diff --git a/README.md b/README.md index 307afab..3e30511 100644 --- a/README.md +++ b/README.md @@ -1,2 +1,4 @@ # pam +PAM (Pluggable Authentication Modules) is a system security tool which allows system administrators to set authentication policy without having to recompile programs which do authentication. + diff --git a/pam-0.77-pam_unix2.conf b/pam-0.77-pam_unix2.conf new file mode 100644 index 0000000..71c486a --- /dev/null +++ b/pam-0.77-pam_unix2.conf @@ -0,0 +1,14 @@ +diff -Nru Linux-PAM-0.78.orig/pam_unix2-1.25/etc/pam_unix2.conf Linux-PAM-0.78/pam_unix2-1.25/etc/pam_unix2.conf +--- Linux-PAM-0.78.orig/pam_unix2-1.25/etc/pam_unix2.conf 2005-03-07 16:54:10.000000000 +0100 ++++ Linux-PAM-0.78/pam_unix2-1.25/etc/pam_unix2.conf 2005-03-07 16:54:58.000000000 +0100 +@@ -27,7 +27,7 @@ + # password: nullok blowfish crypt_rounds=8 + # session: none + # +-auth: +-account: +-password: ++auth: use_ldap nullok ++account: use_ldap ++password: use_ldap nullok + session: none diff --git a/pam-0.99.7.1-cracklib_module.patch b/pam-0.99.7.1-cracklib_module.patch new file mode 100644 index 0000000..17f29b5 --- /dev/null +++ b/pam-0.99.7.1-cracklib_module.patch @@ -0,0 +1,72 @@ +diff -Nru Linux-PAM-0.99.7.1.orig/modules/pam_cracklib/pam_cracklib.c Linux-PAM-0.99.7.1/modules/pam_cracklib/pam_cracklib.c +--- Linux-PAM-0.99.7.1.orig/modules/pam_cracklib/pam_cracklib.c 2003-05-05 15:24:08.000000000 +0200 ++++ Linux-PAM-0.99.7.1/modules/pam_cracklib/pam_cracklib.c 2007-06-24 13:30:47.000000000 +0200 +@@ -30,7 +30,7 @@ + * S.A.G. in the section on the cracklib module. + */ + +-#include "../../_pam_aconf.h" ++#include "../../config.h" + + #include + #ifdef HAVE_CRYPT_H +diff -Nru Linux-PAM-0.99.7.1.orig/modules/pam_cracklib/pam_cracklib.c.cracklib-distance Linux-PAM-0.99.7.1/modules/pam_cracklib/pam_cracklib.c.cracklib-distance +--- Linux-PAM-0.99.7.1.orig/modules/pam_cracklib/pam_cracklib.c.cracklib-distance 2003-05-05 15:24:08.000000000 +0200 ++++ Linux-PAM-0.99.7.1/modules/pam_cracklib/pam_cracklib.c.cracklib-distance 2007-06-24 13:30:47.000000000 +0200 +@@ -29,7 +29,7 @@ + * S.A.G. in the section on the cracklib module. + */ + +-#include "../../_pam_aconf.h" ++#include "../../config.h" + + #include + #ifdef HAVE_CRYPT_H +diff -Nru Linux-PAM-0.99.7.1.orig/modules/pam_cracklib/pam_cracklib.c.cracklib-init Linux-PAM-0.99.7.1/modules/pam_cracklib/pam_cracklib.c.cracklib-init +--- Linux-PAM-0.99.7.1.orig/modules/pam_cracklib/pam_cracklib.c.cracklib-init 2003-05-05 15:24:08.000000000 +0200 ++++ Linux-PAM-0.99.7.1/modules/pam_cracklib/pam_cracklib.c.cracklib-init 2007-06-24 13:30:47.000000000 +0200 +@@ -30,7 +30,7 @@ + * S.A.G. in the section on the cracklib module. + */ + +-#include "../../_pam_aconf.h" ++#include "../../config.h" + + #include + #ifdef HAVE_CRYPT_H +diff -Nru Linux-PAM-0.99.7.1.orig/modules/pam_cracklib/pam_cracklib.c.headers Linux-PAM-0.99.7.1/modules/pam_cracklib/pam_cracklib.c.headers +--- Linux-PAM-0.99.7.1.orig/modules/pam_cracklib/pam_cracklib.c.headers 2001-02-10 23:15:23.000000000 +0100 ++++ Linux-PAM-0.99.7.1/modules/pam_cracklib/pam_cracklib.c.headers 2007-06-24 13:30:47.000000000 +0200 +@@ -29,7 +29,7 @@ + * S.A.G. in the section on the cracklib module. + */ + +-#include ++#include + + #include + #ifdef HAVE_CRYPT_H +diff -Nru Linux-PAM-0.99.7.1.orig/modules/pam_cracklib/pam_cracklib.c.reentrant Linux-PAM-0.99.7.1/modules/pam_cracklib/pam_cracklib.c.reentrant +--- Linux-PAM-0.99.7.1.orig/modules/pam_cracklib/pam_cracklib.c.reentrant 2003-05-05 15:24:08.000000000 +0200 ++++ Linux-PAM-0.99.7.1/modules/pam_cracklib/pam_cracklib.c.reentrant 2007-06-24 13:30:47.000000000 +0200 +@@ -30,7 +30,7 @@ + * S.A.G. in the section on the cracklib module. + */ + +-#include "../../_pam_aconf.h" ++#include "../../config.h" + + #include + #ifdef HAVE_CRYPT_H +diff -Nru Linux-PAM-0.99.7.1.orig/modules/pam_cracklib/pam_cracklib.c.string Linux-PAM-0.99.7.1/modules/pam_cracklib/pam_cracklib.c.string +--- Linux-PAM-0.99.7.1.orig/modules/pam_cracklib/pam_cracklib.c.string 2003-05-05 15:24:08.000000000 +0200 ++++ Linux-PAM-0.99.7.1/modules/pam_cracklib/pam_cracklib.c.string 2007-06-24 13:30:47.000000000 +0200 +@@ -29,7 +29,7 @@ + * S.A.G. in the section on the cracklib module. + */ + +-#include "../../_pam_aconf.h" ++#include "../../config.h" + + #include + #ifdef HAVE_CRYPT_H diff --git a/pam-1.1.3-limits.patch b/pam-1.1.3-limits.patch new file mode 100644 index 0000000..3c159d7 --- /dev/null +++ b/pam-1.1.3-limits.patch @@ -0,0 +1,14 @@ +diff -Nru Linux-PAM-1.1.3.orig//modules/pam_limits/limits.conf Linux-PAM-1.1.3/modules/pam_limits/limits.conf +--- Linux-PAM-1.1.3.orig//modules/pam_limits/limits.conf 2008-01-08 15:49:05.000000000 +0100 ++++ Linux-PAM-1.1.3/modules/pam_limits/limits.conf 2011-03-23 18:05:33.439639008 +0100 +@@ -47,4 +47,10 @@ + #ftp hard nproc 0 + #@student - maxlogins 4 + ++* - rtprio 0 ++* - nice 0 ++* - nofile 16384 ++@audio - rtprio 99 ++@audio - nice -10 ++@audio - memlock 128000 + # End of file diff --git a/pam-1.1.6-glibc-2.16.patch b/pam-1.1.6-glibc-2.16.patch new file mode 100644 index 0000000..cddda35 --- /dev/null +++ b/pam-1.1.6-glibc-2.16.patch @@ -0,0 +1,29 @@ +From 18da0c4763f5e079f8b2df45fa462b0b70b6fd3a Mon Sep 17 00:00:00 2001 +From: "Jory A. Pratt" +Date: Sun, 7 Oct 2012 11:44:17 -0700 +Subject: [PATCH] Fix building with GLIBC 2.16 and SELinux. +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + + +Signed-off-by: Diego Elio Pettenò +--- + modules/pam_unix/pam_unix_passwd.c | 1 + + 1 file modificato, 1 inserzione(+) + +diff --git a/modules/pam_unix/pam_unix_passwd.c b/modules/pam_unix/pam_unix_passwd.c +index 9e1302d..b5f5ae9 100644 +--- a/modules/pam_unix/pam_unix_passwd.c ++++ b/modules/pam_unix/pam_unix_passwd.c +@@ -46,6 +46,7 @@ + #include + #include + #include ++#include + #include + #include + #include +-- +1.7.12 + diff --git a/pam-group.conf b/pam-group.conf new file mode 100644 index 0000000..e93ad42 --- /dev/null +++ b/pam-group.conf @@ -0,0 +1,64 @@ +## +## Note, to get this to work as it is currently typed you need +## +## 1. to run an application as root +## 2. add the following groups to the /etc/group file: +## floppy, games, sound +## +# +# *** Please note that giving group membership on a session basis is +# *** NOT inherently secure. If a user can create an executable that +# *** is setgid a group that they are infrequently given membership +# *** of, they can basically obtain group membership any time they +# *** like. Example: games are allowed between the hours of 6pm and 6am +# *** user joe logs in at 7pm writes a small C-program toplay.c that +# *** invokes their favorite shell, compiles it and does +# *** "chgrp games toplay; chmod g+s toplay". They are basically able +# *** to play games any time... You have been warned. AGM +# +# this is an example configuration file for the pam_group module. Its +# syntax is based on that of the pam_time module and (at some point in +# the distant past was inspired by the 'shadow' package) +# +# the syntax of the lines is as follows: +# +# services;ttys;users;times;groups +# +# white space is ignored and lines maybe extended with '\\n' (escaped +# newlines). From reading these comments, it is clear that +# text following a '#' is ignored to the end of the line. +# +# the first four fields are described in the pam_time directory. +# The only difference for these is how the time field is interpretted: +# it is used to indicate "when" these groups are to be given to the user. +# +# groups +# The (comma or space separated) list of groups that the user +# inherits membership of. These groups are added if the previous +# fields are satisfied by the user's request +# + +# +# Here is a simple example: running 'xsh' on tty* (any ttyXXX device), +# the user 'us' is given access to the floppy (through membership of +# the floppy group) +# + +#xsh;tty*&!ttyp*;us;Al0000-2400;floppy + +# +# another example: running 'xsh' on tty* (any ttyXXX device), +# the user 'sword' is given access to games (through membership of +# the floppy group) after work hours +# + +#xsh; tty* ;sword;!Wk0900-1800;games, sound +#xsh; tty* ;*;Al0900-1800;floppy + +# +# End of group.conf file +# +kde;*;*;Al0000-2400;audio,video,floppy,cdrecording,cdrom,dialout,camera,tty,scanner,plugdev,uucp,lp +kde-np;*;*;Al0000-2400;audio,video,floppy,cdrecording,cdrom,dialout,camera,tty,scanner,plugdev,uucp,lp +sshd;*;*;Al0000-2400;audio,video,floppy,cdrecording,cdrom,dialout,camera,tty,scanner,plugdev,uucp,lp + diff --git a/pam-system-auth b/pam-system-auth new file mode 100644 index 0000000..e4c2b09 --- /dev/null +++ b/pam-system-auth @@ -0,0 +1,19 @@ +#%PAM-1.0 +auth required pam_env.so +auth required pam_shells.so +auth sufficient pam_unix.so +#auth sufficient pam_winbind.so use_first_pass +auth required pam_deny.so + +#account sufficient pam_winbind.so +account required pam_unix.so + +password required pam_cracklib.so retry=3 minlen=4 dcredit=2 ucredit=2 +password sufficient pam_unix.so shadow md5 use_authtok +password required pam_deny.so + +session required pam_limits.so +session required pam_unix.so +session required pam_mkhomedir.so +session optional pam_loginuid.so +session optional pam_systemd.so controllers= diff --git a/pam-system-auth-noshell b/pam-system-auth-noshell new file mode 100644 index 0000000..287f412 --- /dev/null +++ b/pam-system-auth-noshell @@ -0,0 +1,16 @@ +#%PAM-1.0 +auth required pam_env.so +auth sufficient pam_unix.so nullok use_ldap +auth required pam_deny.so + +account required pam_unix.so + +password required pam_cracklib.so retry=3 minlen=4 dcredit=2 ucredit=2 +password sufficient pam_unix.so shadow md5 use_authtok +password required pam_deny.so + +session required pam_limits.so +session required pam_unix.so +session required pam_mkhomedir.so +session optional pam_loginuid.so +session optional pam_systemd.so controllers= diff --git a/pam.spec b/pam.spec new file mode 100644 index 0000000..c4a1e36 --- /dev/null +++ b/pam.spec @@ -0,0 +1,411 @@ +%define group_audio 11 +%define group_cdrecording 12 +%define group_cdrom 19 +%define group_video 24 +%define group_camera 22 +%define group_scanner 23 + +%define pwcheck_ver 3.12.1 +%define unix2_ver 2.6 + +Name: pam +Version: 1.1.8 +Release: 3mamba +Summary: Utilities for monitoring your system and processes on your system +Group: System/Libraries +Vendor: openmamba +Distribution: openmamba +Packager: Silvan Calarco +URL: http://www.linux-pam.org +Source: http://linux-pam.org/library/Linux-PAM-%{version}.tar.bz2 +#Source1: pam.conf +Source2: pam_other +Source3: pam-system-auth +Source4: pam-module-stack.tar.bz2 +Source5: pam-module-cracklib.tar.bz2 +Source6: pam-modules-redhat.tar.bz2 +Source7: pam-module-console.tar.bz2 +Source8: pam-system-auth-noshell +Source9: ftp://ftp.suse.com/pub/people/kukuk/pam/pam_pwcheck/pam_pwcheck-%{pwcheck_ver}.tar.bz2 +Source10: ftp://ftp.suse.com/pub/people/kukuk/pam/pam_unix2/pam_unix2-%{unix2_ver}.tar.bz2 +Source11: pam-group.conf +Patch0: %{name}-0.77-pam_unix2.conf +Patch1: %{name}-0.99.7.1-cracklib_module.patch +Patch2: %{name}-1.1.3-limits.patch +Patch3: pam-1.1.6-glibc-2.16.patch +License: GPL, BSD +## AUTOBUILDREQ-BEGIN +BuildRequires: glibc-devel +BuildRequires: libaudit-devel +BuildRequires: libcrack-devel +%if "%{?bootstrap}" != "1" +BuildRequires: libselinux-devel +%endif +BuildRequires: libtirpc-devel +BuildRequires: libz-devel +## AUTOBUILDREQ-END +%if "%{?bootstrap}" != "1" +BuildRequires: linuxdoc-tools >= 0.9.21 +%endif +BuildRequires: flex +BuildRequires: libfl-devel +BuildRequires: gettext-devel +#BuildRequires: libprelude-devel >= 0.9.14 +BuildRequires: libtirpc-devel >= 0.2.2-2mamba +Requires: libtirpc >= 0.2.2-2mamba +Requires: systemd-core +Requires(post):pwdutils +Requires(post):setup +Requires(post): lib%{name} = %{?epoch:%epoch:}%{version}-%{release} +Obsoletes: pam-doc +BuildRoot: %{_tmppath}/%{name}-%{version}-root + +%description +PAM (Pluggable Authentication Modules) is a system security tool which allows system administrators to set authentication policy without having to recompile programs which do authentication. + +%package -n lib%{name} +Group: System/Libraries +Summary: Shared libraries for %{name} + +%description -n lib%{name} +PAM (Pluggable Authentication Modules) is a system security tool which allows system administrators to set authentication policy without having to recompile programs which do authentication. +This package contains shared libraries for %{name}. + +%package -n libpam-devel +Summary: Development headers and libraries for pam +Group: Development/Libraries +Requires: lib%{name} = %{?epoch:%epoch:}%{version}-%{release} +Provides: pam-devel +Obsoletes: pam-devel + +%description -n libpam-devel +PAM (Pluggable Authentication Modules) is a system security tool which allows system administrators to set authentication policy without having to recompile programs which do authentication. +This package containts the development headers and libraries for pam. + +%package -n pam-doc +Summary: Documentation files for pam +Group: Documentation +Requires: %{name} = %{version}-%{release} + +%description -n pam-doc +PAM (Pluggable Authentication Modules) is a system security tool which allows system administrators to set authentication policy without having to recompile programs which do authentication. +This package contains the documentation files in html, pdf and postscript formats. + +%prep +%setup -q -a4 -a5 -a9 -a10 -n Linux-PAM-%{version} +%patch1 -p1 +%patch2 -p1 +%patch3 -p1 + +%build +%configure \ + --disable-prelude \ + --with-mailspool=/var/mail \ + --libdir=/%{_lib} \ + --with-db-uniquename=db51 +# --enable-both-confs + +%if "%{_host}" != "%{_build}" +%make || %make +%else +%make +%endif + +%install +[ "%{buildroot}" != / ] && rm -rf %{buildroot} +%makeinstall \ + includedir=%{_includedir}/security \ + namespaceddir=%{buildroot}%{_sysconfdir}/security \ + sepermitlockdir=%{buildroot}%{_localstatedir}/run/sepermit + +install -D -m 644 %{S:2} %{buildroot}%{_sysconfdir}/pam.d/other +install -D -m 644 %{S:3} %{buildroot}%{_sysconfdir}/pam.d/system-auth +install -D -m 644 %{S:8} %{buildroot}%{_sysconfdir}/pam.d/system-auth-noshell + +install -D -m 644 %{S:11} %{buildroot}%{_sysconfdir}/security/group.conf + +for d in `find modules/pam_* -maxdepth 0 -type d -printf "%f "`; do + [ -e modules/$d/README ] && \ + install -m 644 modules/$d/README README.$d +done +#install -m 644 conf/pam.conf pam.conf-example +#install -m 644 modules/pam_env/pam_env.conf-example pam_env.conf-example + +#% makeinstall -C pam_pwcheck-%{pwcheck_ver} +#% makeinstall -C pam_unix2-%{unix2_ver} + +#sed -i "s|CRYPT=.*|CRYPT=md5|" %{buildroot}/etc/default/passwd + +#%find_lang pam_unix2 +#cat pam_unix2.lang > %{name}.lang +#%find_lang pam_pwcheck +#cat pam_pwcheck.lang >> %{name}.lang + +%find_lang Linux-PAM + +%clean +[ "%{buildroot}" != / ] && rm -rf %{buildroot} + +%post +if [ $1 -ge 1 ]; then + groupadd audio -g %{group_audio} 2>/dev/null + groupadd cdrecording -g %{group_cdrecording} 2>/dev/null + groupadd cdrom -g %{group_cdrom} 2>/dev/null + groupadd video -g %{group_video} 2>/dev/null + groupadd camera -g %{group_camera} 2>/dev/null + groupadd scanner -g %{group_scanner} 2>/dev/null + + sed -i "s|required[ \t]*pam_stack.so service=system-auth|include system-auth|" %{_sysconfdir}/pam.d/* +fi +if [ $1 -gt 1 ]; then + grep pam_systemd %{_sysconfdir}/pam.d/system-auth >/dev/null || { + cat >> %{_sysconfdir}/pam.d/system-auth << _EOF +session optional pam_loginuid.so +session optional pam_systemd.so controllers= +_EOF + + cat >> %{_sysconfdir}/pam.d/system-auth-noshell << _EOF +session optional pam_loginuid.so +session optional pam_systemd.so controllers= +_EOF + } +fi +exit 0 + +%post -n libpam +/sbin/ldconfig +: + +%postun -n libpam +/sbin/ldconfig +: + +%files -f Linux-PAM.lang +%defattr(-,root,root) +%dir %{_sysconfdir}/pam.d +%config %{_sysconfdir}/pam.d/other +%config(noreplace) %{_sysconfdir}/pam.d/system-auth +%config(noreplace) %{_sysconfdir}/pam.d/system-auth-noshell +%config %{_sysconfdir}/security/*.conf +%{_sysconfdir}/environment +%{_sysconfdir}/security/namespace.init +%attr(2755,root,shadow) %{_sbindir}/unix_chkpwd +%{_sbindir}/unix_update +%{_sbindir}/pam_tally +%{_sbindir}/pam_tally2 +%{_sbindir}/pam_timestamp_check +%{_sbindir}/mkhomedir_helper +%{_mandir}/*/* +%{_docdir}/Linux-PAM/* +#%doc pam.conf-example pam_env.conf-example + +%files -n libpam +%defattr(-,root,root) +/%{_lib}/libpam*.so.* +%dir /%{_lib}/security +/%{_lib}/security/pam*.la +/%{_lib}/security/pam*.so +/%{_lib}/security/pam_filter/upperLOWER +%doc Copyright + +%files -n libpam-devel +%defattr(-,root,root) +%{_includedir}/security/*.h +/%{_lib}/libpam*.la +/%{_lib}/libpam*.so +%doc CHANGELOG README* + +#%if "%{?bootstrap}" != "1" +#%files doc +#%defattr(-,root,root) +#%dir %{_datadir}/doc/pam +#%dir %{_docdir}/pam/html +#%{_docdir}/pam/html/* +#%dir %{_docdir}/pam/pdf +#%{_docdir}/pam/pdf/* +#%dir %{_docdir}/pam/ps +#%{_docdir}/pam/ps/* +#%dir %{_docdir}/pam/text +#%{_docdir}/pam/text/* +#%endif + +%changelog +* Fri Apr 11 2014 Silvan Calarco 1.1.8-3mamba +- move libraries to libpam and rename pam-devel to libpam-devel + +* Sun Feb 09 2014 Silvan Calarco 1.1.8-2mamba +- x86_64: install in /%{_lib} not /lib + +* Thu Sep 19 2013 Automatic Build System 1.1.8-1mamba +- automatic update by autodist + +* Fri Apr 26 2013 Silvan Calarco 1.1.6-5mamba +- system-auth: remove winbind entries in default configuration + +* Sat Apr 06 2013 Silvan Calarco 1.1.6-4mamba +- require(post) setup before creating groups + +* Thu Mar 21 2013 Silvan Calarco 1.1.6-3mamba +- configure system-auth and system-auth-noshell in %post script as they are config(noreplace) files + +* Thu Mar 21 2013 Silvan Calarco 1.1.6-2mamba +- system-auth and system-auth-noshell updated with systemd support +- require systemd-core + +* Sun Dec 02 2012 Automatic Build System 1.1.6-1mamba +- update to 1.1.6 + +* Wed Sep 26 2012 Silvan Calarco 1.1.4-2mamba +- don't replace /etc/pam.d/system-auth /etc/pam.d/system-auth-noshell /etc/pam.d/system-auth.rpmsave and /etc/pam.d/others configuration files on update + +* Tue Aug 30 2011 Automatic Build System 1.1.4-1mamba +- automatic version update by autodist + +* Wed Mar 23 2011 Silvan Calarco 1.1.3-2mamba +- limits patch updated to set nofile to 16384 as suggested by samba + +* Thu Nov 11 2010 Automatic Build System 1.1.3-1mamba +- automatic update by autodist + +* Fri Oct 01 2010 Automatic Build System 1.1.2-1mamba +- automatic update by autodist + +* Thu Jul 22 2010 Silvan Calarco 1.1.1-2mamba +- create cdrom group and add it to pam-group.conf + +* Fri Jan 15 2010 Automatic Build System 1.1.1-1mamba +- automatic update by autodist + +* Sat Jul 18 2009 Silvan Calarco 1.1.0-2mamba +- pam-group.conf: add lp group for kde and ssh users + +* Fri Jun 26 2009 Automatic Build System 1.1.0-1mamba +- automatic update by autodist + +* Sat May 02 2009 Silvan Calarco 1.0.4-2mamba +- set unix_chkpwd sgid shadow + +* Fri Mar 27 2009 Silvan Calarco 1.0.4-1mamba +- automatic update by autodist + +* Wed Jan 21 2009 Silvan Calarco 1.0.3-1mamba +- automatic update by autodist + +* Thu Sep 18 2008 Silvan Calarco 1.0.2-1mamba +- update to 1.0.2 +- pam_pwcheck: 3.12.1 +- pam_unix2: 2.6 + +* Wed Jun 25 2008 Silvan Calarco 1.0.1-2mamba +- added group configuration for kde-np (autologin) + +* Sun Jun 22 2008 Silvan Calarco 1.0.1-1mamba +- update to 1.0.1 +- add uucp group to logged in users + +* Mon Jan 21 2008 Silvan Calarco 0.99.8.1-3mamba +- use /lib as libdir + +* Fri Sep 21 2007 Silvan Calarco 0.99.8.1-2mamba +- /etc/security/limits.conf: set limits for audio group + +* Sun Jul 22 2007 Silvan Calarco 0.99.8.1-1mamba +- update to 0.99.8.1 + +* Sun Jun 24 2007 Silvan Calarco 0.99.7.1-1mamba +- update to 0.99.7.1 +- removed pw_check and unix2 modules +- removed obsolete pam_stack module + +* Fri May 26 2006 Davide Madrisan 0.81-2qilnx +- updated pam_system-auth to fix qibug#174 + +* Mon Jan 30 2006 Silvan Calarco 0.81-1qilnx +- update to version 0.81 by autospec + +* Mon Dec 05 2005 Davide Madrisan 0.80-2qilnx +- fixed CAN-2005-2977 (qibug#59) + +* Fri Jul 29 2005 Davide Madrisan 0.80-1qilnx +- update to version 0.80 by autospec + +* Mon Jul 18 2005 Silvan Calarco 0.78-11qilnx +- force update with new rpm version so that %%config works correctly + +* Thu May 17 2005 Silvan Calarco 0.78-10qilnx +- fix in the upgrade script + +* Thu May 17 2005 Silvan Calarco 0.78-9qilnx +- release for upgrade test only + +* Tue May 17 2005 Silvan Calarco 0.78-8qilnx +- plugins moved to /lib/security +- added creation of groups audio,cdrecording,video,camera,scanner +- added video in /etc/security/group.conf + +* Tue Mar 29 2005 Silvan Calarco 0.78-7qilnx +- added default group.conf security configuration file for kde and ssh + +* Mon Mar 07 2005 Silvan Calarco 0.78-6qilnx +- configured /etc/security/pam_unix2.conf with system defaults + +* Fri Mar 04 2005 Silvan Calarco 0.78-5qilnx +- set CRYPT=md5 in /etc/default/passwd + +* Fri Mar 04 2005 Silvan Calarco 0.78-4qilnx +- pam.d/system_auth: use pam_unix2.so for auth/acc/pass/session handling + +* Thu Mar 03 2005 Silvan Calarco 0.78-3qilnx +- pam_unix2 and pam_pwcheck modules updated + +* Fri Feb 25 2005 Silvan Calarco 0.78-2qilnx +- added missing *.so links + +* Tue Feb 15 2005 Silvan Calarco 0.78-1qilnx +- new version build + +* Tue Oct 26 2004 Silvan Calarco 0.77-13qilnx +- added pam_unix2 and pam_pwcheck for better LDAP integration (pwutils) + +* Fri May 28 2004 Silvan Calarco 0.77-12qilnx +- added pam_shells.so in system_auth authentication not to allow + authentication to non shell users +- added system_auth-noshell for authentication services without shell + requirement + +* Wed Nov 19 2003 Davide Madrisan 0.77-11qilnx +- Added missing requirements in pam-devel, typos fixes, specfile updates + +* Tue Sep 30 2003 Silvan Calarco 0.77-10qilnx +- added support for pam_mkhomedir in system-auth + +* Fri Jul 04 2003 Silvan Calarco 0.77-9qilnx +- added patch for pam_group so it reads correctly its configuration file + +* Thu Jun 26 2003 Silvan Calarco 0.77-8qilnx +- added redhat modules (pam_console, xauth...) [ just inclusion because + they don't compile yet] +- added ldap accounting in /etc/pam.d/system_auth + +* Wed May 07 2003 Silvan Calarco 0.77-7qilnx +- Removed /etc/pam.conf file +- added default ldap support to system-auth file + +* Wed May 07 2003 Alessandro Ramazzina 0.77-6qilnx +- Added cracklib and cracklib-devel requires + +* Tue May 06 2003 Silvan Calarco 0.77-5qilnx +- Added cracklib module + +* Tue May 06 2003 Silvan Calarco 0.77-4qilnx +- Fixed a static libaries creation error (enable-static-libpam) + +* Mon May 05 2003 Silvan Calarco 0.77-3qilnx +- Added pam_stack module +- Added inclusion of development libraries + +* Mon May 05 2003 Silvan Calarco +- Removed paths from pam.d/* files + +* Thu Apr 17 2003 Mirko Cortillaro +- write a spec file for Linux-PAM diff --git a/pam_other b/pam_other new file mode 100644 index 0000000..c286c82 --- /dev/null +++ b/pam_other @@ -0,0 +1,5 @@ +#%PAM-1.0 +auth required pam_deny.so +account required pam_deny.so +password required pam_deny.so +session required pam_deny.so