Revision | 82ecce4d408521183a2147cbcdac82481d9b0137 (tree) |
---|---|
Time | 2018-09-24 14:07:13 |
Author | matsuand <matsuand@user...> |
Commiter | matsuand |
[BLFS] Modified Linux-PAM.
@@ -45,7 +45,7 @@ make \ | ||
45 | 45 | 1> $LOG/$TARGET.2_make.log 2>&1 || exit 1 |
46 | 46 | |
47 | 47 | Installing |
48 | -porg -lp $TARGET "make install" \ | |
48 | +porg -lp $TARGET -E`pwd` "make install" \ | |
49 | 49 | 1> $LOG/$TARGET.3_install.log 2>&1 || exit 1 |
50 | 50 | |
51 | 51 | chmod -v 4755 /sbin/unix_chkpwd \ |
@@ -67,15 +67,75 @@ install -v -m755 -d /etc/pam.d | ||
67 | 67 | cat > /etc/pam.d/other << "EOF" |
68 | 68 | # Begin /etc/pam.d/other |
69 | 69 | |
70 | -auth required pam_unix.so nullok | |
71 | -account required pam_unix.so | |
72 | -session required pam_unix.so | |
73 | -password required pam_unix.so nullok | |
70 | +auth required pam_warn.so | |
71 | +auth required pam_deny.so | |
72 | +account required pam_warn.so | |
73 | +account required pam_deny.so | |
74 | +password required pam_warn.so | |
75 | +password required pam_deny.so | |
76 | +session required pam_warn.so | |
77 | +session required pam_deny.so | |
74 | 78 | |
75 | 79 | # End /etc/pam.d/other |
76 | 80 | EOF |
77 | 81 | porg -lp+ $TARGET "touch /etc/pam.d/other" |
78 | 82 | |
83 | +cat > /etc/pam.d/system-account << "EOF" | |
84 | +# Begin /etc/pam.d/system-account | |
85 | + | |
86 | +account required pam_unix.so | |
87 | + | |
88 | +# End /etc/pam.d/system-account | |
89 | +EOF | |
90 | +porg -lp+ $TARGET "touch /etc/pam.d/system-account" | |
91 | + | |
92 | +cat > /etc/pam.d/system-auth << "EOF" | |
93 | +# Begin /etc/pam.d/system-auth | |
94 | + | |
95 | +auth required pam_unix.so | |
96 | + | |
97 | +# End /etc/pam.d/system-auth | |
98 | +EOF | |
99 | +porg -lp+ $TARGET "touch /etc/pam.d/system-auth" | |
100 | + | |
101 | +cat > /etc/pam.d/system-session << "EOF" | |
102 | +# Begin /etc/pam.d/system-session | |
103 | + | |
104 | +session required pam_unix.so | |
105 | + | |
106 | +# End /etc/pam.d/system-session | |
107 | +EOF | |
108 | +porg -lp+ $TARGET "touch /etc/pam.d/system-session" | |
109 | + | |
110 | +if [ ${OPTION_cracklib} -eq "1" ]; then | |
111 | +cat > /etc/pam.d/system-password << "EOF" | |
112 | +# Begin /etc/pam.d/system-password | |
113 | + | |
114 | +# check new passwords for strength (man pam_cracklib) | |
115 | +password required pam_cracklib.so type=Linux retry=3 difok=5 \ | |
116 | + difignore=23 minlen=9 dcredit=1 \ | |
117 | + ucredit=1 lcredit=1 ocredit=1 \ | |
118 | + dictpath=/lib/cracklib/pw_dict | |
119 | +# use sha512 hash for encryption, use shadow, and use the | |
120 | +# authentication token (chosen password) set by pam_cracklib | |
121 | +# above (or any previous modules) | |
122 | +password required pam_unix.so sha512 shadow use_authtok | |
123 | + | |
124 | +# End /etc/pam.d/system-password | |
125 | +EOF | |
126 | +else | |
127 | +cat > /etc/pam.d/system-password << "EOF" | |
128 | +# Begin /etc/pam.d/system-password | |
129 | + | |
130 | +# use sha512 hash for encryption, use shadow, and try to use any previously | |
131 | +# defined authentication token (chosen password) set by any prior module | |
132 | +password required pam_unix.so sha512 shadow try_first_pass | |
133 | + | |
134 | +# End /etc/pam.d/system-password | |
135 | +EOF | |
136 | +fi | |
137 | +porg -lp+ $TARGET "touch /etc/pam.d/system-password" | |
138 | + | |
79 | 139 | TimeEnd |
80 | 140 | |
81 | 141 | cd .. |