2 # - fix pdf gen or disable it: No fo2pdf processor installed, skip PDF generation
3 # - replace pam_cracklib.so with pam_pwquality.so (backwards compatible with its options), comes with pam-pam_pwquality package
4 # - pam_tally, pam_tally2 are deprecated in favor of pam_faillock
5 # NOTE: https://github.com/linux-pam/linux-pam/releases/download/v%{version}/Linux-PAM-%{version}-docs.tar.xz
6 # is not needed here: it contains documentation in target formats (HTML, PDF) built from sources included in main tarball
9 %bcond_without doc # documentation
10 %bcond_with prelude # Prelude IDS support (in libpam)
11 %bcond_without cracklib # (deprecated) cracklib module
12 %bcond_without tally # (deprecated) tally/tally2 modules
13 %bcond_without selinux # SELinux support
14 %bcond_without audit # Linux Auditing library support
16 %define pam_pld_version 1.1.2-1
17 Summary: Pluggable Authentication Modules: modular, incremental authentication
18 Summary(de.UTF-8): Einsteckbare Authentifizierungsmodule: modulare, inkrementäre Authentifizierung
19 Summary(es.UTF-8): Módulos de autentificación plugables (PAM)
20 Summary(fr.UTF-8): PAM : Pluggable Authentication Modules: modular, incremental authentication
21 Summary(pl.UTF-8): Modularny system uwierzytelniania
22 Summary(pt_BR.UTF-8): Módulos de autenticação plugáveis (PAM)
23 Summary(ru.UTF-8): Интструмент, обеспечивающий аутентификацию для приложений
24 Summary(tr.UTF-8): Modüler, artımsal doğrulama birimleri
25 Summary(uk.UTF-8): Інструмент, що забезпечує аутентифікацію для програм
30 # The library is BSD licensed with option to relicense as GPLv2+
31 # - this option is redundant as the BSD license allows that anyway.
32 # pam_timestamp, pam_loginuid, and pam_console modules are GPLv2+.
33 License: BSD and GPL v2+
35 Source0: https://github.com/linux-pam/linux-pam/releases/download/v%{version}/Linux-PAM-%{version}.tar.xz
36 # Source0-md5: 39fca0523bccec6af4b63b5322276c84
37 Source2: ftp://ftp.pld-linux.org/software/pam/%{name}-pld-%{pam_pld_version}.tar.gz
38 # Source2-md5: f9ec6fcafcf1801bf318e60040244f2e
40 Source4: system-auth.pamd
41 Source5: config-util.pamd
42 Source6: %{name}_selinux_check.pamd
43 Source7: system-auth.5
44 Source8: config-util.5
45 Source9: %{name}.tmpfiles
46 Source10: postlogin.pamd
47 Patch0: %{name}-pld-modules.patch
48 Patch1: %{name}_console-lex-static.patch
49 Patch2: %{name}-tally-fail-close.patch
50 Patch3: %{name}-mkhomedir-notfound.patch
51 Patch4: %{name}-db-gdbm.patch
52 Patch5: %{name}-exec-failok.patch
53 Patch6: update-motd.patch
54 Patch7: pam_console_pam_tty.patch
55 URL: http://www.linux-pam.org/
56 %{?with_audit:BuildRequires: audit-libs-devel >= 1.6.9}
57 BuildRequires: autoconf >= 2.61
58 BuildRequires: automake
60 %{?with_cracklib:BuildRequires: cracklib-devel >= 2.8.3}
62 # gdbm due to db pulling libpthread
63 BuildRequires: gdbm-devel >= 1.8.3-7
64 BuildRequires: gettext-tools >= 0.18.3
65 BuildRequires: glibc-devel >= 6:2.10.1
66 BuildRequires: libnsl-devel
67 %{?with_prelude:BuildRequires: libprelude-devel >= 0.9.0}
68 %{?with_selinux:BuildRequires: libselinux-devel >= 2.1.9}
69 BuildRequires: libtirpc-devel
70 BuildRequires: libtool >= 2:2
71 BuildRequires: libxcrypt-devel
72 %{?with_audit:BuildRequires: linux-libc-headers >= 2.6.23.1}
73 BuildRequires: pkgconfig
74 BuildRequires: tar >= 1:1.22
76 BuildRequires: zlib-devel
78 BuildRequires: docbook-dtd412-xml
79 BuildRequires: docbook-dtd43-xml
80 BuildRequires: docbook-dtd44-xml
81 BuildRequires: docbook-style-xsl >= 1.69.1
84 BuildRequires: libxml2-progs
85 BuildRequires: libxslt-progs
88 Requires: %{name}-libs = %{epoch}:%{version}-%{release}
89 %{?with_audit:Requires: audit-libs >= 1.0.8}
91 Requires: crypt(blowfish)
92 Requires: glibc >= 6:2.5-0.5
93 %{?with_selinux:Requires: libselinux >= 2.1.9}
94 %{?with_cracklib:Requires: pam-pam_cracklib = %{epoch}:%{version}-%{release}}
95 %{?with_tally:Requires: pam-pam_tally = %{epoch}:%{version}-%{release}}
97 Suggests: pam-pam_pwquality
98 Suggests: pam-pam_userdb = %{epoch}:%{version}-%{release}
100 Obsoletes: pam-pam_opie
101 Obsoletes: pam-pam_pwdb
102 Obsoletes: pam-pam_radius
103 Obsoletes: pam-pam_skey
104 Obsoletes: pam-pam_tcpd
107 Conflicts: dev < 3.4-4
108 Conflicts: pam < 0:0.80.1-2
109 Conflicts: udev < 1:138-5
110 BuildRoot: %{tmpdir}/%{name}-%{version}-root-%(id -u -n)
112 %define _sbindir /sbin
115 PAM (Pluggable Authentication Modules) is a powerful, flexible,
116 extensible authentication system which allows the system administrator
117 to configure authentication services individually for every
118 pam-compliant application without recompiling any of the applications.
120 %description -l de.UTF-8
121 PAM (Pluggable Authentication Modules) ist ein leistungsfähiges,
122 flexibles und erweiterbares Authentifizierungssystem, mit dem der
123 Systemverwalter Authentifizierungs-Dienste individuell für jede
124 pam-kompatible Anwendung konfigurieren kann, ohne diese neu
125 kompilieren zu müssen.
127 %description -l es.UTF-8
128 PAM (Módulos de Autenticación Plugables) es un potente, flexible y
129 extensible sistema de autentificación, que permite al administrador
130 del sistema configurar servicios de autentificación individualmente
131 para cada aplicación pam compatible, sin la necesidad de recompilar
132 cualquier una de las aplicaciones.
134 %description -l fr.UTF-8
135 PAM (Pluggable Authentication Modules) est un systéme
136 d'authentification puissant, souple et extensible permettant à
137 l'administrateur système de configurer les individuellement les
138 services d'authentification pour chaque application conforme à PAM,
139 sans recompiler aucune application.
141 %description -l pl.UTF-8
142 PAM (Pluggable Authentication Modules) jest silnym i łatwo
143 dostosowywalnym do potrzeb systemem uwierzytelniania, który umożliwia
144 administratorowi indywidualne konfigurowanie poszczególnych usług,
145 które są dostosowane i skonsolidowane z bibliotekami PAM, bez
146 późniejszej ich rekompilacji w momencie zmiany sposobu
147 uwierzytelniania tychże usług.
149 %description -l pt_BR.UTF-8
150 PAM (Módulos de Autenticação Plugáveis) é um poderoso, flexível e
151 extensível sistema de autenticação, que permite o administrador do
152 sistema configurar serviços de autenticação individualmente para cada
153 aplicação pam compatível, sem necessidade de recompilar qualquer uma
156 %description -l uk.UTF-8
157 PAM (Pluggable Authentication Modules) - це потужна, гнучка, здатна до
158 розширення система аутентикації, яка дозволяє системному
159 адміністратору налагоджувати севіси авторизації доступу (аутентикації)
160 індивідуально для кожної pam-сумісної програми без необхідності
161 перекомпіляції самої програми. Це базовий механізм аутентикації в PLD
164 %description -l tr.UTF-8
165 PAM (Pluggable Authentication Modules) sistem yöneticilerinin
166 uygulamalardan herhangi birini yeniden derlemeksizin bütün PAM uyumlu
167 uygulamalar için doğrulama hizmetlerini ayarlamalarına yardımcı olan,
168 güclü, esnek ve kapsamlı bir doğrulama sistemidir.
170 %description -l ru.UTF-8
171 PAM (Pluggable Authentication Modules) - это мощная, гибкая,
172 расширяемая система аутентикации, позволяющая системному
173 администратору конфигурировать сервисы авторизации доступа
174 (аутентикации) индивидуально для каждой pam-совместимой программы без
175 необходимости перекомпилляции самой программы. Это базовый механизм
176 аутентикации в PLD Linux.
179 Summary: PAM libraries
180 Summary(pl.UTF-8): Moduły PAM
187 %description libs -l pl.UTF-8
191 Summary: PAM header files
192 Summary(pl.UTF-8): Pliki nagłówkowe i dokumentacja programisty do PAM
193 Summary(pt_BR.UTF-8): Bibliotecas e arquivos de inclusão para desenvolvimento com PAM
194 Summary(ru.UTF-8): Библиотеки разработчика для PAM
195 Summary(uk.UTF-8): Бібліотеки програміста для PAM
196 Group: Development/Libraries
197 Requires: %{name}-libs = %{epoch}:%{version}-%{release}
198 %{?with_audit:Requires: audit-libs-devel >= 1.0.8}
199 Requires: filesystem >= 3.0-11
202 Header files for developing PAM based applications.
204 %description devel -l pl.UTF-8
205 Pliki nagłówkowe i dokumentacja programisty do PAM.
207 %description devel -l pt_BR.UTF-8
208 Bibliotecas e arquivos de inclusão para desenvolvimento com PAM
210 %description devel -l ru.UTF-8
211 Этот пакет содержит хедеры и библиотеки разработчика для PAM.
213 %description devel -l uk.UTF-8
214 Цей пакет містить хедери та бібліотеки програміста для PAM.
217 Summary: PAM static libraries
218 Summary(pl.UTF-8): Biblioteki statyczne PAM
219 Summary(ru.UTF-8): Статические библиотеки разработчика для PAM
220 Summary(uk.UTF-8): Статичні бібліотеки програміста для PAM
221 Group: Development/Libraries
222 Requires: %{name}-devel = %{epoch}:%{version}-%{release}
225 PAM static libraries.
227 %description static -l pl.UTF-8
228 Biblioteki statyczne PAM.
230 %description static -l ru.UTF-8
231 Этот пакет содержит статические библиотеки разработчика для PAM.
233 %description static -l uk.UTF-8
234 Цей пакет містить статичні бібліотеки програміста для PAM.
236 %package pam_cracklib
237 Summary: PAM module to check the password against dictionary words
238 Summary(pl.UTF-8): Moduł PAM do sprawdzania haseł względem słów ze słownika
240 Requires: %{name}-libs = %{epoch}:%{version}-%{release}
241 Requires: cracklib >= 2.8.3
242 Requires: cracklib-dicts >= 2.8.3
244 %description pam_cracklib
245 PAM module to check the password against dictionary words.
247 %description pam_cracklib -l pl.UTF-8
248 Moduł PAM do sprawdzania haseł względem słów ze słownika.
251 Summary: PAM module - SELinux support
252 Summary(pl.UTF-8): Moduł PAM pozwalający na zmianę kontekstów SELinuksa
254 Requires: %{name}-libs = %{epoch}:%{version}-%{release}
255 Requires: libselinux >= 2.1.9
257 %description pam_selinux
258 PAM module - SELinux support.
260 %description pam_selinux -l pl.UTF-8
261 Moduł PAM pozwalający na zmianę kontekstów SELinuksa.
264 Summary: PAM module to check login counts (tallying)
266 Requires: %{name}-libs = %{epoch}:%{version}-%{release}
268 %description pam_tally
269 This module maintains a count of attempted accesses, can reset count
270 on success, can deny access if too many attempts fail.
273 Summary: PAM module - authenticate against GDBM database
274 Summary(pl.UTF-8): Moduł PAM do uwierzytelniania względem bazy danych GDBM
276 Requires: %{name}-libs = %{epoch}:%{version}-%{release}
277 Requires: gdbm >= 1.8.3-7
279 %description pam_userdb
280 pam_userdb - PAM module to authenticate against GDBM database.
282 %description pam_userdb -l pl.UTF-8
283 pam_userdb - moduł PAM służący do uwierzytelniania względem bazy
287 %setup -q -a2 -n Linux-PAM-%{version}
294 # upstream has similar approach for multiple files (not no exec):
295 # https://github.com/linux-pam/linux-pam/pull/48
310 --includedir=%{_includedir}/security \
311 %{!?with_audit:--disable-audit} \
312 %{?with_cracklib:--enable-cracklib} \
314 --enable-isadir=../../%{_lib}/security \
315 %{!?with_prelude:--disable-prelude} \
316 %{!?with_selinux:--disable-selinux} \
317 %{?with_tally:--enable-tally} \
318 %{?with_tally:--enable-tally2}
320 # we must explicitely update-gmo as we patch a po file
321 %{__make} -C po update-gmo
323 DEFS="-DHAVE_CONFIG_H -D_GNU_SOURCE"
326 rm -rf $RPM_BUILD_ROOT
327 install -d $RPM_BUILD_ROOT{%{_libdir},/etc/pam.d,/var/{log,run/sepermit}} \
328 $RPM_BUILD_ROOT%{systemdtmpfilesdir}
331 DESTDIR=$RPM_BUILD_ROOT \
332 servicedir=%{systemdunitdir}
335 install -p modules/pam_selinux/.libs/pam_selinux_check $RPM_BUILD_ROOT%{_sbindir}
336 cp -p modules/pam_selinux/pam_selinux_check.8 $RPM_BUILD_ROOT%{_mandir}/man8
337 cp -p %{SOURCE6} $RPM_BUILD_ROOT/etc/pam.d/pam_selinux_check
340 cp -p %{SOURCE9} $RPM_BUILD_ROOT%{systemdtmpfilesdir}/%{name}.conf
343 for r in modules/pam_*/README; do
344 cp -pf $r doc/txts/README.$(basename $(dirname $r))
346 %{__rm} doc/txts/README.pam_userdb
347 %{__rm} doc/txts/README.pam_cracklib
349 cp -pf doc/index.html doc/html/
351 # fix PAM/pam man page
352 echo ".so PAM.8" > $RPM_BUILD_ROOT%{_mandir}/man8/pam.8
354 :> $RPM_BUILD_ROOT/etc/security/opasswd
355 :> $RPM_BUILD_ROOT/etc/security/blacklist
358 :> $RPM_BUILD_ROOT/var/log/tallylog
361 %{__mv} $RPM_BUILD_ROOT/%{_lib}/lib*.a $RPM_BUILD_ROOT%{_libdir}
363 cd $RPM_BUILD_ROOT/%{_lib}
364 for f in lib*.la ; do
365 %{__sed} -e 's|/%{_lib}/libpam|%{_libdir}/libpam|g' \
366 -e "s|libdir='/%{_lib}|libdir='%{_libdir}|g" $f > $RPM_BUILD_ROOT%{_libdir}/$f
369 ln -sf /%{_lib}/$(echo libpam.so.*.*.*) $RPM_BUILD_ROOT%{_libdir}/libpam.so
370 ln -sf /%{_lib}/$(echo libpam_misc.so.*.*.*) $RPM_BUILD_ROOT%{_libdir}/libpam_misc.so
371 ln -sf /%{_lib}/$(echo libpamc.so.*.*.*) $RPM_BUILD_ROOT%{_libdir}/libpamc.so
374 cp -p %{SOURCE3} $RPM_BUILD_ROOT/etc/pam.d/other
375 cp -p %{SOURCE4} $RPM_BUILD_ROOT/etc/pam.d/system-auth
376 cp -p %{SOURCE5} $RPM_BUILD_ROOT/etc/pam.d/config-util
377 cp -p %{SOURCE10} $RPM_BUILD_ROOT/etc/pam.d/postlogin
379 cp -p %{SOURCE7} $RPM_BUILD_ROOT%{_mandir}/man5/system-auth.5
380 cp -p %{SOURCE8} $RPM_BUILD_ROOT%{_mandir}/man5/config-util.5
382 # Make sure every module subdirectory gave us a module. Yes, this is hackish.
383 for dir in modules/pam_* ; do
384 %if %{without selinux}
385 [ ${dir} = "modules/pam_selinux" ] && continue
386 [ ${dir} = "modules/pam_sepermit" ] && continue
389 [ ${dir} = "modules/pam_tty_audit" ] && continue
391 if [ -d ${dir} ] ; then
392 if ! ls -1 $RPM_BUILD_ROOT/%{_lib}/security/`basename ${dir}`*.so ; then
393 echo ERROR `basename ${dir}` did not build a module.
399 for module in $RPM_BUILD_ROOT/%{_lib}/security/pam*.so ; do
400 # Check for module problems. Specifically, check that every module we just
401 # installed can actually be loaded by a minimal PAM-aware application.
402 if ! env LD_LIBRARY_PATH=$RPM_BUILD_ROOT/%{_lib} \
403 ./dlopen.sh -ldl -lpam -L$RPM_BUILD_ROOT/%{_lib} ${module} ; then
404 echo ERROR module: ${module} cannot be loaded.
409 # useless - shut up check-files
410 %{__rm} $RPM_BUILD_ROOT/%{_lib}/security/*.{la,a}
411 %{__rm} $RPM_BUILD_ROOT/%{_lib}/lib*.so
412 %{__rm} -r $RPM_BUILD_ROOT%{_docdir}/Linux-PAM
414 %if %{without selinux}
415 rm -rf $RPM_BUILD_ROOT{/%{_lib}/security/pam_selinux.so,%{_sbindir}/pam_selinux_check,%{_mandir}/man8/pam_selinux*.8*}
421 rm -rf $RPM_BUILD_ROOT
423 %triggerpostun libs -- %{name}-libs < 0.99.7.1
424 for f in $(grep -l "\(pam_make\|pam_homedir\)" /etc/pam.d/*); do
426 *rpmorig|*rpmnew|*rpmsave|*~|*.orig)
430 cp -f "$f" "$f.rpmorig"
431 sed -i -e 's/pam_make\.so \(.*\)/pam_exec.so failok seteuid \/usr\/bin\/make -C \1/g' \
432 -e 's/pam_homedir\.so/pam_mkhomedir.so/g' "$f"
436 if [ -d /var/lock/console -a -d /var/run/console ]; then
437 cp -a /var/lock/console/* /var/run/console/ 2> /dev/null
438 rm -rf /var/lock/console
441 %triggerin -- cronie,vixie-cron,hc-cron,fcron,mcron
442 # restart crond if pam is upgraded
443 # (crond is linked with old libpam but tries to open modules linked with new libpam)
444 if [ "$1" != 1 ]; then
445 %service -q crond restart
449 %triggerpostun -- %{name} < 1:1.1.5-8
451 if grep -qs change_uid /etc/pam.d/system-auth; then
452 %{__sed} -i -e '/session/ s/change_uid//' /etc/pam.d/system-auth
455 # We want it added for painless upgarde even if it mean log pollution for non-systemd
457 # If this module is not present on systemd enabled system then `systemctl restart sshd.service`
458 # will kill all sessions.
459 if ! grep -qs pam_systemd /etc/pam.d/system-auth; then
460 echo "-session optional pam_systemd.so" >>/etc/pam.d/system-auth
463 %post pam_tally -p <lua>
464 fh, error = io.open("/var/log/tallylog")
468 fh = io.open("/var/log/tallylog", "w+")
470 posix.chmod("/var/log/tallylog", "rw-------")
473 %post libs -p /sbin/ldconfig
474 %postun libs -p /sbin/ldconfig
476 %files -f Linux-PAM.lang
477 %defattr(644,root,root,755)
478 %doc AUTHORS CHANGELOG ChangeLog Copyright NEWS doc/txts/README*
480 %doc doc/specs/*.txt doc/sag/Linux-PAM_*.txt doc/{sag,}/html
483 %dir /etc/security/console.apps
484 %dir /etc/security/console.perms.d
485 %dir /var/run/console
486 %{systemdtmpfilesdir}/%{name}.conf
487 %config(noreplace) %verify(not md5 mtime size) /etc/environment
488 %config(noreplace) %verify(not md5 mtime size) /etc/pam.d/other
489 %config(noreplace) %verify(not md5 mtime size) /etc/pam.d/system-auth
490 %config(noreplace) %verify(not md5 mtime size) /etc/pam.d/config-util
491 %config(noreplace) %verify(not md5 mtime size) /etc/pam.d/postlogin
492 %config(noreplace) %verify(not md5 mtime size) /etc/security/access.conf
493 %config(noreplace) %verify(not md5 mtime size) /etc/security/blacklist
494 %config(noreplace) %verify(not md5 mtime size) /etc/security/console.handlers
495 %config(noreplace) %verify(not md5 mtime size) /etc/security/console.perms
496 %config(noreplace) %verify(not md5 mtime size) /etc/security/faillock.conf
497 %config(noreplace) %verify(not md5 mtime size) /etc/security/group.conf
498 %config(noreplace) %verify(not md5 mtime size) /etc/security/limits.conf
499 %config(noreplace) %verify(not md5 mtime size) /etc/security/namespace.conf
500 %attr(755,root,root) %config(noreplace) %verify(not md5 mtime size) /etc/security/namespace.init
501 %config(noreplace) %verify(not md5 mtime size) /etc/security/pam_env.conf
502 %config(noreplace) %verify(not md5 mtime size) /etc/security/time.conf
503 %config(noreplace) %verify(not md5 mtime size) /etc/security/trigram
504 %config(noreplace) %verify(not md5 mtime size) /etc/security/trigram.en
505 %config(noreplace) %verify(not md5 mtime size) /etc/security/trigram.de
506 %config(noreplace) %verify(not md5 mtime size) /etc/security/trigram.dk
507 %config(noreplace) %verify(not md5 mtime size) /etc/security/trigram.es
508 %config(noreplace) %verify(not md5 mtime size) /etc/security/trigram.fi
509 %config(noreplace) %verify(not md5 mtime size) /etc/security/trigram.it
510 %config(noreplace) %verify(not md5 mtime size) /etc/security/trigram.ja
511 %config(noreplace) %verify(not md5 mtime size) /etc/security/trigram.no
512 %config(noreplace) %verify(not md5 mtime size) /etc/security/trigram.pl
513 %config(noreplace) %verify(not md5 mtime size) /etc/security/console.perms.d/50-default.perms
514 %attr(600,root,root) %config(noreplace) %verify(not md5 mtime size) /etc/security/opasswd
515 %attr(755,root,root) %{_bindir}/pam_pwgen
516 %attr(755,root,root) %{_sbindir}/faillock
517 %attr(755,root,root) %{_sbindir}/mkhomedir_helper
518 %attr(755,root,root) %{_sbindir}/pam_console_apply
519 %attr(755,root,root) %{_sbindir}/pam_namespace_helper
520 %attr(755,root,root) %{_sbindir}/pam_timestamp_check
521 %attr(755,root,root) %{_sbindir}/pwgen_trigram
522 %attr(4755,root,root) %{_sbindir}/unix_chkpwd
523 %attr(4755,root,root) %{_sbindir}/unix_update
524 %{systemdunitdir}/pam_namespace.service
525 %{_mandir}/man5/access.conf.5*
526 %{_mandir}/man5/config-util.5*
527 %{_mandir}/man5/console.apps.5*
528 %{_mandir}/man5/console.handlers.5*
529 %{_mandir}/man5/console.perms.5*
530 %{_mandir}/man5/environment.5*
531 %{_mandir}/man5/faillock.conf.5*
532 %{_mandir}/man5/group.conf.5*
533 %{_mandir}/man5/limits.conf.5*
534 %{_mandir}/man5/namespace.conf.5*
535 %{_mandir}/man5/pam.conf.5*
536 %{_mandir}/man5/pam.d.5*
537 %{_mandir}/man5/pam_env.conf.5*
538 %{_mandir}/man5/system-auth.5*
539 %{_mandir}/man5/time.conf.5*
540 %{_mandir}/man8/PAM.8*
541 %{_mandir}/man8/faillock.8*
542 %{_mandir}/man8/mkhomedir_helper.8*
543 %{_mandir}/man8/pam.8*
544 %{_mandir}/man8/pam_*.8*
545 %{_mandir}/man8/unix_chkpwd.8*
546 %{_mandir}/man8/unix_update.8*
548 %exclude %{_mandir}/man8/pam_cracklib.8*
551 %exclude %{_mandir}/man8/pam_selinux*.8*
552 %exclude %{_mandir}/man8/pam_sepermit.8*
554 %exclude %{_mandir}/man8/pam_userdb.8*
557 %attr(755,root,root) /%{_lib}/security/pam_access.so
558 %attr(755,root,root) /%{_lib}/security/pam_console.so
559 %attr(755,root,root) /%{_lib}/security/pam_debug.so
560 %attr(755,root,root) /%{_lib}/security/pam_deny.so
561 %attr(755,root,root) /%{_lib}/security/pam_echo.so
562 %attr(755,root,root) /%{_lib}/security/pam_env.so
563 %attr(755,root,root) /%{_lib}/security/pam_exec.so
564 %attr(755,root,root) /%{_lib}/security/pam_faildelay.so
565 %attr(755,root,root) /%{_lib}/security/pam_faillock.so
566 %attr(755,root,root) /%{_lib}/security/pam_filter.so
567 %attr(755,root,root) /%{_lib}/security/pam_filter/upperLOWER
568 %attr(755,root,root) /%{_lib}/security/pam_ftp.so
569 %attr(755,root,root) /%{_lib}/security/pam_group.so
570 %attr(755,root,root) /%{_lib}/security/pam_issue.so
571 %attr(755,root,root) /%{_lib}/security/pam_keyinit.so
572 %attr(755,root,root) /%{_lib}/security/pam_lastlog.so
573 %attr(755,root,root) /%{_lib}/security/pam_limits.so
574 %attr(755,root,root) /%{_lib}/security/pam_listfile.so
575 %attr(755,root,root) /%{_lib}/security/pam_localuser.so
576 %attr(755,root,root) /%{_lib}/security/pam_loginuid.so
577 %attr(755,root,root) /%{_lib}/security/pam_mail.so
578 %attr(755,root,root) /%{_lib}/security/pam_mkhomedir.so
579 %attr(755,root,root) /%{_lib}/security/pam_motd.so
580 %attr(755,root,root) /%{_lib}/security/pam_namespace.so
581 %attr(755,root,root) /%{_lib}/security/pam_nologin.so
582 %attr(755,root,root) /%{_lib}/security/pam_permit.so
583 %attr(755,root,root) /%{_lib}/security/pam_pwexport.so
584 %attr(755,root,root) /%{_lib}/security/pam_pwgen.so
585 %attr(755,root,root) /%{_lib}/security/pam_pwhistory.so
586 %attr(755,root,root) /%{_lib}/security/pam_rhosts.so
587 %attr(755,root,root) /%{_lib}/security/pam_rootok.so
588 %attr(755,root,root) /%{_lib}/security/pam_rps.so
589 %attr(755,root,root) /%{_lib}/security/pam_securetty.so
590 %attr(755,root,root) /%{_lib}/security/pam_setquota.so
591 %attr(755,root,root) /%{_lib}/security/pam_shells.so
592 %attr(755,root,root) /%{_lib}/security/pam_stress.so
593 %attr(755,root,root) /%{_lib}/security/pam_succeed_if.so
594 %attr(755,root,root) /%{_lib}/security/pam_time.so
595 %attr(755,root,root) /%{_lib}/security/pam_timestamp.so
596 %{?with_audit:%attr(755,root,root) /%{_lib}/security/pam_tty_audit.so}
597 %attr(755,root,root) /%{_lib}/security/pam_umask.so
598 %attr(755,root,root) /%{_lib}/security/pam_unix.so
599 %attr(755,root,root) /%{_lib}/security/pam_usertype.so
600 %attr(755,root,root) /%{_lib}/security/pam_warn.so
601 %attr(755,root,root) /%{_lib}/security/pam_wheel.so
602 %attr(755,root,root) /%{_lib}/security/pam_xauth.so
605 %defattr(644,root,root,755)
606 %dir /%{_lib}/security/pam_filter
607 %attr(755,root,root) /%{_lib}/libpam.so.*.*.*
608 %attr(755,root,root) %ghost /%{_lib}/libpam.so.0
609 %attr(755,root,root) /%{_lib}/libpam_misc.so.*.*.*
610 %attr(755,root,root) %ghost /%{_lib}/libpam_misc.so.0
611 %attr(755,root,root) /%{_lib}/libpamc.so.*.*.*
612 %attr(755,root,root) %ghost /%{_lib}/libpamc.so.0
615 %defattr(644,root,root,755)
617 %doc doc/{adg,mwg}/Linux-PAM_*.txt doc/{adg,mwg,}/html
619 %attr(755,root,root) %{_libdir}/libpam.so
620 %attr(755,root,root) %{_libdir}/libpam_misc.so
621 %attr(755,root,root) %{_libdir}/libpamc.so
623 %{_libdir}/libpam_misc.la
624 %{_libdir}/libpamc.la
625 %{_includedir}/security/_pam_*.h
626 %{_includedir}/security/pam*.h
627 %{_mandir}/man3/misc_conv.3*
628 %{_mandir}/man3/pam*.3*
631 %defattr(644,root,root,755)
634 %{_libdir}/libpam_misc.a
638 %defattr(644,root,root,755)
639 %doc modules/pam_cracklib/README
640 %attr(755,root,root) /%{_lib}/security/pam_cracklib.so
641 %{_mandir}/man8/pam_cracklib.8*
646 %defattr(644,root,root,755)
647 %attr(755,root,root) /%{_lib}/security/pam_selinux.so
648 %attr(755,root,root) /%{_lib}/security/pam_sepermit.so
649 %attr(755,root,root) %{_sbindir}/pam_selinux_check
650 %config(noreplace) %verify(not md5 mtime size) /etc/pam.d/pam_selinux_check
651 %config(noreplace) %verify(not md5 mtime size) /etc/security/sepermit.conf
652 %{_mandir}/man5/sepermit.conf.5*
653 %{_mandir}/man8/pam_selinux*.8*
654 %{_mandir}/man8/pam_sepermit.8*
655 %dir /var/run/sepermit
659 %defattr(644,root,root,755)
660 %doc modules/pam_userdb/README
661 %attr(755,root,root) /%{_lib}/security/pam_userdb.so
662 %{_mandir}/man8/pam_userdb.8*
666 %defattr(644,root,root,755)
667 %attr(755,root,root) %{_sbindir}/pam_tally
668 %attr(755,root,root) %{_sbindir}/pam_tally2
669 %attr(755,root,root) /%{_lib}/security/pam_tally.so
670 %attr(755,root,root) /%{_lib}/security/pam_tally2.so
671 %ghost %verify(not md5 mtime size) /var/log/tallylog