%define group_audio 11 %define group_cdrecording 12 %define group_cdrom 19 %define group_video 24 %define group_camera 22 %define group_scanner 23 %define pwcheck_ver 3.12.1 %define unix2_ver 2.6 Name: pam Version: 1.6.1 Release: 1mamba Summary: Utilities for monitoring your system and processes on your system Group: System/Libraries Vendor: openmamba Distribution: openmamba Packager: Silvan Calarco URL: https://github.com/linux-pam/linux-pam Source: https://github.com/linux-pam/linux-pam.git/v%{version}/linux-pam-%{version}.tar.bz2 Source2: pam_other Source3: pam-system-auth Source4: pam-module-stack.tar.bz2 Source5: pam-module-cracklib.tar.bz2 Source6: pam-modules-redhat.tar.bz2 Source7: pam-module-console.tar.bz2 Source8: pam-system-auth-noshell Source11: pam-group.conf Source12: macros.pam Patch1: %{name}-0.99.7.1-cracklib_module.patch Patch2: %{name}-1.1.3-limits.patch Patch3: pam-1.1.6-glibc-2.16.patch Patch4: pam-1.2.1-limits-disable-cores.patch License: GPL, BSD ## AUTOBUILDREQ-BEGIN BuildRequires: glibc-devel BuildRequires: ldconfig BuildRequires: libaudit-devel BuildRequires: libcap-ng-devel BuildRequires: libe2fs-devel BuildRequires: libkrb5-devel BuildRequires: libnsl-devel %if "%{?bootstrap}" != "1" BuildRequires: libselinux-devel %endif BuildRequires: libtirpc-devel ## AUTOBUILDREQ-END BuildRequires: libcrack-devel BuildRequires: libtirpc-devel BuildRequires: libz-devel %if "%{?bootstrap}" != "1" BuildRequires: linuxdoc-tools >= 0.9.21 %endif BuildRequires: flex BuildRequires: libfl-devel BuildRequires: gettext-devel BuildRequires: elinks #BuildRequires: libprelude-devel >= 0.9.14 BuildRequires: libtirpc-devel >= 0.2.2-2mamba Requires: libtirpc >= 0.2.2-2mamba Requires: systemd-core # For pam_pwquality replacing pam_cracklib Requires: libpwquality Requires(post): pwdutils Requires(post): setup Requires(post): lib%{name} = %{?epoch:%epoch:}%{version}-%{release} %description PAM (Pluggable Authentication Modules) is a system security tool which allows system administrators to set authentication policy without having to recompile programs which do authentication. %package -n lib%{name} Group: System/Libraries Summary: Shared libraries for %{name} %description -n lib%{name} PAM (Pluggable Authentication Modules) is a system security tool which allows system administrators to set authentication policy without having to recompile programs which do authentication. This package contains shared libraries for %{name}. %package -n libpam-devel Summary: Development headers and libraries for pam Group: Development/Libraries Requires: lib%{name} = %{?epoch:%epoch:}%{version}-%{release} Provides: pam-devel Obsoletes: pam-devel < 1.5.2-2mamba %description -n libpam-devel PAM (Pluggable Authentication Modules) is a system security tool which allows system administrators to set authentication policy without having to recompile programs which do authentication. This package containts the development headers and libraries for pam. %package -n pam-doc Summary: Documentation files for pam Group: Documentation Requires: %{name} = %{version}-%{release} %description -n pam-doc PAM (Pluggable Authentication Modules) is a system security tool which allows system administrators to set authentication policy without having to recompile programs which do authentication. This package contains the documentation files in html, pdf and postscript formats. %debug_package %prep %setup -q -a4 -a5 -n linux-pam-%{version} %patch 1 -p1 %patch 2 -p1 %patch 3 -p1 %patch 4 -p1 # FIXME: disable pdf generation until fop is fixed (since 1.5.2-2mamba) sed -i "s|\[fop\]|[fop_does_not_work]|" configure.ac ./autogen.sh %build %configure \ --includedir=%{_includedir}/security \ --disable-prelude \ --enable-cracklib \ --with-mailspool=/var/mail \ --disable-db # --with-db-uniquename=db53 \ # --enable-both-confs %if "%{_host}" != "%{_build}" %make || %make %else %make BROWSER="/usr/bin/elinks -no-numbering -no-references -dump" %endif %install [ "%{buildroot}" != / ] && rm -rf %{buildroot} %makeinstall \ includedir=%{_includedir}/security \ namespaceddir=%{buildroot}%{_sysconfdir}/security \ servicedir=%{_unitdir} \ sepermitlockdir=%{buildroot}%{_localstatedir}/run/sepermit install -D -m 644 %{S:2} %{buildroot}%{_sysconfdir}/pam.d/other install -D -m 644 %{S:3} %{buildroot}%{_sysconfdir}/pam.d/system-auth install -D -m 644 %{S:8} %{buildroot}%{_sysconfdir}/pam.d/system-auth-noshell install -D -m 644 %{S:11} %{buildroot}%{_sysconfdir}/security/group.conf for d in `find modules/pam_* -maxdepth 0 -type d -printf "%f "`; do [ -e modules/$d/README ] && \ install -m 644 modules/$d/README README.$d done ln -s system-auth %{buildroot}%{_sysconfdir}/pam.d/password-auth install -D -m0644 %{SOURCE12} %{buildroot}%{_rpmmacrodir}/macros.pam %find_lang Linux-PAM %clean [ "%{buildroot}" != / ] && rm -rf %{buildroot} %preun %systemd_preun pam_namespace : %post if [ $1 -ge 1 ]; then groupadd audio -g %{group_audio} 2>/dev/null groupadd cdrecording -g %{group_cdrecording} 2>/dev/null groupadd cdrom -g %{group_cdrom} 2>/dev/null groupadd video -g %{group_video} 2>/dev/null groupadd camera -g %{group_camera} 2>/dev/null groupadd scanner -g %{group_scanner} 2>/dev/null sed -i --follow-symlinks "s|required[ \t]*pam_stack.so service=system-auth|include system-auth|" %{_sysconfdir}/pam.d/* fi if [ $1 -gt 1 ]; then grep pam_systemd %{_sysconfdir}/pam.d/system-auth >/dev/null || { cat >> %{_sysconfdir}/pam.d/system-auth << _EOF session optional pam_loginuid.so session optional pam_systemd.so _EOF cat >> %{_sysconfdir}/pam.d/system-auth-noshell << _EOF session optional pam_loginuid.so session optional pam_systemd.so _EOF } fi %systemd_post pam_namespace : %postun %systemd_postun pam_namespace : %post -n libpam /sbin/ldconfig : %postun -n libpam /sbin/ldconfig : %posttrans sed -i "s|pam_cracklib.so|pam_pwquality.so|" %{_sysconfdir}/pam.d/system-auth{,-noshell} : %files -f Linux-PAM.lang %defattr(-,root,root) %dir %{_sysconfdir}/pam.d %config %{_sysconfdir}/pam.d/other %{_sysconfdir}/pam.d/password-auth %config(noreplace) %{_sysconfdir}/pam.d/system-auth %config(noreplace) %{_sysconfdir}/pam.d/system-auth-noshell %config %{_sysconfdir}/security/*.conf %{_sysconfdir}/environment %{_sysconfdir}/security/namespace.init %{_unitdir}/pam_namespace.service %attr(2755,root,shadow) %{_sbindir}/unix_chkpwd %{_sbindir}/faillock %{_sbindir}/unix_update %{_sbindir}/pam_namespace_helper #%{_sbindir}/pam_tally #%{_sbindir}/pam_tally2 %{_sbindir}/pam_timestamp_check %{_sbindir}/pwhistory_helper %{_sbindir}/mkhomedir_helper %{_mandir}/man5/*.5* %{_mandir}/man8/*.8* %files -n libpam %defattr(-,root,root) %{_libdir}/libpam*.so.* %dir %{_libdir}/security %{_libdir}/security/pam*.so %{_libdir}/security/pam_filter/upperLOWER %doc Copyright %files -n libpam-devel %defattr(-,root,root) %{_includedir}/security/*.h %{_libdir}/libpam*.so %{_libdir}/pkgconfig/pam*.pc %{_rpmmacrodir}/macros.pam %{_mandir}/man3/*.3* %doc CHANGELOG README* %files doc %defattr(-,root,root) %dir %{_docdir}/Linux-PAM %{_docdir}/Linux-PAM/* %changelog * Wed Apr 10 2024 Automatic Build System 1.6.1-1mamba - automatic version update by autodist * Sun Apr 07 2024 Silvan Calarco 1.6.0-2mamba - pam-system-auth[-noshell]: set pam_limits optional to fix behaviour in docker container * Thu Jan 18 2024 Automatic Build System 1.6.0-1mamba - automatic version update by autodist * Tue May 09 2023 Automatic Build System 1.5.3-1mamba - automatic version update by autodist * Mon Nov 21 2022 Silvan Calarco 1.5.2-3mamba - install rpm macros file * Wed Nov 16 2022 Silvan Calarco 1.5.2-2mamba - fix include dir in pkgconfig files - restore pam-doc and move documentation files from main pam package * Mon Sep 13 2021 Automatic Build System 1.5.2-1mamba - automatic version update by autodist * Thu Jan 21 2021 Automatic Build System 1.5.1-1mamba - automatic version update by autodist * Fri Dec 18 2020 Silvan Calarco 1.5.0-3mamba - rebuilt with --with-db-uniquename=db53 * Wed Dec 16 2020 Silvan Calarco 1.5.0-2mamba - add directory /usr/lib/pam.d * Tue Nov 17 2020 Automatic Build System 1.5.0-1mamba - automatic version update by autodist * Thu Oct 15 2020 Silvan Calarco 1.4.0-2mamba - enable build of deprecated pam_cracklib but switch to configuring use of pam_pwquality * Wed Sep 09 2020 Automatic Build System 1.4.0-1mamba - automatic version update by autodist * Sat Jul 28 2018 Silvan Calarco 1.3.1-1mamba - update to 1.3.1 * Sat Nov 04 2017 Silvan Calarco 1.3.0-2mamba - group.conf: add sddm and gdm support * Fri Dec 16 2016 Automatic Build System 1.3.0-1mamba - automatic version update by autodist * Fri Mar 25 2016 Silvan Calarco 1.2.1-4mamba - disable core dumps in limits.conf (though not sure what changed to make cores appear recently) * Mon Oct 12 2015 Silvan Calarco 1.2.1-3mamba - add --follow-symlinks to %post sed or it will destroy password-auth symlink * Sat Oct 10 2015 Silvan Calarco 1.2.1-2mamba - add symlink password-auth to /etc/pam.d/system-auth * Sun Aug 16 2015 Automatic Build System 1.2.1-1mamba - automatic version update by autodist * Mon May 18 2015 Automatic Build System 1.2.0-1mamba - automatic version update by autodist * Thu Apr 16 2015 Silvan Calarco 1.1.8-6mamba - pam-group.conf: remove uucp * Fri Jun 27 2014 Silvan Calarco 1.1.8-5mamba - remove unexisting option controllers= to pam_systemd.so * Sun Jun 22 2014 Silvan Calarco 1.1.8-4mamba - pam-group.conf: remove removed plugdev group from list * Fri Apr 11 2014 Silvan Calarco 1.1.8-3mamba - move libraries to libpam and rename pam-devel to libpam-devel * Sun Feb 09 2014 Silvan Calarco 1.1.8-2mamba - x86_64: install in /%{_lib} not /lib * Thu Sep 19 2013 Automatic Build System 1.1.8-1mamba - automatic update by autodist * Fri Apr 26 2013 Silvan Calarco 1.1.6-5mamba - system-auth: remove winbind entries in default configuration * Sat Apr 06 2013 Silvan Calarco 1.1.6-4mamba - require(post) setup before creating groups * Thu Mar 21 2013 Silvan Calarco 1.1.6-3mamba - configure system-auth and system-auth-noshell in %post script as they are config(noreplace) files * Thu Mar 21 2013 Silvan Calarco 1.1.6-2mamba - system-auth and system-auth-noshell updated with systemd support - require systemd-core * Sun Dec 02 2012 Automatic Build System 1.1.6-1mamba - update to 1.1.6 * Wed Sep 26 2012 Silvan Calarco 1.1.4-2mamba - don't replace /etc/pam.d/system-auth /etc/pam.d/system-auth-noshell /etc/pam.d/system-auth.rpmsave and /etc/pam.d/others configuration files on update * Tue Aug 30 2011 Automatic Build System 1.1.4-1mamba - automatic version update by autodist * Wed Mar 23 2011 Silvan Calarco 1.1.3-2mamba - limits patch updated to set nofile to 16384 as suggested by samba * Thu Nov 11 2010 Automatic Build System 1.1.3-1mamba - automatic update by autodist * Fri Oct 01 2010 Automatic Build System 1.1.2-1mamba - automatic update by autodist * Thu Jul 22 2010 Silvan Calarco 1.1.1-2mamba - create cdrom group and add it to pam-group.conf * Fri Jan 15 2010 Automatic Build System 1.1.1-1mamba - automatic update by autodist * Sat Jul 18 2009 Silvan Calarco 1.1.0-2mamba - pam-group.conf: add lp group for kde and ssh users * Fri Jun 26 2009 Automatic Build System 1.1.0-1mamba - automatic update by autodist * Sat May 02 2009 Silvan Calarco 1.0.4-2mamba - set unix_chkpwd sgid shadow * Fri Mar 27 2009 Silvan Calarco 1.0.4-1mamba - automatic update by autodist * Wed Jan 21 2009 Silvan Calarco 1.0.3-1mamba - automatic update by autodist * Thu Sep 18 2008 Silvan Calarco 1.0.2-1mamba - update to 1.0.2 - pam_pwcheck: 3.12.1 - pam_unix2: 2.6 * Wed Jun 25 2008 Silvan Calarco 1.0.1-2mamba - added group configuration for kde-np (autologin) * Sun Jun 22 2008 Silvan Calarco 1.0.1-1mamba - update to 1.0.1 - add uucp group to logged in users * Mon Jan 21 2008 Silvan Calarco 0.99.8.1-3mamba - use /lib as libdir * Fri Sep 21 2007 Silvan Calarco 0.99.8.1-2mamba - /etc/security/limits.conf: set limits for audio group * Sun Jul 22 2007 Silvan Calarco 0.99.8.1-1mamba - update to 0.99.8.1 * Sun Jun 24 2007 Silvan Calarco 0.99.7.1-1mamba - update to 0.99.7.1 - removed pw_check and unix2 modules - removed obsolete pam_stack module * Fri May 26 2006 Davide Madrisan 0.81-2qilnx - updated pam_system-auth to fix qibug#174 * Mon Jan 30 2006 Silvan Calarco 0.81-1qilnx - update to version 0.81 by autospec * Mon Dec 05 2005 Davide Madrisan 0.80-2qilnx - fixed CAN-2005-2977 (qibug#59) * Fri Jul 29 2005 Davide Madrisan 0.80-1qilnx - update to version 0.80 by autospec * Mon Jul 18 2005 Silvan Calarco 0.78-11qilnx - force update with new rpm version so that %%config works correctly * Tue May 17 2005 Silvan Calarco 0.78-10qilnx - fix in the upgrade script * Tue May 17 2005 Silvan Calarco 0.78-9qilnx - release for upgrade test only * Tue May 17 2005 Silvan Calarco 0.78-8qilnx - plugins moved to /lib/security - added creation of groups audio,cdrecording,video,camera,scanner - added video in /etc/security/group.conf * Tue Mar 29 2005 Silvan Calarco 0.78-7qilnx - added default group.conf security configuration file for kde and ssh * Mon Mar 07 2005 Silvan Calarco 0.78-6qilnx - configured /etc/security/pam_unix2.conf with system defaults * Fri Mar 04 2005 Silvan Calarco 0.78-5qilnx - set CRYPT=md5 in /etc/default/passwd * Fri Mar 04 2005 Silvan Calarco 0.78-4qilnx - pam.d/system_auth: use pam_unix2.so for auth/acc/pass/session handling * Thu Mar 03 2005 Silvan Calarco 0.78-3qilnx - pam_unix2 and pam_pwcheck modules updated * Fri Feb 25 2005 Silvan Calarco 0.78-2qilnx - added missing *.so links * Tue Feb 15 2005 Silvan Calarco 0.78-1qilnx - new version build * Tue Oct 26 2004 Silvan Calarco 0.77-13qilnx - added pam_unix2 and pam_pwcheck for better LDAP integration (pwutils) * Fri May 28 2004 Silvan Calarco 0.77-12qilnx - added pam_shells.so in system_auth authentication not to allow authentication to non shell users - added system_auth-noshell for authentication services without shell requirement * Wed Nov 19 2003 Davide Madrisan 0.77-11qilnx - Added missing requirements in pam-devel, typos fixes, specfile updates * Tue Sep 30 2003 Silvan Calarco 0.77-10qilnx - added support for pam_mkhomedir in system-auth * Fri Jul 04 2003 Silvan Calarco 0.77-9qilnx - added patch for pam_group so it reads correctly its configuration file * Thu Jun 26 2003 Silvan Calarco 0.77-8qilnx - added redhat modules (pam_console, xauth...) [ just inclusion because they don't compile yet] - added ldap accounting in /etc/pam.d/system_auth * Wed May 07 2003 Silvan Calarco 0.77-7qilnx - Removed /etc/pam.conf file - added default ldap support to system-auth file * Wed May 07 2003 Alessandro Ramazzina 0.77-6qilnx - Added cracklib and cracklib-devel requires * Tue May 06 2003 Silvan Calarco 0.77-5qilnx - Added cracklib module * Tue May 06 2003 Silvan Calarco 0.77-4qilnx - Fixed a static libaries creation error (enable-static-libpam) * Mon May 05 2003 Silvan Calarco 0.77-3qilnx - Added pam_stack module - Added inclusion of development libraries * Mon May 05 2003 Silvan Calarco - Removed paths from pam.d/* files * Thu Apr 17 2003 Mirko Cortillaro - write a spec file for Linux-PAM