[Pkg-shadow-commits] r487 - in branches/experimental/debian: .
patches
Christian Perrier
bubulle at costa.debian.org
Mon Aug 29 18:18:19 UTC 2005
Author: bubulle
Date: 2005-08-29 18:18:18 +0000 (Mon, 29 Aug 2005)
New Revision: 487
Added:
branches/experimental/debian/login.pam
branches/experimental/debian/passwd.chage.pam
branches/experimental/debian/passwd.chfn.pam
branches/experimental/debian/passwd.chpasswd.pam
branches/experimental/debian/passwd.chsh.pam
branches/experimental/debian/passwd.groupadd.pam
branches/experimental/debian/passwd.groupdel.pam
branches/experimental/debian/passwd.groupmod.pam
branches/experimental/debian/passwd.newusers.pam
branches/experimental/debian/passwd.passwd.pam
branches/experimental/debian/passwd.su.pam
branches/experimental/debian/passwd.useradd.pam
branches/experimental/debian/passwd.userdel.pam
branches/experimental/debian/passwd.usermod.pam
Removed:
branches/experimental/debian/pam.d/
Modified:
branches/experimental/debian/changelog
branches/experimental/debian/patches/series
branches/experimental/debian/rules
Log:
Now we use dh_installpam to install PAM files
Modified: branches/experimental/debian/changelog
===================================================================
--- branches/experimental/debian/changelog 2005-08-29 17:49:56 UTC (rev 486)
+++ branches/experimental/debian/changelog 2005-08-29 18:18:18 UTC (rev 487)
@@ -17,11 +17,10 @@
FTMP_FILE, CLOSE_SESSIONS, LOGIN_STRING, NO_PASSWORD_CONSOLE
ULIMIT
- NEWS.Debian: added
- - 404_undef_USE_PAM.dpatch: disabled on upstream author's advice
- we do not enforce not using PAM in chage, chpasswd, groupadd
- groupdel, groupmod, newusers, useradd, userdel, usermod
- - as a consequence, ship a PAMc onfiguration file for these utilities
- with pam_rootok.so
+ - Ship a (currently useless) PAM configuration file for chage, useradd,
+ usermod, userdel, groupadd, groupmod, groupdel, including
+ pam_rootok.so alone
+ - use dh_installpam to install PAM configuration files
* Upstream bugs not already fixed in upstream releases or CVS:
- 443_chage_exit_values: now exit with errorlevel=4 when no
shadow password exists (was previously 3 but upstream now uses it)
Added: branches/experimental/debian/login.pam
===================================================================
--- branches/experimental/debian/login.pam 2005-08-29 17:49:56 UTC (rev 486)
+++ branches/experimental/debian/login.pam 2005-08-29 18:18:18 UTC (rev 487)
@@ -0,0 +1,73 @@
+#
+# The PAM configuration file for the Shadow `login' service
+#
+# NOTE: If you use a session module (such as kerberos or NIS+)
+# that retains persistent credentials (like key caches, etc), you
+# need to enable the `CLOSE_SESSIONS' option in /etc/login.defs
+# in order for login to stay around until after logout to call
+# pam_close_session() and cleanup.
+#
+
+# Outputs an issue file prior to each login prompt (Replaces the
+# ISSUE_FILE option from login.defs). Uncomment for use
+# auth required pam_issue.so issue=/etc/issue
+
+# Disallows root logins except on tty's listed in /etc/securetty
+# (Replaces the `CONSOLE' setting from login.defs)
+auth requisite pam_securetty.so
+
+# Disallows other than root logins when /etc/nologin exists
+# (Replaces the `NOLOGINS_FILE' option from login.defs)
+auth requisite pam_nologin.so
+
+# This module parses /etc/environment (the standard for setting
+# environ vars) and also allows you to use an extended config
+# file /etc/security/pam_env.conf.
+# (Replaces the `ENVIRON_FILE' setting from login.defs)
+auth required pam_env.so
+
+# Standard Un*x authentication.
+ at include common-auth
+
+# This allows certain extra groups to be granted to a user
+# based on things like time of day, tty, service, and user.
+# Please uncomment and edit /etc/security/group.conf if you
+# wish to use this.
+# (Replaces the `CONSOLE_GROUPS' option in login.defs)
+# auth optional pam_group.so
+
+# Uncomment and edit /etc/security/time.conf if you need to set
+# time restrainst on logins.
+# (Replaces the `PORTTIME_CHECKS_ENAB' option from login.defs
+# as well as /etc/porttime)
+# account requisite pam_time.so
+
+# Uncomment and edit /etc/security/access.conf if you need to
+# set access limits.
+# (Replaces /etc/login.access file)
+# account required pam_access.so
+
+# Standard Un*x account and session
+ at include common-account
+ at include common-session
+
+# Sets up user limits according to /etc/security/limits.conf
+# (Replaces the use of /etc/limits in old login)
+session required pam_limits.so
+
+# Prints the last login info upon succesful login
+# (Replaces the `LASTLOG_ENAB' option from login.defs)
+session optional pam_lastlog.so
+
+# Prints the motd upon succesful login
+# (Replaces the `MOTD_FILE' option in login.defs)
+session optional pam_motd.so
+
+# Prints the status of the user's mailbox upon succesful login
+# (Replaces the `MAIL_CHECK_ENAB' option from login.defs). You
+# can also enable a MAIL environment variable from here, but it
+# is better handled by /etc/login.defs, since userdel also uses
+# it to make sure that removing a user, also removes their mail
+# spool file.
+session optional pam_mail.so standard noenv
+ at include common-password
Added: branches/experimental/debian/passwd.chage.pam
===================================================================
--- branches/experimental/debian/passwd.chage.pam 2005-08-29 17:49:56 UTC (rev 486)
+++ branches/experimental/debian/passwd.chage.pam 2005-08-29 18:18:18 UTC (rev 487)
@@ -0,0 +1,5 @@
+# The PAM configuration file for the Shadow 'chage' service
+#
+
+# This allows root to change password aging being prompted for a password
+auth sufficient pam_rootok.so
Added: branches/experimental/debian/passwd.chfn.pam
===================================================================
--- branches/experimental/debian/passwd.chfn.pam 2005-08-29 17:49:56 UTC (rev 486)
+++ branches/experimental/debian/passwd.chfn.pam 2005-08-29 18:18:18 UTC (rev 487)
@@ -0,0 +1,12 @@
+#
+# The PAM configuration file for the Shadow `chfn' service
+#
+
+# The standard Unix authentication modules, used with
+# NIS (man nsswitch) as well as normal /etc/passwd and
+# /etc/shadow entries.
+ at include common-auth
+ at include common-account
+ at include common-session
+
+
Added: branches/experimental/debian/passwd.chpasswd.pam
===================================================================
--- branches/experimental/debian/passwd.chpasswd.pam 2005-08-29 17:49:56 UTC (rev 486)
+++ branches/experimental/debian/passwd.chpasswd.pam 2005-08-29 18:18:18 UTC (rev 487)
@@ -0,0 +1,5 @@
+# The PAM configuration file for the Shadow 'chpasswd' service
+#
+
+# This allows root to use chpasswd without being prompted for a password
+auth sufficient pam_rootok.so
Added: branches/experimental/debian/passwd.chsh.pam
===================================================================
--- branches/experimental/debian/passwd.chsh.pam 2005-08-29 17:49:56 UTC (rev 486)
+++ branches/experimental/debian/passwd.chsh.pam 2005-08-29 18:18:18 UTC (rev 487)
@@ -0,0 +1,16 @@
+#
+# The PAM configuration file for the Shadow `chsh' service
+#
+
+# This will not allow a user to change their shell unless
+# their current one is listed in /etc/shells. This keeps
+# accounts with special shells from changing them.
+auth required pam_shells.so
+
+# The standard Unix authentication modules, used with
+# NIS (man nsswitch) as well as normal /etc/passwd and
+# /etc/shadow entries.
+ at include common-auth
+ at include common-account
+ at include common-session
+
Added: branches/experimental/debian/passwd.groupadd.pam
===================================================================
--- branches/experimental/debian/passwd.groupadd.pam 2005-08-29 17:49:56 UTC (rev 486)
+++ branches/experimental/debian/passwd.groupadd.pam 2005-08-29 18:18:18 UTC (rev 487)
@@ -0,0 +1,5 @@
+# The PAM configuration file for the Shadow 'groupadd' service
+#
+
+# This allows root to add groups without being prompted for a password
+auth sufficient pam_rootok.so
Added: branches/experimental/debian/passwd.groupdel.pam
===================================================================
--- branches/experimental/debian/passwd.groupdel.pam 2005-08-29 17:49:56 UTC (rev 486)
+++ branches/experimental/debian/passwd.groupdel.pam 2005-08-29 18:18:18 UTC (rev 487)
@@ -0,0 +1,5 @@
+# The PAM configuration file for the Shadow 'groupdel' service
+#
+
+# This allows root to remove groups without being prompted for a password
+auth sufficient pam_rootok.so
Added: branches/experimental/debian/passwd.groupmod.pam
===================================================================
--- branches/experimental/debian/passwd.groupmod.pam 2005-08-29 17:49:56 UTC (rev 486)
+++ branches/experimental/debian/passwd.groupmod.pam 2005-08-29 18:18:18 UTC (rev 487)
@@ -0,0 +1,5 @@
+# The PAM configuration file for the Shadow 'groupmod' service
+#
+
+# This allows root to modify groups without being prompted for a password
+auth sufficient pam_rootok.so
Added: branches/experimental/debian/passwd.newusers.pam
===================================================================
--- branches/experimental/debian/passwd.newusers.pam 2005-08-29 17:49:56 UTC (rev 486)
+++ branches/experimental/debian/passwd.newusers.pam 2005-08-29 18:18:18 UTC (rev 487)
@@ -0,0 +1,6 @@
+# The PAM configuration file for the Shadow 'newusers' service
+#
+
+# This allows root to add users with a batch file without being
+# prompted for a password
+auth sufficient pam_rootok.so
Added: branches/experimental/debian/passwd.passwd.pam
===================================================================
--- branches/experimental/debian/passwd.passwd.pam 2005-08-29 17:49:56 UTC (rev 486)
+++ branches/experimental/debian/passwd.passwd.pam 2005-08-29 18:18:18 UTC (rev 487)
@@ -0,0 +1,6 @@
+#
+# The PAM configuration file for the Shadow `passwd' service
+#
+
+ at include common-password
+
Added: branches/experimental/debian/passwd.su.pam
===================================================================
--- branches/experimental/debian/passwd.su.pam 2005-08-29 17:49:56 UTC (rev 486)
+++ branches/experimental/debian/passwd.su.pam 2005-08-29 18:18:18 UTC (rev 487)
@@ -0,0 +1,45 @@
+#
+# The PAM configuration file for the Shadow `su' service
+#
+
+# Uncomment this to force users to be a member of group root
+# before they can use `su'. You can also add "group=foo" to
+# to the end of this line if you want to use a group other
+# than the default "root".
+# (Replaces the `SU_WHEEL_ONLY' option from login.defs)
+# auth required pam_wheel.so
+
+# Uncomment this if you want wheel members to be able to
+# su without a password.
+# auth sufficient pam_wheel.so trust
+
+# Uncomment this if you want members of a specific group to not
+# be allowed to use su at all.
+# auth required pam_wheel.so deny group=nosu
+
+# This allows root to su without passwords (normal operation)
+auth sufficient pam_rootok.so
+
+# Uncomment and edit /etc/security/time.conf if you need to set
+# time restrainst on su usage.
+# (Replaces the `PORTTIME_CHECKS_ENAB' option from login.defs
+# as well as /etc/porttime)
+# account requisite pam_time.so
+
+# This module parses /etc/environment (the standard for setting
+# environ vars) and also allows you to use an extended config
+# file /etc/security/pam_env.conf.
+# (Replaces the `ENVIRON_FILE' setting from login.defs)
+auth required pam_env.so
+
+# The standard Unix authentication modules, used with
+# NIS (man nsswitch) as well as normal /etc/passwd and
+# /etc/shadow entries.
+ at include common-auth
+ at include common-account
+ at include common-session
+
+# Sets up user limits, please uncomment and read /etc/security/limits.conf
+# to enable this functionality.
+# (Replaces the use of /etc/limits in old login)
+# session required pam_limits.so
Added: branches/experimental/debian/passwd.useradd.pam
===================================================================
--- branches/experimental/debian/passwd.useradd.pam 2005-08-29 17:49:56 UTC (rev 486)
+++ branches/experimental/debian/passwd.useradd.pam 2005-08-29 18:18:18 UTC (rev 487)
@@ -0,0 +1,5 @@
+# The PAM configuration file for the Shadow 'useradd' service
+#
+
+# This allows root to add users without being prompted for a password
+auth sufficient pam_rootok.so
Added: branches/experimental/debian/passwd.userdel.pam
===================================================================
--- branches/experimental/debian/passwd.userdel.pam 2005-08-29 17:49:56 UTC (rev 486)
+++ branches/experimental/debian/passwd.userdel.pam 2005-08-29 18:18:18 UTC (rev 487)
@@ -0,0 +1,5 @@
+# The PAM configuration file for the Shadow 'userdel' service
+#
+
+# This allows root to remove users without being prompted for a password
+auth sufficient pam_rootok.so
Added: branches/experimental/debian/passwd.usermod.pam
===================================================================
--- branches/experimental/debian/passwd.usermod.pam 2005-08-29 17:49:56 UTC (rev 486)
+++ branches/experimental/debian/passwd.usermod.pam 2005-08-29 18:18:18 UTC (rev 487)
@@ -0,0 +1,5 @@
+# The PAM configuration file for the Shadow 'groupdel' service
+#
+
+# This allows root to remove groups without being prompted for a password
+auth sufficient pam_rootok.so
Modified: branches/experimental/debian/patches/series
===================================================================
--- branches/experimental/debian/patches/series 2005-08-29 17:49:56 UTC (rev 486)
+++ branches/experimental/debian/patches/series 2005-08-29 18:18:18 UTC (rev 487)
@@ -115,9 +115,7 @@
# 402 has been applied upstream (surprising because Tomasz once said he wouldn't)
# 402_usermod.8-system-users-range-286258
403_sg_symlink_162339_163652.dpatch
-# 404 disabled. See Tomasz comments in the devel mailing list
-# on Aug. 25th 2005
-# 404_undef_USE_PAM.dpatch
+404_undef_USE_PAM.dpatch
405_subsystem_remove_*_in_shell.dpatch
406_good_name.dpatch
407_32char_grnames.dpatch
Modified: branches/experimental/debian/rules
===================================================================
--- branches/experimental/debian/rules 2005-08-29 17:49:56 UTC (rev 486)
+++ branches/experimental/debian/rules 2005-08-29 18:18:18 UTC (rev 487)
@@ -104,22 +104,17 @@
install -c -m 444 man/ja/shadowconfig.8 debian/passwd/usr/share/man/ja/man8
install -c -m 444 man/pl/shadowconfig.8 debian/passwd/usr/share/man/pl/man8
install -c -m 444 man/fr/shadowconfig.8 debian/passwd/usr/share/man/fr/man8
- install -d debian/login/etc/pam.d
- install -c -m 444 debian/pam.d/login debian/login/etc/pam.d/login
- install -c -m 444 debian/pam.d/su debian/login/etc/pam.d/su
- install -d debian/passwd/etc/pam.d
- install -c -m 444 debian/pam.d/chfn debian/passwd/etc/pam.d/chfn
- install -c -m 444 debian/pam.d/chsh debian/passwd/etc/pam.d/chsh
- install -c -m 444 debian/pam.d/passwd debian/passwd/etc/pam.d/passwd
- install -c -m 444 debian/pam.d/chpasswd debian/passwd/etc/pam.d/chpasswd
- install -c -m 444 debian/pam.d/chage debian/passwd/etc/pam.d/chage
- install -c -m 444 debian/pam.d/groupadd debian/passwd/etc/pam.d/groupadd
- install -c -m 444 debian/pam.d/groupdel debian/passwd/etc/pam.d/groupdel
- install -c -m 444 debian/pam.d/groupmod debian/passwd/etc/pam.d/groupmod
- install -c -m 444 debian/pam.d/useradd debian/passwd/etc/pam.d/useradd
- install -c -m 444 debian/pam.d/userdel debian/passwd/etc/pam.d/userdel
- install -c -m 444 debian/pam.d/usermod debian/passwd/etc/pam.d/usermod
- install -c -m 444 debian/pam.d/newusers debian/passwd/etc/pam.d/newusers
+ dh_installpam -p passwd --name=chage
+ dh_installpam -p passwd --name=chfn
+ dh_installpam -p passwd --name=chsh
+ dh_installpam -p passwd --name=useradd
+ dh_installpam -p passwd --name=userdel
+ dh_installpam -p passwd --name=usermod
+ dh_installpam -p passwd --name=groupadd
+ dh_installpam -p passwd --name=groupdel
+ dh_installpam -p passwd --name=groupmod
+ dh_installpam -p passwd --name=newusers
+ dh_installpam -p login
install -c -m 444 debian/login.defs debian/login/etc/login.defs
install -c -m 444 debian/securetty.$(DEB_HOST_ARCH_OS) debian/login/etc/securetty
install -d debian/passwd/usr/share/passwd
More information about the Pkg-shadow-commits
mailing list