rpms / pam

Clone
Source Code
GIT

#9 Enable layered configuration with distribution configs in /usr/share/pam.d
Closed 3 years ago by ipedrosa. Opened 3 years ago by ngompa.
rpms/ ngompa/pam enable-layered-config  into  master

file modified
+7 
@@ -44,6 +44,7 @@ 
 

  %global _moduledir %{_libdir}/security
 

  %global _secconfdir %{_sysconfdir}/security
 

  %global _pamconfdir %{_sysconfdir}/pam.d
 

+ %global _pamvendordir %{_datadir}/pam.d
 

  %global _systemdlibdir /usr/lib/systemd/system
 

  

  %if %{?WITH_SELINUX:0}%{!?WITH_SELINUX:1}
 
@@ -68,6 +69,8 @@ 
 

  BuildRequires: libselinux-devel >= 1.33.2
 

  Requires: libselinux >= 1.33.2
 

  %endif
 

+ BuildRequires: libeconf-devel >= 0.3.5
 

+ Requires: libeconf >= 0.3.5
 

  Requires: glibc >= 2.3.90-37
 

  BuildRequires: libxcrypt-devel >= 4.3.3-2
 

  BuildRequires: libdb-devel
 
@@ -133,6 +136,7 @@ 
 

  	--disable-rpath \
 

  	--libdir=%{_pamlibdir} \
 

  	--includedir=%{_includedir}/security \
 

+ 	--enable-vendordir=%{_datadir} \
 

  %if ! %{WITH_SELINUX}
 

  	--disable-selinux \
 

  %endif
 
@@ -169,6 +173,7 @@ 
 

  

  # Install default configuration files.
 

  install -d -m 755 $RPM_BUILD_ROOT%{_pamconfdir}
 

+ install -d -m 755 $RPM_BUILD_ROOT%{_pamvendordir}
 

  install -m 644 %{SOURCE5} $RPM_BUILD_ROOT%{_pamconfdir}/other
 

  install -m 644 %{SOURCE6} $RPM_BUILD_ROOT%{_pamconfdir}/system-auth
 

  install -m 644 %{SOURCE7} $RPM_BUILD_ROOT%{_pamconfdir}/password-auth
 
@@ -256,6 +261,7 @@ 
 

  

  %files -f Linux-PAM.lang
 

  %dir %{_pamconfdir}
 

+ %dir %{_pamvendordir}
 

  %config(noreplace) %{_pamconfdir}/other
 

  %config(noreplace) %{_pamconfdir}/system-auth
 

  %config(noreplace) %{_pamconfdir}/password-auth
 
@@ -385,6 +391,7 @@ 
 

  - Rebased to release 1.4.0
 

  - Rebased to pam-redhat-1.1.3
 

  - Removed pam_cracklib as it has been deprecated
 

+ - Enable layered configuration with distribution configs in /usr/share/pam.d

Create a new changelog item and include this comment there.

 
  

  * Mon Jun 22 2020 Iker Pedrosa <ipedrosa@redhat.com> - 1.3.1-28
 

  - pam_faillock: change /run/faillock/$USER permissions to 0660 (#1661822)

This PR enables layered configuration support in PAM using libeconf.

The configuration files are now installed in /usr/share/pam.d, and /etc/pam.d is now empty. The latter is only used for the admin to set their own files.

This is new to PAM 1.4.0 and would be great to enable.

rebased onto c15a58b
3 years ago

rebased onto 6c255fb
3 years ago

/cc @rfairley

I do not think it should go in as-is without having proper Fedora System-wide Change accepted.

The deadline for System-wide Change submissions is today.

rebased onto 97607d4
3 years ago

Create a new changelog item and include this comment there.

And also release version should be increased:
Release: 12%{?dist}

I've committed your changes with the ones I requested, so I'm closing the PR.

Pull-Request has been closed by ipedrosa
3 years ago
Changes Summary 1
+7 -0
file changed
pam.spec
Powered by Pagure 5.14.1
DocumentationFile an IssueAbout this InstanceSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.