File pam_ldap.patch of Package pam_ldap
--- pam.d/WARNING +++ pam.d/WARNING 2002/07/16 07:39:25 @@ -0,0 +1,8 @@ +This configuration files are not tested on a SuSE Linux system! +We have only included them as example how to configure PAM +correct with pam_ldap. + +On SuSE Linux, you only need to edit /etc/security/pam_unix2.conf +and add the "use_ldap" option to the account, auth and password +management. If you configure LDAP with YaST2, YaST2 will do this +for you. --- pam.d/chfn +++ pam.d/chfn 2002/07/16 07:39:25 @@ -1,10 +1,8 @@ #%PAM-1.0 -auth sufficient /lib/security/pam_rootok.so -auth sufficient /lib/security/pam_ldap.so -auth required /lib/security/pam_unix_auth.so use_first_pass -account sufficient /lib/security/pam_ldap.so -account required /lib/security/pam_unix_acct.so -password required /lib/security/pam_cracklib.so -password sufficient /lib/security/pam_ldap.so -password required /lib/security/pam_pwdb.so use_first_pass -session required /lib/security/pam_unix_session.so +auth sufficient pam_ldap.so +auth required pam_unix2.so nullok use_first_pass +account sufficient pam_ldap.so +account required pam_unix2.so +password sufficient pam_ldap.so +password required pam_unix2.so nullok use_first_pass use_authtok +session required pam_unix2.so --- pam.d/chsh +++ pam.d/chsh 2002/07/16 07:39:25 @@ -1,10 +1,8 @@ #%PAM-1.0 -auth sufficient /lib/security/pam_rootok.so -auth sufficient /lib/security/pam_ldap.so -auth required /lib/security/pam_unix_auth.so try_first_pass -account sufficient /lib/security/pam_ldap.so -account required /lib/security/pam_unix_acct.so -password required /lib/security/pam_cracklib.so -password sufficient /lib/security/pam_ldap.so -password required /lib/security/pam_pwdb.so use_first_pass -session required /lib/security/pam_unix_session.so +auth sufficient pam_ldap.so +auth required pam_unix2.so nullok use_first_pass +account sufficient pam_ldap.so +account required pam_unix2.so +password sufficient pam_ldap.so +password required pam_unix2.so nullok use_first_pass use_authtok +session required pam_unix2.so --- pam.d/ftp +++ pam.d/ftp 2002/07/16 07:39:25 @@ -1,9 +0,0 @@ -#%PAM-1.0 -auth required /lib/security/pam_listfile.so item=user sense=deny file=/etc/ftpusers onerr=succeed -auth required /lib/security/pam_shells.so -auth sufficient /lib/security/pam_ldap.so -auth required /lib/security/pam_pwdb.so shadow nullok -account sufficient /lib/security/pam_ldap.so -account required /lib/security/pam_pwdb.so -#session sufficient /lib/security/pam_ldap.so -session required /lib/security/pam_pwdb.so --- pam.d/ftpd +++ pam.d/ftpd 2002/07/16 07:39:25 @@ -0,0 +1,15 @@ +#%PAM-1.0 + +# Uncomment this to achieve what used to be ftpd -A. +# auth required pam_listfile.so item=user sense=allow file=/etc/ftpchroot onerr=fail + +auth required pam_listfile.so item=user sense=deny file=/etc//ftpusers onerr=succeed +# Uncomment the following line for anonymous ftp. +#auth sufficient pam_ftp.so +auth required pam_shells.so +auth sufficient pam_ldap.so +auth required pam_unix2.so nullok use_first_pass +account sufficient pam_ldap.so +account required pam_unix2.so +password required pam_unix2.so +session required pam_unix2.so --- pam.d/gdm +++ pam.d/gdm 2002/07/16 07:39:25 @@ -1,12 +1,12 @@ #%PAM-1.0 -auth required /lib/security/pam_nologin.so -auth sufficient /lib/security/pam_ldap.so -auth required /lib/security/pam_unix_auth.so try_first_pass -account sufficient /lib/security/pam_ldap.so -account required /lib/security/pam_unix_acct.so -password required /lib/security/pam_cracklib.so -password sufficient /lib/security/pam_ldap.so -password required /lib/security/pam_pwdb.so use_first_pass -session sufficient /lib/security/pam_ldap.so -session required /lib/security/pam_unix_session.so -session optional /lib/security/pam_console.so +auth required pam_nologin.so +auth sufficient pam_ldap.so +auth required pam_unix2.so nullok try_first_pass +auth required pam_env.so +account sufficient pam_ldap.so +account required pam_unix2.so +password required pam_pwcheck.so nullok +password sufficient pam_ldap.so use_first_pass use_authtok +password required pam_unix2.so nullok use_first_pass use_authtok +session required pam_unix2.so none # debug or trace +session required pam_limits.so --- pam.d/halt +++ pam.d/halt 2002/07/16 07:39:25 @@ -1,5 +0,0 @@ -#%PAM-1.0 -auth sufficient /lib/security/pam_rootok.so -auth required /lib/security/pam_console.so -auth required /lib/security/pam_pwdb.so -account required /lib/security/pam_permit.so --- pam.d/imap +++ pam.d/imap 2002/07/16 07:39:25 @@ -1,5 +1,5 @@ #%PAM-1.0 -auth sufficient /lib/security/pam_ldap.so -auth required /lib/security/pam_unix_auth.so try_first_pass -account sufficient /lib/security/pam_ldap.so -account required /lib/security/pam_unix_acct.so +auth sufficient /lib/security/pam_ldap.so +auth required /lib/security/pam_unix2.so try_first_pass +account sufficient /lib/security/pam_ldap.so +account required /lib/security/pam_unix2.so --- pam.d/kde +++ pam.d/kde 2002/07/16 07:39:25 @@ -1,11 +0,0 @@ -#%PAM-1.0 -auth required /lib/security/pam_nologin.so -auth sufficient /lib/security/pam_ldap.so -auth required /lib/security/pam_pwdb.so shadow nullok -account sufficient /lib/security/pam_ldap.so -account required /lib/security/pam_pwdb.so -password required /lib/security/pam_cracklib.so -password required /lib/security/pam_pwdb.so shadow nullok use_authtok -session sufficient /lib/security/pam_ldap.so -session required /lib/security/pam_pwdb.so -session optional /lib/security/pam_console.so --- pam.d/linuxconf +++ pam.d/linuxconf 2002/07/16 07:39:25 @@ -1,5 +0,0 @@ -#%PAM-1.0 -auth sufficient /lib/security/pam_ldap.so -auth required /lib/security/pam_unix_auth.so try_first_pass -account sufficient /lib/security/pam_ldap.so -account required /lib/security/pam_unix_acct.so --- pam.d/linuxconf-pair +++ pam.d/linuxconf-pair 2002/07/16 07:39:26 @@ -1,14 +0,0 @@ -#%PAM-1.0 - -# You can change this file, but anything other than prompting the user -# for a password is added to the stack, authentication will always fail. -# Linuxconf only uses this stack for protocol authentication of a -# username/password pair. -# For all other authentication, it uses the linuxconf service. -# For password changing, it uses the passwd service, so it will -# conveniently share your configuration for the passwd program. - -auth sufficient /lib/security/pam_ldap.so -auth required /lib/security/pam_unix_auth.so try_first_pass -account sufficient /lib/security/pam_ldap.so -account required /lib/security/pam_unix_acct.so --- pam.d/login +++ pam.d/login 2002/07/16 07:39:26 @@ -1,12 +1,15 @@ #%PAM-1.0 -auth required /lib/security/pam_securetty.so -auth required /lib/security/pam_nologin.so -auth sufficient /lib/security/pam_ldap.so -auth required /lib/security/pam_unix_auth.so try_first_pass -account sufficient /lib/security/pam_ldap.so -account required /lib/security/pam_unix_acct.so -password required /lib/security/pam_cracklib.so -password required /lib/security/pam_ldap.so -password required /lib/security/pam_pwdb.so use_first_pass -session required /lib/security/pam_unix_session.so -#session optional /lib/security/pam_console.so +auth required pam_securetty.so +auth required pam_nologin.so +auth sufficient pam_ldap.so +auth required pam_unix2.so nullok try_first_pass #set_secrpc +account sufficient pam_ldap.so +account required pam_unix2.so +password required pam_pwcheck.so nullok +password required pam_ldap.so use_first_pass use_authok +password required pam_unix2.so nullok use_first_pass use_authtok +session required pam_unix2.so none # debug or trace +session required pam_limits.so +session required pam_env.so +session optional pam_mail.so + --- pam.d/mcserv +++ pam.d/mcserv 2002/07/16 07:39:26 @@ -1,9 +0,0 @@ -#%PAM-1.0 -auth required /lib/security/pam_listfile.so item=user sense=deny file=/etc/ftpusers onerr=succeed -auth sufficient /lib/security/pam_ldap.so -auth required /lib/security/pam_pwdb.so shadow nullok -auth required /lib/security/pam_shells.so -account sufficient /lib/security/pam_ldap.so -account required /lib/security/pam_pwdb.so -session sufficient /lib/security/pam_ldap.so -session required /lib/security/pam_pwdb.so --- pam.d/passwd +++ pam.d/passwd 2002/07/16 07:39:26 @@ -1,8 +1,9 @@ #%PAM-1.0 -auth sufficient /lib/security/pam_ldap.so -auth required /lib/security/pam_unix_auth.so use_first_pass -account sufficient /lib/security/pam_ldap.so -account required /lib/security/pam_unix_acct.so -password required /lib/security/pam_cracklib.so retry=3 -password sufficient /lib/security/pam_ldap.so -password required /lib/security/pam_pwdb.so try_first_pass +auth sufficient /lib/security/pam_ldap.so +auth required /lib/security/pam_unix2.so nullok use_first_pass +account sufficient /lib/security/pam_ldap.so +account required /lib/security/pam_unix2.so +password required /lib/security/pam_pwcheck.so nullok +password sufficient /lib/security/pam_ldap.so use_first_pass use_authtok +password required /lib/security/pam_unix2.so nullok use_first_pass use_aut +session required /lib/security/pam_unix2.so --- pam.d/pop +++ pam.d/pop 2002/07/16 07:39:26 @@ -1,5 +1,5 @@ #%PAM-1.0 -auth sufficient /lib/security/pam_ldap.so -auth required /lib/security/pam_unix_auth.so try_first_pass -account sufficient /lib/security/pam_ldap.so -account required /lib/security/pam_unix_acct.so +auth sufficient pam_ldap.so +auth required pam_unix2.so try_first_pass +account sufficient pam_ldap.so +account required pam_unix2.so --- pam.d/poweroff +++ pam.d/poweroff 2002/07/16 07:39:26 @@ -1,6 +0,0 @@ -#%PAM-1.0 -auth sufficient /lib/security/pam_rootok.so -auth required /lib/security/pam_console.so -auth sufficient /lib/security/pam_ldap.so -auth required /lib/security/pam_pwdb.so -account required /lib/security/pam_permit.so --- pam.d/ppp +++ pam.d/ppp 2002/07/16 07:39:26 @@ -1,5 +1,10 @@ #%PAM-1.0 -auth required pam_nologin.so -auth required pam_pwdb.so shadow nullok -account required pam_pwdb.so -session required pam_pwdb.so +auth sufficient pam_ldap.so +auth required pam_unix2.so nullok try_first_pass #set_secrpc +account sufficient pam_ldap.so +account required pam_unix2.so +password required pam_pwcheck.so nullok +password required pam_ldap.so use_first_pass use_authok +password required pam_unix2.so nullok use_first_pass use_authtok +session required pam_unix2.so none # debug or trace + --- pam.d/radius +++ pam.d/radius 2002/07/16 07:39:26 @@ -0,0 +1,10 @@ +#%PAM-1.0 +auth required pam_nologin.so +auth sufficient pam_ldap.so +auth required pam_unix2.so nullok try_first_pass #set_secrpc +account sufficient pam_ldap.so +account required pam_unix2.so +password required pam_pwcheck.so nullok +password required pam_ldap.so use_first_pass use_authok +password required pam_unix2.so nullok use_first_pass use_authtok +session required pam_unix2.so none # debug or trace --- pam.d/reboot +++ pam.d/reboot 2002/07/16 07:39:26 @@ -1,6 +0,0 @@ -#%PAM-1.0 -auth sufficient /lib/security/pam_rootok.so -auth required /lib/security/pam_console.so -auth sufficient /lib/security/pam_ldap.so -auth required /lib/security/pam_pwdb.so -account required /lib/security/pam_permit.so --- pam.d/rexec +++ pam.d/rexec 2002/07/16 07:39:26 @@ -1,7 +1,9 @@ #%PAM-1.0 -auth required /lib/security/pam_securetty.so -auth required /lib/security/pam_nologin.so -auth sufficient /lib/security/pam_ldap.so -auth required /lib/security/pam_unix_auth.so try_first_pass -account sufficient /lib/security/pam_ldap.so -account required /lib/security/pam_unix_acct.so +auth required pam_nologin.so +auth sufficient pam_ldap.so +auth required pam_unix2.so try_first_pass +account sufficient pam_ldap.so +account required pam_unix2.so +password required pam_unix2.so +session required pam_unix2.so + --- pam.d/rlogin +++ pam.d/rlogin 2002/07/16 07:39:26 @@ -1,11 +1,13 @@ -auth required /lib/security/pam_securetty.so -auth sufficient /lib/security/pam_rhosts_auth.so -auth required /lib/security/pam_nologin.so -auth sufficient /lib/security/pam_ldap.so -auth required /lib/security/pam_unix_auth.so try_first_pass -account sufficient /lib/security/pam_ldap.so -account required /lib/security/pam_unix_acct.so -password required /lib/security/pam_cracklib.so -password sufficient /lib/security/pam_ldap.so -password required /lib/security/pam_pwdb.so use_first_pass -session required /lib/security/pam_unix_session.so +#%PAM-1.0 +auth required pam_securetty.so +auth required pam_nologin.so +auth sufficient pam_rhosts_auth.so +auth sufficient pam_ldap.so +auth required pam_unix2.so try_first_pass #set_secrpc +account sufficient pam_ldap.so +account required pam_unix2.so +password required pam_pwcheck.so nullok +password sufficient pam_ldap.so use_first_pass use_authtok +password required pam_unix2.so nullok use_first_pass use_authtok +session required pam_unix2.so none # debug or trace +session optional pam_mail.so --- pam.d/rsh +++ pam.d/rsh 2002/07/16 07:39:26 @@ -1,6 +1,8 @@ #%PAM-1.0 -auth required /lib/security/pam_rhosts_auth.so -auth required /lib/security/pam_nologin.so -account sufficient /lib/security/pam_ldap.so -account required /lib/security/pam_unix_acct.so try_first_pass -session required /lib/security/pam_unix_session.so +auth required pam_rhosts_auth.so +auth required pam_nologin.so +account sufficient pam_ldap.so +account required pam_unix2.so +password required pam_unix2.so +session required pam_unix2.so none # debug or trace + --- pam.d/samba +++ pam.d/samba 2002/07/16 07:39:26 @@ -1,5 +1,5 @@ #%PAM-1.0 -auth sufficient /lib/security/pam_ldap.so -auth required /lib/security/pam_unix_auth.so try_first_pass -account sufficient /lib/security/pam_ldap.so -account required /lib/security/pam_unix_acct.so +auth sufficient pam_ldap.so +auth required pam_unix2.so try_first_pass +account sufficient pam_ldap.so +account required pam_unix2.so --- pam.d/shutdown +++ pam.d/shutdown 2002/07/16 07:39:26 @@ -1,6 +0,0 @@ -#%PAM-1.0 -auth sufficient /lib/security/pam_rootok.so -auth required /lib/security/pam_console.so -auth sufficient /lib/security/pam_ldap.so -auth required /lib/security/pam_pwdb.so -account required /lib/security/pam_permit.so --- pam.d/ssh +++ pam.d/ssh 2002/07/16 07:39:26 @@ -1,10 +0,0 @@ -#%PAM-1.0 -auth required /lib/security/pam_nologin.so -auth sufficient /lib/security/pam_ldap.so -auth required /lib/security/pam_unix_auth.so try_first_pass -account sufficient /lib/security/pam_ldap.so -account required /lib/security/pam_unix_acct.so -password required /lib/security/pam_cracklib.so -password sufficient /lib/security/pam_ldap.so -password required /lib/security/pam_pwdb.so use_first_pass -session required /lib/security/pam_unix_session.so --- pam.d/sshd +++ pam.d/sshd 2002/07/16 07:39:26 @@ -0,0 +1,13 @@ +#%PAM-1.0 +auth required pam_nologin.so +auth sufficient pam_ldap.so +auth required pam_unix2.so use_first_pass # set_secrpc +account required pam_unix2.so +password required pam_pwcheck.so +password required pam_ldap.so use_authtok +password required pam_unix2.so use_first_pass use_authtok +session required pam_unix2.so +session required pam_limits.so +session required pam_env.so +session optional pam_mail.so + --- pam.d/su +++ pam.d/su 2002/07/16 07:39:26 @@ -1,9 +1,9 @@ #%PAM-1.0 -auth sufficient /lib/security/pam_ldap.so -auth required /lib/security/pam_unix_auth.so use_first_pass -account sufficient /lib/security/pam_ldap.so -account required /lib/security/pam_unix_acct.so -password required /lib/security/pam_cracklib.so -password sufficient /lib/security/pam_ldap.so -password required /lib/security/pam_pwdb.so use_first_pass -session required /lib/security/pam_unix_session.so +auth sufficient pam_rootok.so +auth sufficient pam_ldap.so +auth required pam_unix2.so use_first_pass nullok #set_secrpc +account sufficient pam_ldap.so +account required pam_unix2.so +password sufficient pam_ldap.so +password required pam_unix2.so +session required pam_unix2.so none # debug or trace --- pam.d/su1 +++ pam.d/su1 2002/07/16 07:39:26 @@ -0,0 +1,5 @@ +#%PAM-1.0 +auth requisite pam_ldap.so +auth required pam_unix2.so try_first_pass +account requisite pam_ldap.so +account required pam_permit.so --- pam.d/sudo +++ pam.d/sudo 2002/07/16 07:39:26 @@ -0,0 +1,4 @@ +#%PAM-1.0 +auth requisite pam_ldap.so +auth required pam_unix2.so use_first_try + --- pam.d/wu-ftpd +++ pam.d/wu-ftpd 2002/07/16 07:39:26 @@ -0,0 +1,8 @@ +#%PAM-1.0 +auth required pam_listfile.so item=user sense=deny file=/etc/ftpusers onerr=succeed +auth required pam_shells.so +auth sufficient pam_ldap.so +auth required pam_unix2.so try_first_pass +account sufficient pam_ldap.so +account required pam_unix2.so +session required pam_unix2.so none # debug or trace --- pam.d/xdm +++ pam.d/xdm 2002/07/16 07:39:26 @@ -1,13 +1,11 @@ #%PAM-1.0 -auth required /lib/security/pam_nologin.so -auth sufficient /lib/security/pam_ldap.so -auth required /lib/security/pam_unix_auth.so try_first_pass -auth required /lib/security/pam_nologin.so -account sufficient /lib/security/pam_ldap.so -account required /lib/security/pam_unix_acct.so -password required /lib/security/pam_cracklib.so -password sufficient /lib/security/pam_ldap.so -password required /lib/security/pam_pwdb.so use_first_pass -session sufficient /lib/security/pam_ldap -session required /lib/security/pam_unix_session.so -session optional /lib/security/pam_console.so +auth sufficient pam_ldap.so +auth required pam_unix2.so nullok try_first_pass #set_secrpc +account sufficient pam_ldap.so +account required pam_unix2.so +password required pam_pwcheck.so nullok +password sufficient pam_ldap.so use_first_pass use_authtok +password required pam_unix2.so nullok use_first_pass use_authtok +session required pam_unix2.so debug # trace or none +session required pam_devperm.so + --- pam.d/xlock +++ pam.d/xlock 2002/07/16 07:39:26 @@ -1,3 +1,4 @@ #%PAM-1.0 -auth sufficient /lib/security/pam_ldap.so -auth required /lib/security/pam_pwdb.so shadow nullok +auth requisite /lib/security/pam_ldap.so +auth required /lib/security/pam_unix2.so use_first_pass nullok + --- pam.d/xserver +++ pam.d/xserver 2002/07/16 07:39:26 @@ -1,4 +0,0 @@ -#%PAM-1.0 -auth sufficient /lib/security/pam_rootok.so -auth required /lib/security/pam_console.so -account required /lib/security/pam_permit.so --- Makefile.am +++ Makefile.am 2004/03/13 15:30:29 @@ -21,12 +21,12 @@ @$(NORMAL_INSTALL) $(mkinstalldirs) $(DESTDIR)$(libdir)/security if EXTENSION_SO - $(INSTALL_PROGRAM) -o root -g root pam_ldap.so $(DESTDIR)$(libdir)/security/pam_ldap.so + $(INSTALL_PROGRAM) pam_ldap.so $(DESTDIR)$(libdir)/security/pam_ldap.so else if EXTENSION_1 - $(INSTALL_PROGRAM) -o root -g root pam_ldap.so $(DESTDIR)$(libdir)/security/libpam_ldap.1 + $(INSTALL_PROGRAM) pam_ldap.so $(DESTDIR)$(libdir)/security/libpam_ldap.1 else - $(INSTALL_PROGRAM) -o root -g root pam_ldap.so $(DESTDIR)$(libdir)/security/pam_ldap.so.1 + $(INSTALL_PROGRAM) pam_ldap.so $(DESTDIR)$(libdir)/security/pam_ldap.so.1 (cd $(DESTDIR)$(libdir)/security; rm -f pam_ldap.so; ln -s pam_ldap.so.1 pam_ldap.so) endif endif @@ -35,7 +35,7 @@ @$(NORMAL_INSTALL) @if test ! -f $(DESTDIR)$(sysconfdir)/ldap.conf; then \ $(mkinstalldirs) $(DESTDIR)$(sysconfdir); \ - $(INSTALL_DATA) -o root -g root $(srcdir)/ldap.conf $(DESTDIR)$(sysconfdir)/ldap.conf; \ + $(INSTALL_DATA) $(srcdir)/ldap.conf $(DESTDIR)$(sysconfdir)/ldap.conf; \ fi uninstall-local: --- pam_ldap.c 2004/10/15 08:11:09 1.1 +++ pam_ldap.c 2004/10/15 08:12:14 @@ -653,7 +653,7 @@ result->max_uid = 0; result->tmplattr = NULL; result->tmpluser = NULL; - result->tls_checkpeer = -1; + result->tls_checkpeer = 0; result->tls_cacertfile = NULL; result->tls_cacertdir = NULL; result->tls_ciphers = NULL; @@ -3850,7 +3850,7 @@ snprintf (buf, sizeof buf, "Your LDAP password will expire in %ld day%s.", expirein, (expirein == 1) ? "" : "s"); - _conv_sendmsg (appconv, buf, PAM_ERROR_MSG, no_warn); + _conv_sendmsg (appconv, buf, PAM_TEXT_INFO, no_warn); /* we set this to make sure that user can't abort a password change */ (void) pam_set_data (pamh, PADL_LDAP_AUTHTOK_DATA,
