3 %bcond_without audit # don't build audit log plugin
4 %bcond_without ldap # build without LDAP support
5 %bcond_without selinux # build without SELinux support
6 %bcond_without xcrypt # crypt() from libxcrypt
7 %bcond_with bioapi # with BioAPI support in passwd
8 %bcond_with gnutls # use GnuTLS instead of OpenSSL
10 Summary: Utilities to manage the passwd and shadow user information
11 Summary(pl.UTF-8): Narzędzia do zarządzania informacjami o użytkownikach z passwd i shadow
17 #Source0: ftp://ftp.kernel.org/pub/linux/utils/net/NIS/%{name}-%{version}.tar.bz2
18 Source0: http://www.linux-nis.org/download/pwdutils/%{name}-%{version}.tar.bz2
19 # Source0-md5: 25a77a0ab376eacf24ad5eab7af4cdce
20 Source1: %{name}.useradd
21 Source2: %{name}.rpasswdd.init
22 Source3: %{name}.login.defs
29 Source10: rpasswd.pamd
30 Patch0: %{name}-f-option.patch
31 Patch1: %{name}-no_bash.patch
32 Patch2: %{name}-silent_crontab.patch
33 Patch3: %{name}-pl.po-update.patch
34 Patch4: %{name}-selinux.patch
35 Patch5: %{name}-am.patch
36 Patch6: %{name}-libc-lock.patch
37 Patch7: %{name}-format-security.patch
40 URL: http://www.thkukuk.de/pam/pwdutils/
41 %{?with_audit:BuildRequires: audit-libs-devel}
42 BuildRequires: autoconf
43 BuildRequires: automake >= 1:1.9
44 %{?with_bioapi:BuildRequires: bioapi-devel}
45 BuildRequires: gcc >= 5:3.2
46 BuildRequires: gettext-tools
47 %{?with_gnutls:BuildRequires: gnutls-devel >= 1.0.0}
48 BuildRequires: libnscd-devel
49 %{?with_selinux:BuildRequires: libselinux-devel}
50 BuildRequires: libtirpc-devel
51 BuildRequires: libtool
52 %{?with_xcrypt:BuildRequires: libxcrypt-devel}
53 %{?with_ldap:BuildRequires: openldap-devel >= 2.3.0}
54 BuildRequires: openslp-devel
55 %{!?with_gnutls:BuildRequires: openssl-devel >= 0.9.7d}
56 BuildRequires: pam-devel
57 BuildRequires: rpmbuild(macros) >= 1.268
58 BuildRequires: sed >= 4.0
59 Requires: pam >= 0.99.7.1
61 Provides: shadow = 2:%{version}-%{release}
62 Provides: shadow-extras = 2:%{version}-%{release}
64 Obsoletes: shadow-extras
65 Obsoletes: shadow-utils
66 Conflicts: util-linux < 2.12-10
67 BuildRoot: %{tmpdir}/%{name}-%{version}-root-%(id -u -n)
69 # for pam module in /%{_lib}/security
70 %define _libdir /%{_lib}
73 pwdutils is a collection of utilities to manage the passwd and shadow
74 user information. The difference to the shadow suite is that these
75 utilities can also modify the information stored in NIS, NIS+, or
76 LDAP. PAM is used for user authentication and changing the pasword. It
77 contains passwd, chage, chfn, chsh, and a daemon for changing the
78 password on a remote machine over a secure SSL connection. The daemon
79 also uses PAM so that it can change passwords independent of where
82 %description -l pl.UTF-8
83 pwdutils to zestaw narzędzi do zarządzania informacjami o
84 użytkownikach z passwd i shadow. Różnica w stosunku do pakietu shadow
85 polega na tym, że te narzędzia mogą także modyfikować informacje
86 zapisane w bazie NIS, NIS+ lub LDAP. PAM jest używany do
87 uwierzytelniania użytkowników i zmiany haseł. Zestaw zawiera passwd,
88 chage, chfn, chsh oraz demona do zmiany hasła na zdalnej maszynie po
89 bezpiecznym połączeniu SSL. Demon także używa PAM, więc można zmieniać
90 hasła niezależnie od tego, gdzie są przechowywane.
93 Summary: audit log plugin for pwdutils
94 Summary(pl.UTF-8): Wtyczka logująca audit dla pwdutils
96 Requires: %{name} = %{version}-%{release}
98 %description log-audit
99 audit log plugin for pwdutils.
101 %description log-audit -l pl.UTF-8
102 Wtyczka logująca audit dla pwdutils.
105 Summary: Remote password update client
106 Summary(pl.UTF-8): Klient do zdalnego uaktualniania haseł
107 Group: Applications/System
109 %description -n rpasswd
110 rpasswd changes passwords for user accounts on a remote server over a
111 secure SSL connection. A normal user may only change the password for
112 their own account, if the user knows the password of the administrator
113 account (in the moment this is the root password on the server), he
114 may change the password for any account if he calls rpasswd with the
117 %description -n rpasswd -l pl.UTF-8
118 rpasswd pozwala zmieniać hasła użytkowników na zdalnym serwerze przy
119 użyciu bezpiecznego połączenia SSL. Zwykły użytkownik może zmienić
120 jedynie swoje hasło, a jeśli zna hasło administratora (obecnie jest to
121 hasło roota na serwerze), może zmienić hasło dla dowolnego konta
122 wywołując rpasswd z opcją -a.
125 Summary: Remote password update daemon
126 Summary(pl.UTF-8): Demon do zdalnego uaktualniania haseł
127 Group: Applications/System
128 Requires(post,preun): /sbin/chkconfig
131 %description -n rpasswdd
132 rpasswdd is a daemon that lets users change their passwords in the
133 presence of a directory service like NIS, NIS+ or LDAP over a secure
134 SSL connection. rpasswdd behaves like the normal passwd(1) program and
135 uses PAM for authentication and changing the password, so it can be
136 configured very flexible for the local requirements.
138 %description -n rpasswdd -l pl.UTF-8
139 rpasswdd to demon pozwalający użytkownikom zmieniać hasła w obecności
140 usług katalogowych takich jak NIS, NIS+ czy LDAP po bezpiecznym
141 połączeniu SSL. rpasswdd zachowuje się tak, jak normalny program
142 passwd(1) i używam PAM do uwierzytelniania i zmiany haseł, więc może
143 być bardzo elastycznie konfigurowany dla lokalnych wymagań.
145 %package -n pam-pam_rpasswd
146 Summary: pam_rpasswd - PAM module to change remote password
147 Summary(pl.UTF-8): pam_rpasswd - moduł PAM do zdalnej zmiany hasła
149 # rpasswd.conf is in rpasswd
150 Requires: rpasswd = %{version}-%{release}
152 %description -n pam-pam_rpasswd
153 The pam_rpasswd PAM module is for changing the password of user
154 accounts on a remote server over a secure SSL connection. It only
155 provides functionality for one PAM management group: password
158 %description -n pam-pam_rpasswd -l pl.UTF-8
159 Moduł PAM pam_rpasswd służy do zmiany haseł dla kont użytkowników na
160 zdalnym serwerze po bezpiecznym połączeniu SSL. Udostępnia
161 funkcjonalność tylko dla jednej grupy zarządzania PAM: zmiany haseł.
186 %{?with_bioapi:CPPFLAGS="-I/usr/include/bioapi"} \
187 %{!?with_bioapi:ac_cv_header_bioapi_h=no ac_cv_lib_bioapi100_BioAPI_Init=no} \
188 %{?with_audit:--enable-audit-plugin} \
189 %{!?with_gnutls:--disable-gnutls} \
190 --%{?with_ldap:en}%{!?with_ldap:dis}able-ldap \
192 --enable-pam_rpasswd \
193 --%{?with_selinux:en}%{!?with_selinux:dis}able-selinux \
199 rm -rf $RPM_BUILD_ROOT
200 install -d $RPM_BUILD_ROOT/etc/{rc.d/init.d,pwdutils,security,skel/tmp}
202 DESTDIR=$RPM_BUILD_ROOT
204 mv -f $RPM_BUILD_ROOT%{_sbindir}/*.local $RPM_BUILD_ROOT%{_sysconfdir}/pwdutils
205 install %{SOURCE1} $RPM_BUILD_ROOT%{_sysconfdir}/default/useradd
206 install %{SOURCE2} $RPM_BUILD_ROOT/etc/rc.d/init.d/rpasswdd
207 install %{SOURCE3} $RPM_BUILD_ROOT%{_sysconfdir}/login.defs
209 install %{SOURCE4} $RPM_BUILD_ROOT/etc/pam.d/chage
210 install %{SOURCE5} $RPM_BUILD_ROOT/etc/pam.d/chfn
211 install %{SOURCE6} $RPM_BUILD_ROOT/etc/pam.d/chsh
212 install %{SOURCE7} $RPM_BUILD_ROOT/etc/pam.d/passwd
213 install %{SOURCE8} $RPM_BUILD_ROOT/etc/pam.d/useradd
214 install %{SOURCE9} $RPM_BUILD_ROOT/etc/pam.d/shadow
215 install %{SOURCE10} $RPM_BUILD_ROOT/etc/pam.d/rpasswd
217 %{__rm} $RPM_BUILD_ROOT%{_libdir}/pwdutils/*.{la,a}
218 %{__rm} $RPM_BUILD_ROOT/%{_lib}/security/pam_*.la
219 %{__rm} $RPM_BUILD_ROOT%{_sysconfdir}/init.d/rpasswdd
221 :> $RPM_BUILD_ROOT%{_sysconfdir}/shadow
222 :> $RPM_BUILD_ROOT/etc/security/chfn.allow
223 :> $RPM_BUILD_ROOT/etc/security/chsh.allow
228 rm -rf $RPM_BUILD_ROOT
231 if [ ! -f %{_sysconfdir}/shadow ]; then
236 /sbin/chkconfig --add rpasswdd
237 %service rpasswdd restart "rpasswdd daemon"
240 if [ "$1" = "0" ]; then
241 %service rpasswdd stop
242 /sbin/chkconfig --del rpasswdd
245 %files -f %{name}.lang
246 %defattr(644,root,root,755)
247 %doc AUTHORS ChangeLog NEWS README THANKS TODO
248 %attr(600,root,root) %config(noreplace) %verify(not md5 mtime size) %ghost %{_sysconfdir}/shadow
249 %attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/default/*
250 %attr(750,root,root) %dir %{_sysconfdir}/%{name}
251 %attr(750,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/%{name}/*.local
252 %attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/%{name}/logging
253 %attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) /etc/pam.d/chage
254 %attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) /etc/pam.d/chfn
255 %attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) /etc/pam.d/chsh
256 %attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) /etc/pam.d/passwd
257 %attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) /etc/pam.d/useradd
258 %attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) /etc/pam.d/shadow
259 %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/login.defs
260 %attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) /etc/security/chfn.allow
261 %attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) /etc/security/chsh.allow
262 %dir %config(missingok) %attr(700,root,root) /etc/skel/tmp
263 %attr(755,root,root) %{_bindir}/chage
264 %attr(4755,root,root) %{_bindir}/chfn
265 %attr(4755,root,root) %{_bindir}/chsh
266 %attr(4755,root,root) %{_bindir}/expiry
267 %attr(4755,root,root) %{_bindir}/gpasswd
268 %attr(4755,root,root) %{_bindir}/newgrp
269 %attr(4755,root,root) %{_bindir}/passwd
270 %attr(4755,root,root) %{_bindir}/sg
271 %attr(755,root,root) %{_sbindir}/chpasswd
272 %attr(755,root,root) %{_sbindir}/groupadd
273 %attr(755,root,root) %{_sbindir}/groupdel
274 %attr(755,root,root) %{_sbindir}/groupmod
275 %attr(755,root,root) %{_sbindir}/grpconv
276 %attr(755,root,root) %{_sbindir}/grpck
277 %attr(755,root,root) %{_sbindir}/grpunconv
278 %attr(755,root,root) %{_sbindir}/pwconv
279 %attr(755,root,root) %{_sbindir}/pwck
280 %attr(755,root,root) %{_sbindir}/pwunconv
281 %attr(755,root,root) %{_sbindir}/useradd
282 %attr(755,root,root) %{_sbindir}/userdel
283 %attr(755,root,root) %{_sbindir}/usermod
284 %attr(755,root,root) %{_sbindir}/vigr
285 %attr(755,root,root) %{_sbindir}/vipw
286 %dir %{_libdir}/pwdutils
287 %attr(755,root,root) %{_libdir}/pwdutils/liblog_syslog.so*
288 %{_mandir}/man1/chage.1*
289 %{_mandir}/man1/chfn.1*
290 %{_mandir}/man1/chsh.1*
291 %{_mandir}/man1/expiry.1*
292 %{_mandir}/man1/gpasswd.1*
293 %{_mandir}/man1/newgrp.1*
294 %{_mandir}/man1/passwd.1*
295 %{_mandir}/man1/sg.1*
296 %{_mandir}/man5/login.defs.5*
297 %{_mandir}/man8/chpasswd.8*
298 %{_mandir}/man8/groupadd.8*
299 %{_mandir}/man8/groupdel.8*
300 %{_mandir}/man8/groupmod.8*
301 %{_mandir}/man8/grpck.8*
302 %{_mandir}/man8/grpconv.8*
303 %{_mandir}/man8/grpunconv.8*
304 %{_mandir}/man8/pwck.8*
305 %{_mandir}/man8/pwconv.8*
306 %{_mandir}/man8/pwunconv.8*
307 %{_mandir}/man8/useradd.8*
308 %{_mandir}/man8/userdel.8*
309 %{_mandir}/man8/usermod.8*
310 %{_mandir}/man8/vigr.8*
311 %{_mandir}/man8/vipw.8*
315 %defattr(644,root,root,755)
316 %attr(755,root,root) %{_libdir}/pwdutils/liblog_audit.so*
320 %defattr(644,root,root,755)
321 %attr(755,root,root) %{_bindir}/rpasswd
322 %attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/rpasswd.conf
323 %{_mandir}/man1/rpasswd.1*
324 %{_mandir}/man5/rpasswd.conf.5*
327 %defattr(644,root,root,755)
328 %attr(755,root,root) %{_sbindir}/rpasswdd
329 %attr(754,root,root) /etc/rc.d/init.d/rpasswdd
330 %attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) /etc/pam.d/rpasswd
331 %{_mandir}/man8/rpasswdd.8*
333 %files -n pam-pam_rpasswd
334 %defattr(644,root,root,755)
335 %attr(755,root,root) /%{_lib}/security/pam_rpasswd.so
336 %{_mandir}/man8/pam_rpasswd.8*