File pam_ldap.patch of Package pam_ldap
--- pam.d/WARNING
+++ pam.d/WARNING 2002/07/16 07:39:25
@@ -0,0 +1,8 @@
+This configuration files are not tested on a SuSE Linux system!
+We have only included them as example how to configure PAM
+correct with pam_ldap.
+
+On SuSE Linux, you only need to edit /etc/security/pam_unix2.conf
+and add the "use_ldap" option to the account, auth and password
+management. If you configure LDAP with YaST2, YaST2 will do this
+for you.
--- pam.d/chfn
+++ pam.d/chfn 2002/07/16 07:39:25
@@ -1,10 +1,8 @@
#%PAM-1.0
-auth sufficient /lib/security/pam_rootok.so
-auth sufficient /lib/security/pam_ldap.so
-auth required /lib/security/pam_unix_auth.so use_first_pass
-account sufficient /lib/security/pam_ldap.so
-account required /lib/security/pam_unix_acct.so
-password required /lib/security/pam_cracklib.so
-password sufficient /lib/security/pam_ldap.so
-password required /lib/security/pam_pwdb.so use_first_pass
-session required /lib/security/pam_unix_session.so
+auth sufficient pam_ldap.so
+auth required pam_unix2.so nullok use_first_pass
+account sufficient pam_ldap.so
+account required pam_unix2.so
+password sufficient pam_ldap.so
+password required pam_unix2.so nullok use_first_pass use_authtok
+session required pam_unix2.so
--- pam.d/chsh
+++ pam.d/chsh 2002/07/16 07:39:25
@@ -1,10 +1,8 @@
#%PAM-1.0
-auth sufficient /lib/security/pam_rootok.so
-auth sufficient /lib/security/pam_ldap.so
-auth required /lib/security/pam_unix_auth.so try_first_pass
-account sufficient /lib/security/pam_ldap.so
-account required /lib/security/pam_unix_acct.so
-password required /lib/security/pam_cracklib.so
-password sufficient /lib/security/pam_ldap.so
-password required /lib/security/pam_pwdb.so use_first_pass
-session required /lib/security/pam_unix_session.so
+auth sufficient pam_ldap.so
+auth required pam_unix2.so nullok use_first_pass
+account sufficient pam_ldap.so
+account required pam_unix2.so
+password sufficient pam_ldap.so
+password required pam_unix2.so nullok use_first_pass use_authtok
+session required pam_unix2.so
--- pam.d/ftp
+++ pam.d/ftp 2002/07/16 07:39:25
@@ -1,9 +0,0 @@
-#%PAM-1.0
-auth required /lib/security/pam_listfile.so item=user sense=deny file=/etc/ftpusers onerr=succeed
-auth required /lib/security/pam_shells.so
-auth sufficient /lib/security/pam_ldap.so
-auth required /lib/security/pam_pwdb.so shadow nullok
-account sufficient /lib/security/pam_ldap.so
-account required /lib/security/pam_pwdb.so
-#session sufficient /lib/security/pam_ldap.so
-session required /lib/security/pam_pwdb.so
--- pam.d/ftpd
+++ pam.d/ftpd 2002/07/16 07:39:25
@@ -0,0 +1,15 @@
+#%PAM-1.0
+
+# Uncomment this to achieve what used to be ftpd -A.
+# auth required pam_listfile.so item=user sense=allow file=/etc/ftpchroot onerr=fail
+
+auth required pam_listfile.so item=user sense=deny file=/etc//ftpusers onerr=succeed
+# Uncomment the following line for anonymous ftp.
+#auth sufficient pam_ftp.so
+auth required pam_shells.so
+auth sufficient pam_ldap.so
+auth required pam_unix2.so nullok use_first_pass
+account sufficient pam_ldap.so
+account required pam_unix2.so
+password required pam_unix2.so
+session required pam_unix2.so
--- pam.d/gdm
+++ pam.d/gdm 2002/07/16 07:39:25
@@ -1,12 +1,12 @@
#%PAM-1.0
-auth required /lib/security/pam_nologin.so
-auth sufficient /lib/security/pam_ldap.so
-auth required /lib/security/pam_unix_auth.so try_first_pass
-account sufficient /lib/security/pam_ldap.so
-account required /lib/security/pam_unix_acct.so
-password required /lib/security/pam_cracklib.so
-password sufficient /lib/security/pam_ldap.so
-password required /lib/security/pam_pwdb.so use_first_pass
-session sufficient /lib/security/pam_ldap.so
-session required /lib/security/pam_unix_session.so
-session optional /lib/security/pam_console.so
+auth required pam_nologin.so
+auth sufficient pam_ldap.so
+auth required pam_unix2.so nullok try_first_pass
+auth required pam_env.so
+account sufficient pam_ldap.so
+account required pam_unix2.so
+password required pam_pwcheck.so nullok
+password sufficient pam_ldap.so use_first_pass use_authtok
+password required pam_unix2.so nullok use_first_pass use_authtok
+session required pam_unix2.so none # debug or trace
+session required pam_limits.so
--- pam.d/halt
+++ pam.d/halt 2002/07/16 07:39:25
@@ -1,5 +0,0 @@
-#%PAM-1.0
-auth sufficient /lib/security/pam_rootok.so
-auth required /lib/security/pam_console.so
-auth required /lib/security/pam_pwdb.so
-account required /lib/security/pam_permit.so
--- pam.d/imap
+++ pam.d/imap 2002/07/16 07:39:25
@@ -1,5 +1,5 @@
#%PAM-1.0
-auth sufficient /lib/security/pam_ldap.so
-auth required /lib/security/pam_unix_auth.so try_first_pass
-account sufficient /lib/security/pam_ldap.so
-account required /lib/security/pam_unix_acct.so
+auth sufficient /lib/security/pam_ldap.so
+auth required /lib/security/pam_unix2.so try_first_pass
+account sufficient /lib/security/pam_ldap.so
+account required /lib/security/pam_unix2.so
--- pam.d/kde
+++ pam.d/kde 2002/07/16 07:39:25
@@ -1,11 +0,0 @@
-#%PAM-1.0
-auth required /lib/security/pam_nologin.so
-auth sufficient /lib/security/pam_ldap.so
-auth required /lib/security/pam_pwdb.so shadow nullok
-account sufficient /lib/security/pam_ldap.so
-account required /lib/security/pam_pwdb.so
-password required /lib/security/pam_cracklib.so
-password required /lib/security/pam_pwdb.so shadow nullok use_authtok
-session sufficient /lib/security/pam_ldap.so
-session required /lib/security/pam_pwdb.so
-session optional /lib/security/pam_console.so
--- pam.d/linuxconf
+++ pam.d/linuxconf 2002/07/16 07:39:25
@@ -1,5 +0,0 @@
-#%PAM-1.0
-auth sufficient /lib/security/pam_ldap.so
-auth required /lib/security/pam_unix_auth.so try_first_pass
-account sufficient /lib/security/pam_ldap.so
-account required /lib/security/pam_unix_acct.so
--- pam.d/linuxconf-pair
+++ pam.d/linuxconf-pair 2002/07/16 07:39:26
@@ -1,14 +0,0 @@
-#%PAM-1.0
-
-# You can change this file, but anything other than prompting the user
-# for a password is added to the stack, authentication will always fail.
-# Linuxconf only uses this stack for protocol authentication of a
-# username/password pair.
-# For all other authentication, it uses the linuxconf service.
-# For password changing, it uses the passwd service, so it will
-# conveniently share your configuration for the passwd program.
-
-auth sufficient /lib/security/pam_ldap.so
-auth required /lib/security/pam_unix_auth.so try_first_pass
-account sufficient /lib/security/pam_ldap.so
-account required /lib/security/pam_unix_acct.so
--- pam.d/login
+++ pam.d/login 2002/07/16 07:39:26
@@ -1,12 +1,15 @@
#%PAM-1.0
-auth required /lib/security/pam_securetty.so
-auth required /lib/security/pam_nologin.so
-auth sufficient /lib/security/pam_ldap.so
-auth required /lib/security/pam_unix_auth.so try_first_pass
-account sufficient /lib/security/pam_ldap.so
-account required /lib/security/pam_unix_acct.so
-password required /lib/security/pam_cracklib.so
-password required /lib/security/pam_ldap.so
-password required /lib/security/pam_pwdb.so use_first_pass
-session required /lib/security/pam_unix_session.so
-#session optional /lib/security/pam_console.so
+auth required pam_securetty.so
+auth required pam_nologin.so
+auth sufficient pam_ldap.so
+auth required pam_unix2.so nullok try_first_pass #set_secrpc
+account sufficient pam_ldap.so
+account required pam_unix2.so
+password required pam_pwcheck.so nullok
+password required pam_ldap.so use_first_pass use_authok
+password required pam_unix2.so nullok use_first_pass use_authtok
+session required pam_unix2.so none # debug or trace
+session required pam_limits.so
+session required pam_env.so
+session optional pam_mail.so
+
--- pam.d/mcserv
+++ pam.d/mcserv 2002/07/16 07:39:26
@@ -1,9 +0,0 @@
-#%PAM-1.0
-auth required /lib/security/pam_listfile.so item=user sense=deny file=/etc/ftpusers onerr=succeed
-auth sufficient /lib/security/pam_ldap.so
-auth required /lib/security/pam_pwdb.so shadow nullok
-auth required /lib/security/pam_shells.so
-account sufficient /lib/security/pam_ldap.so
-account required /lib/security/pam_pwdb.so
-session sufficient /lib/security/pam_ldap.so
-session required /lib/security/pam_pwdb.so
--- pam.d/passwd
+++ pam.d/passwd 2002/07/16 07:39:26
@@ -1,8 +1,9 @@
#%PAM-1.0
-auth sufficient /lib/security/pam_ldap.so
-auth required /lib/security/pam_unix_auth.so use_first_pass
-account sufficient /lib/security/pam_ldap.so
-account required /lib/security/pam_unix_acct.so
-password required /lib/security/pam_cracklib.so retry=3
-password sufficient /lib/security/pam_ldap.so
-password required /lib/security/pam_pwdb.so try_first_pass
+auth sufficient /lib/security/pam_ldap.so
+auth required /lib/security/pam_unix2.so nullok use_first_pass
+account sufficient /lib/security/pam_ldap.so
+account required /lib/security/pam_unix2.so
+password required /lib/security/pam_pwcheck.so nullok
+password sufficient /lib/security/pam_ldap.so use_first_pass use_authtok
+password required /lib/security/pam_unix2.so nullok use_first_pass use_aut
+session required /lib/security/pam_unix2.so
--- pam.d/pop
+++ pam.d/pop 2002/07/16 07:39:26
@@ -1,5 +1,5 @@
#%PAM-1.0
-auth sufficient /lib/security/pam_ldap.so
-auth required /lib/security/pam_unix_auth.so try_first_pass
-account sufficient /lib/security/pam_ldap.so
-account required /lib/security/pam_unix_acct.so
+auth sufficient pam_ldap.so
+auth required pam_unix2.so try_first_pass
+account sufficient pam_ldap.so
+account required pam_unix2.so
--- pam.d/poweroff
+++ pam.d/poweroff 2002/07/16 07:39:26
@@ -1,6 +0,0 @@
-#%PAM-1.0
-auth sufficient /lib/security/pam_rootok.so
-auth required /lib/security/pam_console.so
-auth sufficient /lib/security/pam_ldap.so
-auth required /lib/security/pam_pwdb.so
-account required /lib/security/pam_permit.so
--- pam.d/ppp
+++ pam.d/ppp 2002/07/16 07:39:26
@@ -1,5 +1,10 @@
#%PAM-1.0
-auth required pam_nologin.so
-auth required pam_pwdb.so shadow nullok
-account required pam_pwdb.so
-session required pam_pwdb.so
+auth sufficient pam_ldap.so
+auth required pam_unix2.so nullok try_first_pass #set_secrpc
+account sufficient pam_ldap.so
+account required pam_unix2.so
+password required pam_pwcheck.so nullok
+password required pam_ldap.so use_first_pass use_authok
+password required pam_unix2.so nullok use_first_pass use_authtok
+session required pam_unix2.so none # debug or trace
+
--- pam.d/radius
+++ pam.d/radius 2002/07/16 07:39:26
@@ -0,0 +1,10 @@
+#%PAM-1.0
+auth required pam_nologin.so
+auth sufficient pam_ldap.so
+auth required pam_unix2.so nullok try_first_pass #set_secrpc
+account sufficient pam_ldap.so
+account required pam_unix2.so
+password required pam_pwcheck.so nullok
+password required pam_ldap.so use_first_pass use_authok
+password required pam_unix2.so nullok use_first_pass use_authtok
+session required pam_unix2.so none # debug or trace
--- pam.d/reboot
+++ pam.d/reboot 2002/07/16 07:39:26
@@ -1,6 +0,0 @@
-#%PAM-1.0
-auth sufficient /lib/security/pam_rootok.so
-auth required /lib/security/pam_console.so
-auth sufficient /lib/security/pam_ldap.so
-auth required /lib/security/pam_pwdb.so
-account required /lib/security/pam_permit.so
--- pam.d/rexec
+++ pam.d/rexec 2002/07/16 07:39:26
@@ -1,7 +1,9 @@
#%PAM-1.0
-auth required /lib/security/pam_securetty.so
-auth required /lib/security/pam_nologin.so
-auth sufficient /lib/security/pam_ldap.so
-auth required /lib/security/pam_unix_auth.so try_first_pass
-account sufficient /lib/security/pam_ldap.so
-account required /lib/security/pam_unix_acct.so
+auth required pam_nologin.so
+auth sufficient pam_ldap.so
+auth required pam_unix2.so try_first_pass
+account sufficient pam_ldap.so
+account required pam_unix2.so
+password required pam_unix2.so
+session required pam_unix2.so
+
--- pam.d/rlogin
+++ pam.d/rlogin 2002/07/16 07:39:26
@@ -1,11 +1,13 @@
-auth required /lib/security/pam_securetty.so
-auth sufficient /lib/security/pam_rhosts_auth.so
-auth required /lib/security/pam_nologin.so
-auth sufficient /lib/security/pam_ldap.so
-auth required /lib/security/pam_unix_auth.so try_first_pass
-account sufficient /lib/security/pam_ldap.so
-account required /lib/security/pam_unix_acct.so
-password required /lib/security/pam_cracklib.so
-password sufficient /lib/security/pam_ldap.so
-password required /lib/security/pam_pwdb.so use_first_pass
-session required /lib/security/pam_unix_session.so
+#%PAM-1.0
+auth required pam_securetty.so
+auth required pam_nologin.so
+auth sufficient pam_rhosts_auth.so
+auth sufficient pam_ldap.so
+auth required pam_unix2.so try_first_pass #set_secrpc
+account sufficient pam_ldap.so
+account required pam_unix2.so
+password required pam_pwcheck.so nullok
+password sufficient pam_ldap.so use_first_pass use_authtok
+password required pam_unix2.so nullok use_first_pass use_authtok
+session required pam_unix2.so none # debug or trace
+session optional pam_mail.so
--- pam.d/rsh
+++ pam.d/rsh 2002/07/16 07:39:26
@@ -1,6 +1,8 @@
#%PAM-1.0
-auth required /lib/security/pam_rhosts_auth.so
-auth required /lib/security/pam_nologin.so
-account sufficient /lib/security/pam_ldap.so
-account required /lib/security/pam_unix_acct.so try_first_pass
-session required /lib/security/pam_unix_session.so
+auth required pam_rhosts_auth.so
+auth required pam_nologin.so
+account sufficient pam_ldap.so
+account required pam_unix2.so
+password required pam_unix2.so
+session required pam_unix2.so none # debug or trace
+
--- pam.d/samba
+++ pam.d/samba 2002/07/16 07:39:26
@@ -1,5 +1,5 @@
#%PAM-1.0
-auth sufficient /lib/security/pam_ldap.so
-auth required /lib/security/pam_unix_auth.so try_first_pass
-account sufficient /lib/security/pam_ldap.so
-account required /lib/security/pam_unix_acct.so
+auth sufficient pam_ldap.so
+auth required pam_unix2.so try_first_pass
+account sufficient pam_ldap.so
+account required pam_unix2.so
--- pam.d/shutdown
+++ pam.d/shutdown 2002/07/16 07:39:26
@@ -1,6 +0,0 @@
-#%PAM-1.0
-auth sufficient /lib/security/pam_rootok.so
-auth required /lib/security/pam_console.so
-auth sufficient /lib/security/pam_ldap.so
-auth required /lib/security/pam_pwdb.so
-account required /lib/security/pam_permit.so
--- pam.d/ssh
+++ pam.d/ssh 2002/07/16 07:39:26
@@ -1,10 +0,0 @@
-#%PAM-1.0
-auth required /lib/security/pam_nologin.so
-auth sufficient /lib/security/pam_ldap.so
-auth required /lib/security/pam_unix_auth.so try_first_pass
-account sufficient /lib/security/pam_ldap.so
-account required /lib/security/pam_unix_acct.so
-password required /lib/security/pam_cracklib.so
-password sufficient /lib/security/pam_ldap.so
-password required /lib/security/pam_pwdb.so use_first_pass
-session required /lib/security/pam_unix_session.so
--- pam.d/sshd
+++ pam.d/sshd 2002/07/16 07:39:26
@@ -0,0 +1,13 @@
+#%PAM-1.0
+auth required pam_nologin.so
+auth sufficient pam_ldap.so
+auth required pam_unix2.so use_first_pass # set_secrpc
+account required pam_unix2.so
+password required pam_pwcheck.so
+password required pam_ldap.so use_authtok
+password required pam_unix2.so use_first_pass use_authtok
+session required pam_unix2.so
+session required pam_limits.so
+session required pam_env.so
+session optional pam_mail.so
+
--- pam.d/su
+++ pam.d/su 2002/07/16 07:39:26
@@ -1,9 +1,9 @@
#%PAM-1.0
-auth sufficient /lib/security/pam_ldap.so
-auth required /lib/security/pam_unix_auth.so use_first_pass
-account sufficient /lib/security/pam_ldap.so
-account required /lib/security/pam_unix_acct.so
-password required /lib/security/pam_cracklib.so
-password sufficient /lib/security/pam_ldap.so
-password required /lib/security/pam_pwdb.so use_first_pass
-session required /lib/security/pam_unix_session.so
+auth sufficient pam_rootok.so
+auth sufficient pam_ldap.so
+auth required pam_unix2.so use_first_pass nullok #set_secrpc
+account sufficient pam_ldap.so
+account required pam_unix2.so
+password sufficient pam_ldap.so
+password required pam_unix2.so
+session required pam_unix2.so none # debug or trace
--- pam.d/su1
+++ pam.d/su1 2002/07/16 07:39:26
@@ -0,0 +1,5 @@
+#%PAM-1.0
+auth requisite pam_ldap.so
+auth required pam_unix2.so try_first_pass
+account requisite pam_ldap.so
+account required pam_permit.so
--- pam.d/sudo
+++ pam.d/sudo 2002/07/16 07:39:26
@@ -0,0 +1,4 @@
+#%PAM-1.0
+auth requisite pam_ldap.so
+auth required pam_unix2.so use_first_try
+
--- pam.d/wu-ftpd
+++ pam.d/wu-ftpd 2002/07/16 07:39:26
@@ -0,0 +1,8 @@
+#%PAM-1.0
+auth required pam_listfile.so item=user sense=deny file=/etc/ftpusers onerr=succeed
+auth required pam_shells.so
+auth sufficient pam_ldap.so
+auth required pam_unix2.so try_first_pass
+account sufficient pam_ldap.so
+account required pam_unix2.so
+session required pam_unix2.so none # debug or trace
--- pam.d/xdm
+++ pam.d/xdm 2002/07/16 07:39:26
@@ -1,13 +1,11 @@
#%PAM-1.0
-auth required /lib/security/pam_nologin.so
-auth sufficient /lib/security/pam_ldap.so
-auth required /lib/security/pam_unix_auth.so try_first_pass
-auth required /lib/security/pam_nologin.so
-account sufficient /lib/security/pam_ldap.so
-account required /lib/security/pam_unix_acct.so
-password required /lib/security/pam_cracklib.so
-password sufficient /lib/security/pam_ldap.so
-password required /lib/security/pam_pwdb.so use_first_pass
-session sufficient /lib/security/pam_ldap
-session required /lib/security/pam_unix_session.so
-session optional /lib/security/pam_console.so
+auth sufficient pam_ldap.so
+auth required pam_unix2.so nullok try_first_pass #set_secrpc
+account sufficient pam_ldap.so
+account required pam_unix2.so
+password required pam_pwcheck.so nullok
+password sufficient pam_ldap.so use_first_pass use_authtok
+password required pam_unix2.so nullok use_first_pass use_authtok
+session required pam_unix2.so debug # trace or none
+session required pam_devperm.so
+
--- pam.d/xlock
+++ pam.d/xlock 2002/07/16 07:39:26
@@ -1,3 +1,4 @@
#%PAM-1.0
-auth sufficient /lib/security/pam_ldap.so
-auth required /lib/security/pam_pwdb.so shadow nullok
+auth requisite /lib/security/pam_ldap.so
+auth required /lib/security/pam_unix2.so use_first_pass nullok
+
--- pam.d/xserver
+++ pam.d/xserver 2002/07/16 07:39:26
@@ -1,4 +0,0 @@
-#%PAM-1.0
-auth sufficient /lib/security/pam_rootok.so
-auth required /lib/security/pam_console.so
-account required /lib/security/pam_permit.so
--- Makefile.am
+++ Makefile.am 2004/03/13 15:30:29
@@ -21,12 +21,12 @@
@$(NORMAL_INSTALL)
$(mkinstalldirs) $(DESTDIR)$(libdir)/security
if EXTENSION_SO
- $(INSTALL_PROGRAM) -o root -g root pam_ldap.so $(DESTDIR)$(libdir)/security/pam_ldap.so
+ $(INSTALL_PROGRAM) pam_ldap.so $(DESTDIR)$(libdir)/security/pam_ldap.so
else
if EXTENSION_1
- $(INSTALL_PROGRAM) -o root -g root pam_ldap.so $(DESTDIR)$(libdir)/security/libpam_ldap.1
+ $(INSTALL_PROGRAM) pam_ldap.so $(DESTDIR)$(libdir)/security/libpam_ldap.1
else
- $(INSTALL_PROGRAM) -o root -g root pam_ldap.so $(DESTDIR)$(libdir)/security/pam_ldap.so.1
+ $(INSTALL_PROGRAM) pam_ldap.so $(DESTDIR)$(libdir)/security/pam_ldap.so.1
(cd $(DESTDIR)$(libdir)/security; rm -f pam_ldap.so; ln -s pam_ldap.so.1 pam_ldap.so)
endif
endif
@@ -35,7 +35,7 @@
@$(NORMAL_INSTALL)
@if test ! -f $(DESTDIR)$(sysconfdir)/ldap.conf; then \
$(mkinstalldirs) $(DESTDIR)$(sysconfdir); \
- $(INSTALL_DATA) -o root -g root $(srcdir)/ldap.conf $(DESTDIR)$(sysconfdir)/ldap.conf; \
+ $(INSTALL_DATA) $(srcdir)/ldap.conf $(DESTDIR)$(sysconfdir)/ldap.conf; \
fi
uninstall-local:
--- pam_ldap.c 2004/10/15 08:11:09 1.1
+++ pam_ldap.c 2004/10/15 08:12:14
@@ -653,7 +653,7 @@
result->max_uid = 0;
result->tmplattr = NULL;
result->tmpluser = NULL;
- result->tls_checkpeer = -1;
+ result->tls_checkpeer = 0;
result->tls_cacertfile = NULL;
result->tls_cacertdir = NULL;
result->tls_ciphers = NULL;
@@ -3850,7 +3850,7 @@
snprintf (buf, sizeof buf,
"Your LDAP password will expire in %ld day%s.",
expirein, (expirein == 1) ? "" : "s");
- _conv_sendmsg (appconv, buf, PAM_ERROR_MSG, no_warn);
+ _conv_sendmsg (appconv, buf, PAM_TEXT_INFO, no_warn);
/* we set this to make sure that user can't abort a password change */
(void) pam_set_data (pamh, PADL_LDAP_AUTHTOK_DATA,