]> git.ipfire.org Git - people/ms/ipfire-3.x.git/commitdiff
Merge branch 'master' of ssh://git.ipfire.org/pub/git/ipfire-3.x
authorMichael Tremer <michael.tremer@ipfire.org>
Fri, 27 Apr 2012 11:15:02 +0000 (13:15 +0200)
committerMichael Tremer <michael.tremer@ipfire.org>
Fri, 27 Apr 2012 11:15:02 +0000 (13:15 +0200)
15 files changed:
initscripts/initscripts.nm
initscripts/rc.local
initscripts/systemd/rc-local.service
nss_ldap/nss_ldap.nm
pam/man/config-util.5 [new file with mode: 0644]
pam/man/postlogin.5 [new file with mode: 0644]
pam/man/system-auth.5 [new file with mode: 0644]
pam/pam.d/config-util [new file with mode: 0644]
pam/pam.d/fingerprint-auth [new file with mode: 0644]
pam/pam.d/password-auth [new file with mode: 0644]
pam/pam.d/postlogin [new file with mode: 0644]
pam/pam.d/smartcard-auth [new file with mode: 0644]
pam/pam.d/system-auth
pam/pam.nm
ppl/ppl.nm

index 07372684e3470d6d8fd2f34cc8fb8c27be16be57..b171219e692462a97f13e44c193fa33dd660e2cf 100644 (file)
@@ -6,7 +6,7 @@
 name       = initscripts
 epoch      = 1
 version    = 2.99
-release    = 16
+release    = 17
 
 groups     = System/Boot
 url        =
index 0bd2d37551f5cf86b434c7d3afb4672e445ade48..cfe091053a9993cbce00c00fbe09587e0260a7b7 100644 (file)
@@ -2,3 +2,5 @@
 #
 # This script will be executed at the end of the boot process.
 # You can put your own initialization stuff in here.
+
+exit 0
index f7b7c0d072f22ec556ae8587010629d80f0aa7e8..a1bb1598850c491cf9a33810ba08539f9ab87652 100644 (file)
@@ -1,14 +1,9 @@
 [Unit]
-Description=/etc/rc.local Compatiblity
-Requires=multi-user.target
-After=multi-user.target network.target
+Description=/etc/rc.local Compatibility
+After=network.target
 
 [Service]
 Type=forking
 ExecStart=/etc/rc.local
 TimeoutSec=0
-StandardOutput=tty
 RemainAfterExit=yes
-
-[Install]
-WantedBy=multi-user.target
index fa87ed0e114e6e20e25c67a3ee007145550bc9fe..0c7669b1d6d1e312703b0945f0ffd2333607d102 100644 (file)
@@ -5,7 +5,7 @@
 
 name       = nss_ldap
 version    = 265
-release    = 3
+release    = 4
 
 groups     = System/Base
 url        = http://www.padl.com/
@@ -47,7 +47,6 @@ build
 
        configure_options += \
                --sysconfdir=/etc \
-               --libdir=/%{lib} \
                --with-ldap-lib=openldap \
                --enable-rfc2307bis \
                --with-ldap-conf-file=/etc/nss_ldap.conf \
@@ -75,8 +74,6 @@ build
                # Remove awkward directory
                rm -rvf %{BUILDROOT}/usr/usr
 
-               mv -v %{BUILDROOT}/%{lib}/* %{BUILDROOT}%{libdir}
-               rm -rvf %{BUILDROOT}/%{lib}
                ln -svf libnss_ldap-%{version}.so %{BUILDROOT}%{libdir}/libnss_ldap.so
                ln -svf libnss_ldap.so.2 %{BUILDROOT}%{libdir}/libnss_ldap.so
 
@@ -91,7 +88,12 @@ end
 packages
        package %{name}
                requires
-                       /%{lib}/security/pam_ldap.so
+                       %{libdir}/security/pam_ldap.so
+               end
+
+               configfiles
+                       %{sysconfdir}/nss_ldap.conf
+                       %{sysconfdir}/nss_ldap.secret
                end
        end
 
diff --git a/pam/man/config-util.5 b/pam/man/config-util.5
new file mode 100644 (file)
index 0000000..17d7f8a
--- /dev/null
@@ -0,0 +1,36 @@
+.TH SYSTEM-AUTH 5 "2006 Feb 3" "Red Hat" "Linux-PAM Manual"
+.SH NAME
+
+config-util \- Common PAM configuration file for configuration utilities
+
+.SH SYNOPSIS
+.B /etc/pam.d/config-util
+.sp 2
+.SH DESCRIPTION
+
+The purpose of this configuration file is to provide common 
+configuration file for all configuration utilities which must be run
+from the supervisor account and use the userhelper wrapper application.
+
+.sp
+The
+.BR config-util
+configuration file is included from all individual configuration
+files of such utilities with the help of the
+.BR include
+directive.
+There are not usually any other modules in the individual configuration
+files of these utilities.
+
+.sp
+It is possible for example to modify duration of the validity of the 
+authentication timestamp there. See
+.BR pam_timestamp(8)
+for details.
+
+.SH BUGS
+.sp 2
+None known.
+
+.SH "SEE ALSO"
+pam(8), config-util(5), pam_timestamp(8)
diff --git a/pam/man/postlogin.5 b/pam/man/postlogin.5
new file mode 100644 (file)
index 0000000..3a8abcf
--- /dev/null
@@ -0,0 +1,46 @@
+.TH POSTLOGIN 5 "2010 Dec 22" "Red Hat" "Linux-PAM Manual"
+.SH NAME
+
+postlogin \- Common configuration file for PAMified services
+
+.SH SYNOPSIS
+.B /etc/pam.d/postlogin
+.sp 2
+.SH DESCRIPTION
+
+The purpose of this PAM configuration file is to provide a common
+place for all PAM modules which should be called after the stack
+configured in
+.BR system-auth
+or the other common PAM configuration files.
+
+.sp
+The
+.BR postlogin
+configuration file is included from all individual service configuration
+files that provide login service with shell or file access.
+
+.SH NOTES
+The modules in the postlogin configuration file are executed regardless
+of the success or failure of the modules in the
+.BR system-auth
+configuration file.
+
+.SH BUGS
+.sp 2
+Sometimes it would be useful to be able to skip the postlogin modules in
+case the substack of the
+.BR system-auth
+modules failed. Unfortunately the current Linux-PAM library does not
+provide any way how to achieve this.
+
+.SH "SEE ALSO"
+pam(8), config-util(5), system-auth(5)
+
+The three
+.BR Linux-PAM
+Guides, for
+.BR "system administrators" ", "
+.BR "module developers" ", "
+and
+.BR "application developers" ". "
diff --git a/pam/man/system-auth.5 b/pam/man/system-auth.5
new file mode 100644 (file)
index 0000000..c0ca80b
--- /dev/null
@@ -0,0 +1,58 @@
+.TH SYSTEM-AUTH 5 "2010 Dec 22" "Red Hat" "Linux-PAM Manual"
+.SH NAME
+
+system-auth \- Common configuration file for PAMified services
+
+.SH SYNOPSIS
+.B /etc/pam.d/system-auth
+.B /etc/pam.d/password-auth
+.B /etc/pam.d/fingerprint-auth
+.B /etc/pam.d/smartcard-auth
+.sp 2
+.SH DESCRIPTION
+
+The purpose of these configuration files are to provide a common
+interface for all applications and service daemons calling into
+the PAM library.
+
+.sp
+The
+.BR system-auth
+configuration file is included from nearly all individual service configuration
+files with the help of the
+.BR substack
+directive.
+
+.sp
+The
+.BR password-auth
+.BR fingerprint-auth
+.BR smartcard-auth
+configuration files are for applications which handle authentication from
+different types of devices via simultaneously running individual conversations
+instead of one aggregate conversation.
+
+.SH NOTES
+Previously these common configuration files were included with the help
+of the
+.BR include
+directive. This limited the use of the different action types of modules.
+With the use of
+.BR substack
+directive to include these common configuration files this limitation
+no longer applies.
+
+.SH BUGS
+.sp 2
+None known.
+
+.SH "SEE ALSO"
+pam(8), config-util(5), postlogin(5)
+
+The three
+.BR Linux-PAM
+Guides, for
+.BR "system administrators" ", "
+.BR "module developers" ", "
+and
+.BR "application developers" ". "
diff --git a/pam/pam.d/config-util b/pam/pam.d/config-util
new file mode 100644 (file)
index 0000000..8e70d9a
--- /dev/null
@@ -0,0 +1,8 @@
+#%PAM-1.0
+auth           sufficient      pam_rootok.so
+auth           sufficient      pam_timestamp.so
+auth           include         system-auth
+account                required        pam_permit.so
+session                required        pam_permit.so
+session                optional        pam_xauth.so
+session                optional        pam_timestamp.so
diff --git a/pam/pam.d/fingerprint-auth b/pam/pam.d/fingerprint-auth
new file mode 100644 (file)
index 0000000..fdcbcc0
--- /dev/null
@@ -0,0 +1,18 @@
+#%PAM-1.0
+# This file is auto-generated.
+# User changes will be destroyed the next time authconfig is run.
+auth        required      pam_env.so
+auth        sufficient    pam_fprintd.so
+auth        required      pam_deny.so
+
+account     required      pam_unix.so
+account     sufficient    pam_localuser.so
+account     sufficient    pam_succeed_if.so uid < 500 quiet
+account     required      pam_permit.so
+
+password    required      pam_deny.so
+
+session     optional      pam_keyinit.so revoke
+session     required      pam_limits.so
+session     [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid
+session     required      pam_unix.so
diff --git a/pam/pam.d/password-auth b/pam/pam.d/password-auth
new file mode 100644 (file)
index 0000000..d598c67
--- /dev/null
@@ -0,0 +1,17 @@
+#%PAM-1.0
+# This file is auto-generated.
+# User changes will be destroyed the next time authconfig is run.
+auth        required      pam_env.so
+auth        sufficient    pam_unix.so try_first_pass nullok
+auth        required      pam_deny.so
+
+account     required      pam_unix.so
+
+password    requisite     pam_pwquality.so try_first_pass retry=3 type=
+password    sufficient    pam_unix.so try_first_pass use_authtok nullok sha512 shadow
+password    required      pam_deny.so
+
+session     optional      pam_keyinit.so revoke
+session     required      pam_limits.so
+session     [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid
+session     required      pam_unix.so
diff --git a/pam/pam.d/postlogin b/pam/pam.d/postlogin
new file mode 100644 (file)
index 0000000..43d25c5
--- /dev/null
@@ -0,0 +1,3 @@
+#%PAM-1.0
+# This file is auto-generated.
+# User changes will be destroyed the next time authconfig is run.
diff --git a/pam/pam.d/smartcard-auth b/pam/pam.d/smartcard-auth
new file mode 100644 (file)
index 0000000..07f03f3
--- /dev/null
@@ -0,0 +1,18 @@
+#%PAM-1.0
+# This file is auto-generated.
+# User changes will be destroyed the next time authconfig is run.
+auth        required      pam_env.so
+auth        [success=done ignore=ignore default=die] pam_pkcs11.so wait_for_card
+auth        required      pam_deny.so
+
+account     required      pam_unix.so
+account     sufficient    pam_localuser.so
+account     sufficient    pam_succeed_if.so uid < 500 quiet
+account     required      pam_permit.so
+
+password    optional      pam_pkcs11.so
+
+session     optional      pam_keyinit.so revoke
+session     required      pam_limits.so
+session     [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid
+session     required      pam_unix.so
index 0fa221b4893e3e2f8d081665bc4eb6094466e7fb..d598c67d7244d266f7b118a3bdc2b75de46eaf46 100644 (file)
@@ -1,23 +1,17 @@
 #%PAM-1.0
+# This file is auto-generated.
+# User changes will be destroyed the next time authconfig is run.
 auth        required      pam_env.so
-auth        sufficient    pam_unix.so nullok try_first_pass
-auth        requisite     pam_succeed_if.so uid >= 500 quiet
-auth        sufficient    pam_ldap.so use_first_pass
+auth        sufficient    pam_unix.so try_first_pass nullok
 auth        required      pam_deny.so
 
-account     required      pam_unix.so broken_shadow
-account     sufficient    pam_localuser.so
-account     sufficient    pam_succeed_if.so uid < 500 quiet
-account     [default=bad success=ok user_unknown=ignore] pam_ldap.so
-account     required      pam_permit.so
+account     required      pam_unix.so
 
-password    requisite     pam_cracklib.so try_first_pass retry=3
-password    sufficient    pam_unix.so sha512 shadow nullok try_first_pass use_authtok
-password    sufficient    pam_ldap.so use_authtok
+password    requisite     pam_pwquality.so try_first_pass retry=3 type=
+password    sufficient    pam_unix.so try_first_pass use_authtok nullok sha512 shadow
 password    required      pam_deny.so
 
 session     optional      pam_keyinit.so revoke
 session     required      pam_limits.so
 session     [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid
 session     required      pam_unix.so
-session     optional      pam_ldap.so
index 71f4a0997bce7ecace285d87cbd28c7e19c3a31e..be4f7a242816dbc5e07cab93056b867e4d2d088e 100644 (file)
@@ -5,7 +5,7 @@
 
 name       = pam
 version    = 1.1.5
-release    = 2
+release    = 3
 thisapp    = Linux-PAM-%{version}
 
 groups     = System/Base
@@ -48,14 +48,25 @@ build
 
                # Included in setup package
                rm -f %{BUILDROOT}/etc/environment
+
+               # Install man pages.
+               mkdir -pv %{BUILDROOT}%{mandir}/man5
+               for file in config-util.5 postlogin.5 system-auth.5; do
+                       install -v -m 644 %{DIR_SOURCE}/man/${file} \
+                               %{BUILDROOT}%{mandir}/man5
+               done
        end
 end
 
 packages
        package %{name}
-               #requires
-               #       pam_ldap
-               #end
+               requires
+                       pam_ldap
+               end
+
+               configfiles
+                       /etc/pam.d
+               end
        end
 
        package %{name}-devel
index 09b6fe114bed1650b3162bc96af14e586312a695..a07cc99de2b612c1761d312619fff744b89844c2 100644 (file)
@@ -5,7 +5,7 @@
 
 name       = ppl
 version    = 0.11.2
-release    = 3
+release    = 4
 
 maintainer = Michael Tremer <michael.tremer@ipfire.org>
 groups     = Development/Libraries
@@ -43,9 +43,10 @@ build
 
        PARALLELISMFLAGS =
 
-       test
-               make check
-       end
+       # The testsuite currently fails on x86_64.
+       #test
+       #       make check
+       #end
 end
 
 packages