| Revision | 82ecce4d408521183a2147cbcdac82481d9b0137 (tree) |
|---|---|
| Time | 2018-09-24 14:07:13 |
| Author | matsuand <matsuand@user...> |
| Commiter | matsuand |
[BLFS] Modified Linux-PAM.
BLFS/Linux-PAM.sh (diff)| @@ -45,7 +45,7 @@ make \ | ||
| 45 | 45 | 1> $LOG/$TARGET.2_make.log 2>&1 || exit 1 |
| 46 | 46 | |
| 47 | 47 | Installing |
| 48 | -porg -lp $TARGET "make install" \ | |
| 48 | +porg -lp $TARGET -E`pwd` "make install" \ | |
| 49 | 49 | 1> $LOG/$TARGET.3_install.log 2>&1 || exit 1 |
| 50 | 50 | |
| 51 | 51 | chmod -v 4755 /sbin/unix_chkpwd \ |
| @@ -67,15 +67,75 @@ install -v -m755 -d /etc/pam.d | ||
| 67 | 67 | cat > /etc/pam.d/other << "EOF" |
| 68 | 68 | # Begin /etc/pam.d/other |
| 69 | 69 | |
| 70 | -auth required pam_unix.so nullok | |
| 71 | -account required pam_unix.so | |
| 72 | -session required pam_unix.so | |
| 73 | -password required pam_unix.so nullok | |
| 70 | +auth required pam_warn.so | |
| 71 | +auth required pam_deny.so | |
| 72 | +account required pam_warn.so | |
| 73 | +account required pam_deny.so | |
| 74 | +password required pam_warn.so | |
| 75 | +password required pam_deny.so | |
| 76 | +session required pam_warn.so | |
| 77 | +session required pam_deny.so | |
| 74 | 78 | |
| 75 | 79 | # End /etc/pam.d/other |
| 76 | 80 | EOF |
| 77 | 81 | porg -lp+ $TARGET "touch /etc/pam.d/other" |
| 78 | 82 | |
| 83 | +cat > /etc/pam.d/system-account << "EOF" | |
| 84 | +# Begin /etc/pam.d/system-account | |
| 85 | + | |
| 86 | +account required pam_unix.so | |
| 87 | + | |
| 88 | +# End /etc/pam.d/system-account | |
| 89 | +EOF | |
| 90 | +porg -lp+ $TARGET "touch /etc/pam.d/system-account" | |
| 91 | + | |
| 92 | +cat > /etc/pam.d/system-auth << "EOF" | |
| 93 | +# Begin /etc/pam.d/system-auth | |
| 94 | + | |
| 95 | +auth required pam_unix.so | |
| 96 | + | |
| 97 | +# End /etc/pam.d/system-auth | |
| 98 | +EOF | |
| 99 | +porg -lp+ $TARGET "touch /etc/pam.d/system-auth" | |
| 100 | + | |
| 101 | +cat > /etc/pam.d/system-session << "EOF" | |
| 102 | +# Begin /etc/pam.d/system-session | |
| 103 | + | |
| 104 | +session required pam_unix.so | |
| 105 | + | |
| 106 | +# End /etc/pam.d/system-session | |
| 107 | +EOF | |
| 108 | +porg -lp+ $TARGET "touch /etc/pam.d/system-session" | |
| 109 | + | |
| 110 | +if [ ${OPTION_cracklib} -eq "1" ]; then | |
| 111 | +cat > /etc/pam.d/system-password << "EOF" | |
| 112 | +# Begin /etc/pam.d/system-password | |
| 113 | + | |
| 114 | +# check new passwords for strength (man pam_cracklib) | |
| 115 | +password required pam_cracklib.so type=Linux retry=3 difok=5 \ | |
| 116 | + difignore=23 minlen=9 dcredit=1 \ | |
| 117 | + ucredit=1 lcredit=1 ocredit=1 \ | |
| 118 | + dictpath=/lib/cracklib/pw_dict | |
| 119 | +# use sha512 hash for encryption, use shadow, and use the | |
| 120 | +# authentication token (chosen password) set by pam_cracklib | |
| 121 | +# above (or any previous modules) | |
| 122 | +password required pam_unix.so sha512 shadow use_authtok | |
| 123 | + | |
| 124 | +# End /etc/pam.d/system-password | |
| 125 | +EOF | |
| 126 | +else | |
| 127 | +cat > /etc/pam.d/system-password << "EOF" | |
| 128 | +# Begin /etc/pam.d/system-password | |
| 129 | + | |
| 130 | +# use sha512 hash for encryption, use shadow, and try to use any previously | |
| 131 | +# defined authentication token (chosen password) set by any prior module | |
| 132 | +password required pam_unix.so sha512 shadow try_first_pass | |
| 133 | + | |
| 134 | +# End /etc/pam.d/system-password | |
| 135 | +EOF | |
| 136 | +fi | |
| 137 | +porg -lp+ $TARGET "touch /etc/pam.d/system-password" | |
| 138 | + | |
| 79 | 139 | TimeEnd |
| 80 | 140 | |
| 81 | 141 | cd .. |
Fork