3 %bcond_without doc # don't build documentation
4 %bcond_with prelude # build with Prelude IDS support
5 %bcond_without selinux # build without SELinux support
6 %bcond_without audit # build with Linux Auditing library support
8 %define pam_pld_version 0.99.8.1-1
10 %define _sbindir /sbin
12 Summary: Pluggable Authentication Modules: modular, incremental authentication
13 Summary(de.UTF-8): Einsteckbare Authentifizierungsmodule: modulare, inkrementäre Authentifizierung
14 Summary(es.UTF-8): Módulos de autentificación plugables (PAM)
15 Summary(fr.UTF-8): PAM : Pluggable Authentication Modules: modular, incremental authentication
16 Summary(pl.UTF-8): Modularny system uwierzytelniania
17 Summary(pt_BR.UTF-8): Módulos de autenticação plugáveis (PAM)
18 Summary(ru.UTF-8): Интструмент, обеспечивающий аутентификацию для приложений
19 Summary(tr.UTF-8): Modüler, artımsal doğrulama birimleri
20 Summary(uk.UTF-8): Інструмент, що забезпечує аутентифікацію для програм
26 Source0: http://ftp.kernel.org/pub/linux/libs/pam/pre/library/Linux-PAM-%{version}.tar.bz2
27 # Source0-md5: f526c794482ce21c31866549e05c45de
28 Source1: http://ftp.kernel.org/pub/linux/libs/pam/pre/library/Linux-PAM-%{version}.tar.bz2.sign
29 # Source1-md5: ffae0c1502acb7866a4a34e4b35eb6ec
30 Source2: ftp://ftp.pld-linux.org/software/pam/pam-pld-%{pam_pld_version}.tar.gz
31 # Source2-md5: d1b70a7456699511d4aef1198d28e791
33 Source4: system-auth.pamd
34 Source5: config-util.pamd
35 Source6: pam_selinux_check.pamd
36 Source7: system-auth.5
37 Source8: config-util.5
38 Patch0: %{name}-pld-modules.patch
39 Patch1: %{name}-modutil_mem_limit.patch
40 Patch2: %{name}-cracklib-try-first-pass.patch
41 Patch3: %{name}-cracklib-enforce.patch
42 Patch4: %{name}-tally-fail-close.patch
43 Patch5: %{name}-unix-blowfish.patch
44 Patch6: %{name}-mkhomedir-new-features.patch
45 Patch7: %{name}-db-gdbm.patch
46 Patch8: %{name}-exec-failok.patch
47 Patch9: %{name}-audit-no-log.patch
48 Patch10: %{name}-namespace-temp-logon.patch
49 Patch11: %{name}-namespace-homedir.patch
50 URL: http://www.kernel.org/pub/linux/libs/pam/
51 %{?with_audit:BuildRequires: audit-libs-devel >= 1.0.8}
52 BuildRequires: autoconf
53 BuildRequires: automake
55 BuildRequires: cracklib-devel >= 2.8.3
56 # gdbm due to db pulling libpthread
57 BuildRequires: gdbm-devel >= 1.8.3-7
59 BuildRequires: glibc-devel >= 6:2.5-0.5
60 %{?with_prelude:BuildRequires: libprelude-devel}
61 %{?with_selinux:BuildRequires: libselinux-devel >= 1.33.2}
62 BuildRequires: libtool >= 2:1.5
64 BuildRequires: docbook-dtd43-xml
65 BuildRequires: docbook-dtd44-xml
66 BuildRequires: docbook-style-xsl >= 1.69.1
69 BuildRequires: libxml2-progs
70 BuildRequires: libxslt-progs
73 Requires(post): coreutils
74 Requires: %{name}-libs = %{epoch}:%{version}-%{release}
76 Requires: /usr/bin/make
81 BuildRoot: %{tmpdir}/%{name}-%{version}-root-%(id -u -n)
84 PAM (Pluggable Authentication Modules) is a powerful, flexible,
85 extensible authentication system which allows the system administrator
86 to configure authentication services individually for every
87 pam-compliant application without recompiling any of the applications.
89 %description -l de.UTF-8
90 PAM (Pluggable Authentication Modules) ist ein leistungsfähiges,
91 flexibles und erweiterbares Authentifizierungssystem, mit dem der
92 Systemverwalter Authentifizierungs-Dienste individuell für jede
93 pam-kompatible Anwendung konfigurieren kann, ohne diese neu
94 kompilieren zu müssen.
96 %description -l es.UTF-8
97 PAM (Módulos de Autenticación Plugables) es un potente, flexible y
98 extensible sistema de autentificación, que permite al administrador
99 del sistema configurar servicios de autentificación individualmente
100 para cada aplicación pam compatible, sin la necesidad de recompilar
101 cualquier una de las aplicaciones.
103 %description -l fr.UTF-8
104 PAM (Pluggable Authentication Modules) est un systéme
105 d'authentification puissant, souple et extensible permettant à
106 l'administrateur système de configurer les individuellement les
107 services d'authentification pour chaque application conforme à PAM,
108 sans recompiler aucune application.
110 %description -l pl.UTF-8
111 PAM (Pluggable Authentication Modules) jest silnym i łatwo
112 dostosowywalnym do potrzeb systemem uwierzytelniania, który umożliwia
113 administratorowi indywidualne konfigurowanie poszczególnych usług,
114 które są dostosowane i skonsolidowane z bibliotekami PAM, bez
115 późniejszej ich rekompilacji w momencie zmiany sposobu
116 uwierzytelniania tychże usług.
118 %description -l pt_BR.UTF-8
119 PAM (Módulos de Autenticação Plugáveis) é um poderoso, flexível e
120 extensível sistema de autenticação, que permite o administrador do
121 sistema configurar serviços de autenticação individualmente para cada
122 aplicação pam compatível, sem necessidade de recompilar qualquer uma
125 %description -l uk.UTF-8
126 PAM (Pluggable Authentication Modules) - це потужна, гнучка, здатна до
127 розширення система аутентикації, яка дозволяє системному
128 адміністратору налагоджувати севіси авторизації доступу (аутентикації)
129 індивідуально для кожної pam-сумісної програми без необхідності
130 перекомпіляції самої програми. Це базовий механізм аутентикації в PLD
133 %description -l tr.UTF-8
134 PAM (Pluggable Authentication Modules) sistem yöneticilerinin
135 uygulamalardan herhangi birini yeniden derlemeksizin bütün PAM uyumlu
136 uygulamalar için doğrulama hizmetlerini ayarlamalarına yardımcı olan,
137 güclü, esnek ve kapsamlı bir doğrulama sistemidir.
139 %description -l ru.UTF-8
140 PAM (Pluggable Authentication Modules) - это мощная, гибкая,
141 расширяемая система аутентикации, позволяющая системному
142 администратору конфигурировать сервисы авторизации доступа
143 (аутентикации) индивидуально для каждой pam-совместимой программы без
144 необходимости перекомпилляции самой программы. Это базовый механизм
145 аутентикации в PLD Linux.
148 Summary: PAM modules and libraries
149 Summary(pl.UTF-8): Moduły i biblioteki PAM
151 Conflicts: pam < 0:0.80.1-2
152 Requires(triggerpostun): sed >= 4.0
153 Requires: cracklib >= 2.8.3
154 Requires: cracklib-dicts >= 2.8.3
155 Requires: gdbm >= 1.8.3-7
156 Requires: glibc >= 6:2.5-0.5
157 %{?with_audit:Requires: audit-libs >= 1.0.8}
158 %{?with_selinux:Requires: libselinux >= 1.33.2}
159 Obsoletes: pam-pam_cap
160 Obsoletes: pam-pam_opie
161 Obsoletes: pam-pam_pwdb
162 Obsoletes: pam-pam_radius
163 Obsoletes: pam-pam_skey
164 Obsoletes: pam-pam_tcpd
167 Core PAM modules and libraries.
169 %description libs -l pl.UTF-8
170 Moduły i biblioteki PAM.
173 Summary: PAM header files
174 Summary(pl.UTF-8): Pliki nagłówkowe i dokumentacja programisty do PAM
175 Summary(pt_BR.UTF-8): Bibliotecas e arquivos de inclusão para desenvolvimento com PAM
176 Summary(ru.UTF-8): Библиотеки разработчика для PAM
177 Summary(uk.UTF-8): Бібліотеки програміста для PAM
178 Group: Development/Libraries
179 Requires: %{name} = %{epoch}:%{version}-%{release}
180 %{?with_audit:Requires: audit-libs-devel >= 1.0.8}
181 Requires: filesystem >= 3.0-11
184 Header files for developing PAM based applications.
186 %description devel -l pl.UTF-8
187 Pliki nagłówkowe i dokumentacja programisty do PAM.
189 %description devel -l pt_BR.UTF-8
190 Bibliotecas e arquivos de inclusão para desenvolvimento com PAM
192 %description devel -l ru.UTF-8
193 Этот пакет содержит хедеры и библиотеки разработчика для PAM.
195 %description devel -l uk.UTF-8
196 Цей пакет містить хедери та бібліотеки програміста для PAM.
199 Summary: PAM static libraries
200 Summary(pl.UTF-8): Biblioteki statyczne PAM
201 Summary(ru.UTF-8): Статические библиотеки разработчика для PAM
202 Summary(uk.UTF-8): Статичні бібліотеки програміста для PAM
203 Group: Development/Libraries
204 Requires: %{name}-devel = %{epoch}:%{version}-%{release}
207 PAM static libraries.
209 %description static -l pl.UTF-8
210 Biblioteki statyczne PAM.
212 %description static -l ru.UTF-8
213 Этот пакет содержит статические библиотеки разработчика для PAM.
215 %description static -l uk.UTF-8
216 Цей пакет містить статичні бібліотеки програміста для PAM.
219 Summary: PAM module - SELinux support
220 Summary(pl.UTF-8): Moduł PAM pozwalający na zmianę kontekstów SELinuksa
223 %description pam_selinux
224 PAM module - SELinux support.
226 %description pam_selinux -l pl.UTF-8
227 Moduł PAM pozwalający na zmianę kontekstów SELinuksa.
230 %setup -q -a2 -n Linux-PAM-%{version}
254 --includedir=%{_includedir}/security \
255 --enable-isadir=../../%{_lib}/security \
257 %{!?with_selinux:--disable-selinux} \
258 %{!?with_prelude:--disable-prelude} \
259 %{!?with_audit:--disable-audit}
261 # we must explicitely update-gmo as we patch a po file
262 %{__make} -C po update-gmo
266 rm -rf $RPM_BUILD_ROOT
267 install -d $RPM_BUILD_ROOT{%{_libdir},/etc/pam.d,/var/log}
270 DESTDIR=$RPM_BUILD_ROOT
273 install modules/pam_selinux/.libs/pam_selinux_check $RPM_BUILD_ROOT%{_sbindir}
274 install modules/pam_selinux/pam_selinux_check.8 $RPM_BUILD_ROOT%{_mandir}/man8
275 install %{SOURCE6} $RPM_BUILD_ROOT/etc/pam.d/pam_selinux_check
279 for r in modules/pam_*/README ; do
280 cp -f $r doc/txts/README.$(basename $(dirname $r))
283 cp -f doc/index.html doc/html/
285 # fix PAM/pam man page
286 echo ".so PAM.8" > $RPM_BUILD_ROOT%{_mandir}/man8/pam.8
288 :> $RPM_BUILD_ROOT/etc/security/opasswd
289 :> $RPM_BUILD_ROOT/etc/security/blacklist
291 #:> $RPM_BUILD_ROOT/var/log/faillog
292 :> $RPM_BUILD_ROOT/var/log/tallylog
294 mv -f $RPM_BUILD_ROOT/%{_lib}/lib*.a $RPM_BUILD_ROOT%{_libdir}
296 cd $RPM_BUILD_ROOT/%{_lib}
297 for f in lib*.la ; do
298 sed -e 's|/%{_lib}/libpam|%{_libdir}/libpam|g' $f > $RPM_BUILD_ROOT%{_libdir}/$f
300 sed -i -e "s|libdir='/%{_lib}|libdir='%{_libdir}|g" $RPM_BUILD_ROOT%{_libdir}/$f
302 ln -sf /%{_lib}/$(echo libpam.so.*.*.*) $RPM_BUILD_ROOT%{_libdir}/libpam.so
303 ln -sf /%{_lib}/$(echo libpam_misc.so.*.*.*) $RPM_BUILD_ROOT%{_libdir}/libpam_misc.so
304 ln -sf /%{_lib}/$(echo libpamc.so.*.*.*) $RPM_BUILD_ROOT%{_libdir}/libpamc.so
307 install %{SOURCE3} $RPM_BUILD_ROOT/etc/pam.d/other
308 install %{SOURCE4} $RPM_BUILD_ROOT/etc/pam.d/system-auth
309 install %{SOURCE5} $RPM_BUILD_ROOT/etc/pam.d/config-util
311 install %{SOURCE7} $RPM_BUILD_ROOT%{_mandir}/man5/system-auth.5
312 install %{SOURCE8} $RPM_BUILD_ROOT%{_mandir}/man5/config-util.5
314 # Make sure every module subdirectory gave us a module. Yes, this is hackish.
315 for dir in modules/pam_* ; do
316 %if %{without selinux}
317 [ ${dir} = "modules/pam_selinux" ] && continue
319 if [ -d ${dir} ] ; then
320 if ! ls -1 $RPM_BUILD_ROOT/%{_lib}/security/`basename ${dir}`*.so ; then
321 echo ERROR `basename ${dir}` did not build a module.
327 for module in $RPM_BUILD_ROOT/%{_lib}/security/pam*.so ; do
328 # Check for module problems. Specifically, check that every module we just
329 # installed can actually be loaded by a minimal PAM-aware application.
330 if ! env LD_LIBRARY_PATH=$RPM_BUILD_ROOT/%{_lib} \
331 ./dlopen.sh -ldl -lpam -L$RPM_BUILD_ROOT/%{_lib} ${module} ; then
332 echo ERROR module: ${module} cannot be loaded.
335 # And for good measure, make sure that none of the modules pull in threading
336 # libraries, which if loaded in a non-threaded application, can cause Very
337 # Bad Things to happen.
338 if env LD_LIBRARY_PATH=$RPM_BUILD_ROOT/%{_lib} \
339 LD_PRELOAD=$RPM_BUILD_ROOT/%{_lib}/libpam.so ldd -r ${module} | \
340 fgrep -q libpthread ; then
341 echo ERROR module: ${module} pulls threading libraries.
346 # useless - shut up check-files
347 rm -f $RPM_BUILD_ROOT/%{_lib}/security/*.{la,a}
348 rm -rf $RPM_BUILD_ROOT%{_datadir}/doc/Linux-PAM
350 %if %{without selinux}
351 rm -rf $RPM_BUILD_ROOT{/%{_lib}/security/pam_selinux.so,%{_sbindir}/pam_selinux_check,%{_mandir}/man8/pam_selinux*.8*}
357 rm -rf $RPM_BUILD_ROOT
359 %triggerpostun libs -- %{name}-libs < 0.99.7.1
360 for f in `grep -l "\(pam_make\|pam_homedir\)" /etc/pam.d/*` ; do
362 *rpmorig|*rpmnew|*rpmsave|*~|*.orig)
366 cp -f "$f" "$f.rpmorig"
367 sed -i -e 's/pam_make\.so \(.*\)/pam_exec.so failok seteuid \/usr\/bin\/make -C \1/g' \
368 -e 's/pam_homedir\.so/pam_mkhomedir.so/g' "$f"
372 if [ -d /var/lock/console -a -d /var/run/console ]; then
373 cp -a /var/lock/console/* /var/run/console/ 2> /dev/null
374 rm -rf /var/lock/console
378 #if [ ! -a /var/log/faillog ] ; then
379 # touch /var/log/faillog
380 # chmod 600 /var/log/faillog
382 if [ ! -a /var/log/tallylog ] ; then
383 touch /var/log/tallylog
384 chmod 600 /var/log/tallylog
387 %post libs -p /sbin/ldconfig
388 %postun libs -p /sbin/ldconfig
390 %files -f Linux-PAM.lang
391 %defattr(644,root,root,755)
392 %doc AUTHORS CHANGELOG ChangeLog Copyright NEWS
393 %doc doc/txts/README*
396 %doc doc/sag/Linux-PAM_*.txt
399 %dir %attr(755,root,root) /etc/pam.d
400 %dir %attr(755,root,root) /etc/security/console.apps
401 %dir %attr(755,root,root) /etc/security/console.perms.d
402 %dir %attr(755,root,root) /var/run/console
403 %config(noreplace) %verify(not md5 mtime size) /etc/environment
404 %config(noreplace) %verify(not md5 mtime size) /etc/pam.d/other
405 %config(noreplace) %verify(not md5 mtime size) /etc/pam.d/system-auth
406 %config(noreplace) %verify(not md5 mtime size) /etc/pam.d/config-util
407 %config(noreplace) %verify(not md5 mtime size) /etc/security/access.conf
408 %config(noreplace) %verify(not md5 mtime size) /etc/security/blacklist
409 %config(noreplace) %verify(not md5 mtime size) /etc/security/console.handlers
410 %config(noreplace) %verify(not md5 mtime size) /etc/security/console.perms
411 %config(noreplace) %verify(not md5 mtime size) /etc/security/group.conf
412 %config(noreplace) %verify(not md5 mtime size) /etc/security/limits.conf
413 %config(noreplace) %verify(not md5 mtime size) /etc/security/namespace.conf
414 %attr(755,root,root) %config(noreplace) %verify(not md5 mtime size) /etc/security/namespace.init
415 %config(noreplace) %verify(not md5 mtime size) /etc/security/pam_env.conf
416 %config(noreplace) %verify(not md5 mtime size) /etc/security/time.conf
417 %config(noreplace) %verify(not md5 mtime size) /etc/security/trigram*
418 %config /etc/security/console.perms.d/50-default.perms
419 %attr(600,root,root) %config(noreplace) %verify(not md5 mtime size) /etc/security/opasswd
420 %attr(4755,root,root) /sbin/unix_chkpwd
421 %attr(755,root,root) %{_bindir}/pam_pwgen
422 %attr(755,root,root) %{_sbindir}/pam_console_apply
423 %attr(755,root,root) %{_sbindir}/pam_tally
424 %attr(755,root,root) %{_sbindir}/pam_tally2
425 %attr(755,root,root) %{_sbindir}/pam_timestamp_check
426 %attr(755,root,root) %{_sbindir}/pwgen_trigram
428 %{_mandir}/man8/PAM.*
429 %{_mandir}/man8/pam.*
430 %{_mandir}/man8/pam_[a-r]*
431 %{_mandir}/man8/pam_securetty*
432 %{_mandir}/man8/pam_shells*
433 %{_mandir}/man8/pam_succeed_if*
434 %{_mandir}/man8/pam_[t-x]*
435 %{_mandir}/man8/unix_chkpwd*
436 #%ghost %verify(not md5 size mtime) /var/log/faillog
437 %ghost %verify(not md5 size mtime) /var/log/tallylog
440 %defattr(644,root,root,755)
441 %dir /%{_lib}/security/pam_filter
442 %attr(755,root,root) /%{_lib}/lib*.so.*.*
443 %attr(755,root,root) /%{_lib}/security/pam_access.so
444 %attr(755,root,root) /%{_lib}/security/pam_console.so
445 %attr(755,root,root) /%{_lib}/security/pam_cracklib.so
446 %attr(755,root,root) /%{_lib}/security/pam_debug.so
447 %attr(755,root,root) /%{_lib}/security/pam_deny.so
448 %attr(755,root,root) /%{_lib}/security/pam_echo.so
449 %attr(755,root,root) /%{_lib}/security/pam_env.so
450 %attr(755,root,root) /%{_lib}/security/pam_exec.so
451 %attr(755,root,root) /%{_lib}/security/pam_faildelay.so
452 %attr(755,root,root) /%{_lib}/security/pam_filter.so
453 %attr(755,root,root) /%{_lib}/security/pam_filter/upperLOWER
454 %attr(755,root,root) /%{_lib}/security/pam_ftp.so
455 %attr(755,root,root) /%{_lib}/security/pam_group.so
456 %attr(755,root,root) /%{_lib}/security/pam_issue.so
457 %attr(755,root,root) /%{_lib}/security/pam_keyinit.so
458 %attr(755,root,root) /%{_lib}/security/pam_lastlog.so
459 %attr(755,root,root) /%{_lib}/security/pam_limits.so
460 %attr(755,root,root) /%{_lib}/security/pam_listfile.so
461 %attr(755,root,root) /%{_lib}/security/pam_localuser.so
462 %attr(755,root,root) /%{_lib}/security/pam_loginuid.so
463 %attr(755,root,root) /%{_lib}/security/pam_mail.so
464 %attr(755,root,root) /%{_lib}/security/pam_mkhomedir.so
465 %attr(755,root,root) /%{_lib}/security/pam_motd.so
466 %attr(755,root,root) /%{_lib}/security/pam_namespace.so
467 %attr(755,root,root) /%{_lib}/security/pam_nologin.so
468 %attr(755,root,root) /%{_lib}/security/pam_permit.so
469 %attr(755,root,root) /%{_lib}/security/pam_pwexport.so
470 %attr(755,root,root) /%{_lib}/security/pam_pwgen.so
471 %attr(755,root,root) /%{_lib}/security/pam_rhosts_auth.so
472 %attr(755,root,root) /%{_lib}/security/pam_rhosts.so
473 %attr(755,root,root) /%{_lib}/security/pam_rootok.so
474 %attr(755,root,root) /%{_lib}/security/pam_rps.so
475 %attr(755,root,root) /%{_lib}/security/pam_securetty.so
476 %attr(755,root,root) /%{_lib}/security/pam_shells.so
477 %attr(755,root,root) /%{_lib}/security/pam_stress.so
478 %attr(755,root,root) /%{_lib}/security/pam_succeed_if.so
479 %attr(755,root,root) /%{_lib}/security/pam_tally2.so
480 %attr(755,root,root) /%{_lib}/security/pam_tally.so
481 %attr(755,root,root) /%{_lib}/security/pam_time.so
482 %attr(755,root,root) /%{_lib}/security/pam_timestamp.so
483 %attr(755,root,root) /%{_lib}/security/pam_umask.so
484 %attr(755,root,root) /%{_lib}/security/pam_unix.so
485 %attr(755,root,root) /%{_lib}/security/pam_userdb.so
486 %attr(755,root,root) /%{_lib}/security/pam_warn.so
487 %attr(755,root,root) /%{_lib}/security/pam_wheel.so
488 %attr(755,root,root) /%{_lib}/security/pam_xauth.so
491 %defattr(644,root,root,755)
493 %doc doc/{adg,mwg}/Linux-PAM_*.txt
494 %doc doc/{adg,mwg,}/html
496 %attr(755,root,root) %{_libdir}/lib*.so
498 %{_includedir}/security/*.h
502 %defattr(644,root,root,755)
505 %{_libdir}/libpam_misc.a
509 %defattr(644,root,root,755)
510 %attr(755,root,root) /%{_lib}/security/pam_selinux.so
511 %attr(755,root,root) %{_sbindir}/pam_selinux_check
512 %config(noreplace) %verify(not size mtime md5) /etc/pam.d/pam_selinux_check
513 %{_mandir}/man8/pam_selinux*.8*