3 %bcond_without audit # don't build audit log plugin
4 %bcond_without ldap # build without LDAP support
5 %bcond_without selinux # build without SELinux support
6 %bcond_with bioapi # with BioAPI support in passwd
7 %bcond_with gnutls # use GnuTLS instead of OpenSSL
9 Summary: Utilities to manage the passwd and shadow user information
10 Summary(pl.UTF-8): Narzędzia do zarządzania informacjami o użytkownikach z passwd i shadow
16 #Source0: ftp://ftp.kernel.org/pub/linux/utils/net/NIS/%{name}-%{version}.tar.bz2
17 Source0: http://www.linux-nis.org/download/pwdutils/%{name}-%{version}.tar.bz2
18 # Source0-md5: 25a77a0ab376eacf24ad5eab7af4cdce
19 Source1: %{name}.useradd
20 Source2: %{name}.rpasswdd.init
21 Source3: %{name}.login.defs
28 Source10: rpasswd.pamd
29 Patch0: %{name}-f-option.patch
30 Patch1: %{name}-no_bash.patch
31 Patch2: %{name}-silent_crontab.patch
32 Patch3: %{name}-pl.po-update.patch
33 Patch4: %{name}-selinux.patch
34 Patch5: %{name}-am.patch
35 Patch6: %{name}-libc-lock.patch
36 Patch7: %{name}-format-security.patch
37 URL: http://www.thkukuk.de/pam/pwdutils/
38 %{?with_audit:BuildRequires: audit-libs-devel}
39 BuildRequires: autoconf
40 BuildRequires: automake >= 1:1.9
41 %{?with_bioapi:BuildRequires: bioapi-devel}
42 BuildRequires: gcc >= 5:3.2
43 BuildRequires: gettext-devel
44 %{?with_gnutls:BuildRequires: gnutls-devel >= 1.0.0}
45 BuildRequires: libnscd-devel
46 %{?with_selinux:BuildRequires: libselinux-devel}
47 BuildRequires: libtool
48 BuildRequires: libxcrypt-devel
49 %{?with_ldap:BuildRequires: openldap-devel >= 2.4.6}
50 BuildRequires: openslp-devel
51 %{!?with_gnutls:BuildRequires: openssl-devel >= 0.9.7d}
52 BuildRequires: pam-devel
53 BuildRequires: rpmbuild(macros) >= 1.268
54 BuildRequires: sed >= 4.0
55 Requires: pam >= 0.99.7.1
57 Provides: shadow = 2:%{version}-%{release}
58 Provides: shadow-extras = 2:%{version}-%{release}
60 Obsoletes: shadow-extras
61 Obsoletes: shadow-utils
62 Conflicts: util-linux < 2.12-10
63 BuildRoot: %{tmpdir}/%{name}-%{version}-root-%(id -u -n)
65 # for pam module in /%{_lib}/security
66 %define _libdir /%{_lib}
69 pwdutils is a collection of utilities to manage the passwd and shadow
70 user information. The difference to the shadow suite is that these
71 utilities can also modify the information stored in NIS, NIS+, or
72 LDAP. PAM is used for user authentication and changing the pasword. It
73 contains passwd, chage, chfn, chsh, and a daemon for changing the
74 password on a remote machine over a secure SSL connection. The daemon
75 also uses PAM so that it can change passwords independent of where
78 %description -l pl.UTF-8
79 pwdutils to zestaw narzędzi do zarządzania informacjami o
80 użytkownikach z passwd i shadow. Różnica w stosunku do pakietu shadow
81 polega na tym, że te narzędzia mogą także modyfikować informacje
82 zapisane w bazie NIS, NIS+ lub LDAP. PAM jest używany do
83 uwierzytelniania użytkowników i zmiany haseł. Zestaw zawiera passwd,
84 chage, chfn, chsh oraz demona do zmiany hasła na zdalnej maszynie po
85 bezpiecznym połączeniu SSL. Demon także używa PAM, więc można zmieniać
86 hasła niezależnie od tego, gdzie są przechowywane.
89 Summary: audit log plugin for pwdutils
90 Summary(pl.UTF-8): Wtyczka logująca audit dla pwdutils
92 Requires: %{name} = %{version}-%{release}
94 %description log-audit
95 audit log plugin for pwdutils.
97 %description log-audit -l pl.UTF-8
98 Wtyczka logująca audit dla pwdutils.
101 Summary: Remote password update client
102 Summary(pl.UTF-8): Klient do zdalnego uaktualniania haseł
103 Group: Applications/System
105 %description -n rpasswd
106 rpasswd changes passwords for user accounts on a remote server over a
107 secure SSL connection. A normal user may only change the password for
108 their own account, if the user knows the password of the administrator
109 account (in the moment this is the root password on the server), he
110 may change the password for any account if he calls rpasswd with the
113 %description -n rpasswd -l pl.UTF-8
114 rpasswd pozwala zmieniać hasła użytkowników na zdalnym serwerze przy
115 użyciu bezpiecznego połączenia SSL. Zwykły użytkownik może zmienić
116 jedynie swoje hasło, a jeśli zna hasło administratora (obecnie jest to
117 hasło roota na serwerze), może zmienić hasło dla dowolnego konta
118 wywołując rpasswd z opcją -a.
121 Summary: Remote password update daemon
122 Summary(pl.UTF-8): Demon do zdalnego uaktualniania haseł
123 Group: Applications/System
124 Requires(post,preun): /sbin/chkconfig
127 %description -n rpasswdd
128 rpasswdd is a daemon that lets users change their passwords in the
129 presence of a directory service like NIS, NIS+ or LDAP over a secure
130 SSL connection. rpasswdd behaves like the normal passwd(1) program and
131 uses PAM for authentication and changing the password, so it can be
132 configured very flexible for the local requirements.
134 %description -n rpasswdd -l pl.UTF-8
135 rpasswdd to demon pozwalający użytkownikom zmieniać hasła w obecności
136 usług katalogowych takich jak NIS, NIS+ czy LDAP po bezpiecznym
137 połączeniu SSL. rpasswdd zachowuje się tak, jak normalny program
138 passwd(1) i używam PAM do uwierzytelniania i zmiany haseł, więc może
139 być bardzo elastycznie konfigurowany dla lokalnych wymagań.
141 %package -n pam-pam_rpasswd
142 Summary: pam_rpasswd - PAM module to change remote password
143 Summary(pl.UTF-8): pam_rpasswd - moduł PAM do zdalnej zmiany hasła
145 # rpasswd.conf is in rpasswd
146 Requires: rpasswd = %{version}-%{release}
148 %description -n pam-pam_rpasswd
149 The pam_rpasswd PAM module is for changing the password of user
150 accounts on a remote server over a secure SSL connection. It only
151 provides functionality for one PAM management group: password
154 %description -n pam-pam_rpasswd -l pl.UTF-8
155 Moduł PAM pam_rpasswd służy do zmiany haseł dla kont użytkowników na
156 zdalnym serwerze po bezpiecznym połączeniu SSL. Udostępnia
157 funkcjonalność tylko dla jednej grupy zarządzania PAM: zmiany haseł.
180 %{?with_bioapi:CPPFLAGS="-I/usr/include/bioapi"} \
181 %{!?with_bioapi:ac_cv_header_bioapi_h=no ac_cv_lib_bioapi100_BioAPI_Init=no} \
182 %{?with_audit:--enable-audit-plugin} \
183 %{!?with_gnutls:--disable-gnutls} \
184 --%{?with_ldap:en}%{!?with_ldap:dis}able-ldap \
186 --enable-pam_rpasswd \
187 --%{?with_selinux:en}%{!?with_selinux:dis}able-selinux \
193 rm -rf $RPM_BUILD_ROOT
194 install -d $RPM_BUILD_ROOT/etc/{rc.d/init.d,pwdutils,security,skel/{etc,tmp}}
197 DESTDIR=$RPM_BUILD_ROOT
199 mv -f $RPM_BUILD_ROOT%{_sbindir}/*.local $RPM_BUILD_ROOT%{_sysconfdir}/pwdutils
200 install %{SOURCE1} $RPM_BUILD_ROOT%{_sysconfdir}/default/useradd
201 install %{SOURCE2} $RPM_BUILD_ROOT/etc/rc.d/init.d/rpasswdd
202 install %{SOURCE3} $RPM_BUILD_ROOT%{_sysconfdir}/login.defs
204 install %{SOURCE4} $RPM_BUILD_ROOT/etc/pam.d/chage
205 install %{SOURCE5} $RPM_BUILD_ROOT/etc/pam.d/chfn
206 install %{SOURCE6} $RPM_BUILD_ROOT/etc/pam.d/chsh
207 install %{SOURCE7} $RPM_BUILD_ROOT/etc/pam.d/passwd
208 install %{SOURCE8} $RPM_BUILD_ROOT/etc/pam.d/useradd
209 install %{SOURCE9} $RPM_BUILD_ROOT/etc/pam.d/shadow
210 install %{SOURCE10} $RPM_BUILD_ROOT/etc/pam.d/rpasswd
212 %{__rm} $RPM_BUILD_ROOT%{_libdir}/pwdutils/*.{la,a}
213 %{__rm} $RPM_BUILD_ROOT/%{_lib}/security/pam_*.la
214 %{__rm} $RPM_BUILD_ROOT%{_sysconfdir}/init.d/rpasswdd
216 :> $RPM_BUILD_ROOT%{_sysconfdir}/shadow
217 :> $RPM_BUILD_ROOT/etc/security/chfn.allow
218 :> $RPM_BUILD_ROOT/etc/security/chsh.allow
223 rm -rf $RPM_BUILD_ROOT
226 if [ ! -f %{_sysconfdir}/shadow ]; then
231 /sbin/chkconfig --add rpasswdd
232 %service rpasswdd restart "rpasswdd daemon"
235 if [ "$1" = "0" ]; then
236 %service rpasswdd stop
237 /sbin/chkconfig --del rpasswdd
240 %files -f %{name}.lang
241 %defattr(644,root,root,755)
242 %doc AUTHORS ChangeLog NEWS README THANKS TODO
243 %attr(600,root,root) %config(noreplace) %verify(not md5 mtime size) %ghost %{_sysconfdir}/shadow
244 %attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/default/*
245 %attr(750,root,root) %dir %{_sysconfdir}/%{name}
246 %attr(750,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/%{name}/*.local
247 %attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/%{name}/logging
248 %attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) /etc/pam.d/chage
249 %attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) /etc/pam.d/chfn
250 %attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) /etc/pam.d/chsh
251 %attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) /etc/pam.d/passwd
252 %attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) /etc/pam.d/useradd
253 %attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) /etc/pam.d/shadow
254 %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/login.defs
255 %attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) /etc/security/chfn.allow
256 %attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) /etc/security/chsh.allow
258 %dir %config(missingok) %attr(700,root,root) /etc/skel/tmp
259 %attr(755,root,root) %{_bindir}/chage
260 %attr(4755,root,root) %{_bindir}/chfn
261 %attr(4755,root,root) %{_bindir}/chsh
262 %attr(4755,root,root) %{_bindir}/expiry
263 %attr(4755,root,root) %{_bindir}/gpasswd
264 %attr(4755,root,root) %{_bindir}/newgrp
265 %attr(4755,root,root) %{_bindir}/passwd
266 %attr(4755,root,root) %{_bindir}/sg
267 %attr(755,root,root) %{_sbindir}/chpasswd
268 %attr(755,root,root) %{_sbindir}/groupadd
269 %attr(755,root,root) %{_sbindir}/groupdel
270 %attr(755,root,root) %{_sbindir}/groupmod
271 %attr(755,root,root) %{_sbindir}/grpconv
272 %attr(755,root,root) %{_sbindir}/grpck
273 %attr(755,root,root) %{_sbindir}/grpunconv
274 %attr(755,root,root) %{_sbindir}/pwconv
275 %attr(755,root,root) %{_sbindir}/pwck
276 %attr(755,root,root) %{_sbindir}/pwunconv
277 %attr(755,root,root) %{_sbindir}/useradd
278 %attr(755,root,root) %{_sbindir}/userdel
279 %attr(755,root,root) %{_sbindir}/usermod
280 %attr(755,root,root) %{_sbindir}/vigr
281 %attr(755,root,root) %{_sbindir}/vipw
282 %dir %{_libdir}/pwdutils
283 %attr(755,root,root) %{_libdir}/pwdutils/liblog_syslog.so*
284 %{_mandir}/man1/chage.1*
285 %{_mandir}/man1/chfn.1*
286 %{_mandir}/man1/chsh.1*
287 %{_mandir}/man1/expiry.1*
288 %{_mandir}/man1/gpasswd.1*
289 %{_mandir}/man1/newgrp.1*
290 %{_mandir}/man1/passwd.1*
291 %{_mandir}/man1/sg.1*
292 %{_mandir}/man5/login.defs.5*
293 %{_mandir}/man8/chpasswd.8*
294 %{_mandir}/man8/groupadd.8*
295 %{_mandir}/man8/groupdel.8*
296 %{_mandir}/man8/groupmod.8*
297 %{_mandir}/man8/grpck.8*
298 %{_mandir}/man8/grpconv.8*
299 %{_mandir}/man8/grpunconv.8*
300 %{_mandir}/man8/pwck.8*
301 %{_mandir}/man8/pwconv.8*
302 %{_mandir}/man8/pwunconv.8*
303 %{_mandir}/man8/useradd.8*
304 %{_mandir}/man8/userdel.8*
305 %{_mandir}/man8/usermod.8*
306 %{_mandir}/man8/vigr.8*
307 %{_mandir}/man8/vipw.8*
311 %defattr(644,root,root,755)
312 %attr(755,root,root) %{_libdir}/pwdutils/liblog_audit.so*
316 %defattr(644,root,root,755)
317 %attr(755,root,root) %{_bindir}/rpasswd
318 %attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/rpasswd.conf
319 %{_mandir}/man1/rpasswd.1*
320 %{_mandir}/man5/rpasswd.conf.5*
323 %defattr(644,root,root,755)
324 %attr(755,root,root) %{_sbindir}/rpasswdd
325 %attr(754,root,root) /etc/rc.d/init.d/rpasswdd
326 %attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) /etc/pam.d/rpasswd
327 %{_mandir}/man8/rpasswdd.8*
329 %files -n pam-pam_rpasswd
330 %defattr(644,root,root,755)
331 %attr(755,root,root) /%{_lib}/security/pam_rpasswd.so
332 %{_mandir}/man8/pam_rpasswd.8*