[pam] - add postlogin common PAM configuration file (#665059)
Tomáš Mráz
tmraz at fedoraproject.org
Wed Dec 22 17:22:25 UTC 2010
commit a050086a244f8706249cb78ac41e7b1287a46100
Author: Tomas Mraz <tmraz at fedoraproject.org>
Date: Wed Dec 22 18:22:11 2010 +0100
- add postlogin common PAM configuration file (#665059)
pam.spec | 15 +++++++++++++--
postlogin.5 | 46 ++++++++++++++++++++++++++++++++++++++++++++++
postlogin.pamd | 3 +++
system-auth.5 | 33 +++++++++------------------------
4 files changed, 71 insertions(+), 26 deletions(-)
---
diff --git a/pam.spec b/pam.spec
index 912bed7..06302f3 100644
--- a/pam.spec
+++ b/pam.spec
@@ -3,7 +3,7 @@
Summary: An extensible library which provides authentication for applications
Name: pam
Version: 1.1.3
-Release: 6%{?dist}
+Release: 7%{?dist}
# The library is BSD licensed with option to relicense as GPLv2+ - this option is redundant
# as the BSD license allows that anyway. pam_timestamp and pam_console modules are GPLv2+,
License: BSD and GPLv2+
@@ -22,6 +22,8 @@ Source12: system-auth.5
Source13: config-util.5
Source14: 90-nproc.conf
Source15: pamtmp.conf
+Source16: postlogin.pamd
+Source17: postlogin.5
Patch1: pam-1.0.90-redhat-modules.patch
Patch2: pam-1.0.91-std-noclose.patch
Patch4: pam-1.1.0-console-nochmod.patch
@@ -159,6 +161,7 @@ install -m 644 %{SOURCE7} $RPM_BUILD_ROOT%{_pamconfdir}/password-auth
install -m 644 %{SOURCE8} $RPM_BUILD_ROOT%{_pamconfdir}/fingerprint-auth
install -m 644 %{SOURCE9} $RPM_BUILD_ROOT%{_pamconfdir}/smartcard-auth
install -m 644 %{SOURCE10} $RPM_BUILD_ROOT%{_pamconfdir}/config-util
+install -m 644 %{SOURCE16} $RPM_BUILD_ROOT%{_pamconfdir}/postlogin
install -m 644 %{SOURCE14} $RPM_BUILD_ROOT%{_secconfdir}/limits.d/90-nproc.conf
install -m 600 /dev/null $RPM_BUILD_ROOT%{_secconfdir}/opasswd
install -d -m 755 $RPM_BUILD_ROOT/var/log
@@ -166,7 +169,11 @@ install -m 600 /dev/null $RPM_BUILD_ROOT/var/log/tallylog
install -d -m 755 $RPM_BUILD_ROOT/var/run/faillock
# Install man pages.
-install -m 644 %{SOURCE12} %{SOURCE13} $RPM_BUILD_ROOT%{_mandir}/man5/
+install -m 644 %{SOURCE12} %{SOURCE13} %{SOURCE17} $RPM_BUILD_ROOT%{_mandir}/man5/
+ln -sf system-auth.5 $RPM_BUILD_ROOT%{_mandir}/man5/password-auth.5
+ln -sf system-auth.5 $RPM_BUILD_ROOT%{_mandir}/man5/fingerprint-auth.5
+ln -sf system-auth.5 $RPM_BUILD_ROOT%{_mandir}/man5/smartcard-auth.5
+
for phase in auth acct passwd session ; do
ln -sf pam_unix.so $RPM_BUILD_ROOT%{_moduledir}/pam_unix_${phase}.so
@@ -245,6 +252,7 @@ fi
%config(noreplace) %{_pamconfdir}/fingerprint-auth
%config(noreplace) %{_pamconfdir}/smartcard-auth
%config(noreplace) %{_pamconfdir}/config-util
+%config(noreplace) %{_pamconfdir}/postlogin
%doc Copyright
%doc doc/txts
%doc doc/sag/*.txt doc/sag/html
@@ -359,6 +367,9 @@ fi
%doc doc/adg/*.txt doc/adg/html
%changelog
+* Wed Dec 22 2010 Tomas Mraz <tmraz at redhat.com> 1.1.3-7
+- add postlogin common PAM configuration file (#665059)
+
* Tue Dec 14 2010 Tomas Mraz <tmraz at redhat.com> 1.1.3-6
- include patches recently submitted and applied to upstream CVS
diff --git a/postlogin.5 b/postlogin.5
new file mode 100644
index 0000000..3a8abcf
--- /dev/null
+++ b/postlogin.5
@@ -0,0 +1,46 @@
+.TH POSTLOGIN 5 "2010 Dec 22" "Red Hat" "Linux-PAM Manual"
+.SH NAME
+
+postlogin \- Common configuration file for PAMified services
+
+.SH SYNOPSIS
+.B /etc/pam.d/postlogin
+.sp 2
+.SH DESCRIPTION
+
+The purpose of this PAM configuration file is to provide a common
+place for all PAM modules which should be called after the stack
+configured in
+.BR system-auth
+or the other common PAM configuration files.
+
+.sp
+The
+.BR postlogin
+configuration file is included from all individual service configuration
+files that provide login service with shell or file access.
+
+.SH NOTES
+The modules in the postlogin configuration file are executed regardless
+of the success or failure of the modules in the
+.BR system-auth
+configuration file.
+
+.SH BUGS
+.sp 2
+Sometimes it would be useful to be able to skip the postlogin modules in
+case the substack of the
+.BR system-auth
+modules failed. Unfortunately the current Linux-PAM library does not
+provide any way how to achieve this.
+
+.SH "SEE ALSO"
+pam(8), config-util(5), system-auth(5)
+
+The three
+.BR Linux-PAM
+Guides, for
+.BR "system administrators" ", "
+.BR "module developers" ", "
+and
+.BR "application developers" ". "
diff --git a/postlogin.pamd b/postlogin.pamd
new file mode 100644
index 0000000..43d25c5
--- /dev/null
+++ b/postlogin.pamd
@@ -0,0 +1,3 @@
+#%PAM-1.0
+# This file is auto-generated.
+# User changes will be destroyed the next time authconfig is run.
diff --git a/system-auth.5 b/system-auth.5
index 8f8ef34..c0ca80b 100644
--- a/system-auth.5
+++ b/system-auth.5
@@ -1,4 +1,4 @@
-.TH SYSTEM-AUTH 5 "2009 Apr 10" "Red Hat" "Linux-PAM Manual"
+.TH SYSTEM-AUTH 5 "2010 Dec 22" "Red Hat" "Linux-PAM Manual"
.SH NAME
system-auth \- Common configuration file for PAMified services
@@ -20,7 +20,7 @@ The
.BR system-auth
configuration file is included from nearly all individual service configuration
files with the help of the
-.BR include
+.BR substack
directive.
.sp
@@ -33,36 +33,21 @@ different types of devices via simultaneously running individual conversations
instead of one aggregate conversation.
.SH NOTES
-There should be no
-.BR sufficient
-modules in the
-.BR session
-part of
-.BR system-auth
-file because individual services may add session modules after
-.BR include
+Previously these common configuration files were included with the help
of the
-.BR system-auth
-file. Execution of these modules would be skipped if there were sufficient
-modules in
-.BR system-auth
-file.
-
-.sp
-Conversely there should not be any modules after
.BR include
-directive in the individual service files in
-.BR auth account
-and
-.BR password
-sections otherwise they could be bypassed.
+directive. This limited the use of the different action types of modules.
+With the use of
+.BR substack
+directive to include these common configuration files this limitation
+no longer applies.
.SH BUGS
.sp 2
None known.
.SH "SEE ALSO"
-pam(8), config-util(5)
+pam(8), config-util(5), postlogin(5)
The three
.BR Linux-PAM
More information about the scm-commits
mailing list