From: Oliver Kurth Date: Wed, 10 Jun 2020 19:05:46 +0000 (-0700) Subject: open-vm-tools: add distribution specific pam config files X-Git-Tag: stable-11.2.0~151 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=013e0137786b28fef01bf3a09d79087d656e8f6e;p=thirdparty%2Fopen-vm-tools.git open-vm-tools: add distribution specific pam config files Add distribution specific pam config files for Debian/Ubuntu, SuSE and Redhat/Fedora/CentOS. Install a generic file by default, with comments to KB article. The distribution files are intended to be used by OS vendors in their open-vm-tools packages. --- diff --git a/open-vm-tools/pam/debian b/open-vm-tools/pam/debian new file mode 100644 index 000000000..f7937c62d --- /dev/null +++ b/open-vm-tools/pam/debian @@ -0,0 +1,7 @@ +# PAM configuration for vmtoolsd + +@include common-auth + +account required pam_shells.so +@include common-account + diff --git a/open-vm-tools/scripts/linux/pam.d/vmtoolsd b/open-vm-tools/pam/generic similarity index 63% rename from open-vm-tools/scripts/linux/pam.d/vmtoolsd rename to open-vm-tools/pam/generic index 1c860ac11..2e06dcb08 100644 --- a/open-vm-tools/scripts/linux/pam.d/vmtoolsd +++ b/open-vm-tools/pam/generic @@ -1,4 +1,6 @@ -#%PAM-1.0 +# This is a generic pam config file for open-vm-tools +# See https://kb.vmware.com/s/article/78251 for advice to use +# common authentication mechanisms. auth required pam_shells.so auth sufficient pam_unix.so shadow auth required pam_unix_auth.so shadow diff --git a/open-vm-tools/pam/redhat b/open-vm-tools/pam/redhat new file mode 100644 index 000000000..f2115b89e --- /dev/null +++ b/open-vm-tools/pam/redhat @@ -0,0 +1,6 @@ +auth required pam_shells.so +auth substack password-auth +auth include postlogin +account required pam_nologin.so +account include password-auth + diff --git a/open-vm-tools/pam/suse b/open-vm-tools/pam/suse new file mode 100644 index 000000000..5b0c3c80f --- /dev/null +++ b/open-vm-tools/pam/suse @@ -0,0 +1,6 @@ +auth required pam_shells.so +auth requisite pam_nologin.so +auth [user_unknown=ignore success=ok ignore=ignore auth_err=die default=bad] pam_securetty.so +auth include common-auth +account include common-account + diff --git a/open-vm-tools/services/vmtoolsd/Makefile.am b/open-vm-tools/services/vmtoolsd/Makefile.am index e0d1a5b00..c2ac93a01 100644 --- a/open-vm-tools/services/vmtoolsd/Makefile.am +++ b/open-vm-tools/services/vmtoolsd/Makefile.am @@ -1,5 +1,5 @@ ################################################################################ -### Copyright (C) 2009-2019 VMware, Inc. All rights reserved. +### Copyright (C) 2009-2020 VMware, Inc. All rights reserved. ### ### This program is free software; you can redistribute it and/or modify ### it under the terms of version 2 of the GNU General Public License as @@ -16,8 +16,6 @@ ################################################################################ bin_PROGRAMS = vmtoolsd -pamdir = $(PAM_PREFIX)/pam.d - vmtoolsd_CPPFLAGS = vmtoolsd_CPPFLAGS += @VMTOOLS_CPPFLAGS@ @@ -73,19 +71,16 @@ else vmtoolsd_LINK = $(LINK) endif -# PAM support is currently only available for Linux, so HAVE_PAM is only -# defined for that OS. -if HAVE_PAM -pam_SCRIPTS = $(top_srcdir)/scripts/linux/pam.d/vmtoolsd -endif HAVE_PAM - # Message catalogs. install-data-hook: @INSTVMSG@ vmtoolsd $(srcdir)/l10n $(DESTDIR)$(datadir) install-exec-hook: $(INSTALL) -d $(DESTDIR)/etc/vmware-tools + $(INSTALL) -d $(DESTDIR)/$(PAM_PREFIX)/pam.d/ + $(INSTALL) $(top_srcdir)/pam/generic $(DESTDIR)/$(PAM_PREFIX)/pam.d/vmtoolsd uninstall-hook: + rm -f $(DESTDIR)/$(PAM_PREFIX)/pam.d/vmtoolsd rm -rf $(DESTDIR)/etc/vmware-tools