
The PAM man page (man pam) provides a good starting point for descriptions of fields and allowable entries. The Linux-PAM System Administrators' Guide is recommended for additional information.
Refer to http://debian.securedservers.com/kernel/pub/linux/libs/pam/modules.html for a list of various third-party modules available.
Last updated on 2011-12-07 17:10:09 +0000