3 %bcond_without doc # don't build documentation
4 %bcond_with prelude # build with Prelude IDS support
5 %bcond_without selinux # build without SELinux support
6 %bcond_without audit # build with Linux Auditing library support
8 %define pam_pld_version 0.99.9.0-1
10 %define _sbindir /sbin
12 Summary: Pluggable Authentication Modules: modular, incremental authentication
13 Summary(de.UTF-8): Einsteckbare Authentifizierungsmodule: modulare, inkrementäre Authentifizierung
14 Summary(es.UTF-8): Módulos de autentificación plugables (PAM)
15 Summary(fr.UTF-8): PAM : Pluggable Authentication Modules: modular, incremental authentication
16 Summary(pl.UTF-8): Modularny system uwierzytelniania
17 Summary(pt_BR.UTF-8): Módulos de autenticação plugáveis (PAM)
18 Summary(ru.UTF-8): Интструмент, обеспечивающий аутентификацию для приложений
19 Summary(tr.UTF-8): Modüler, artımsal doğrulama birimleri
20 Summary(uk.UTF-8): Інструмент, що забезпечує аутентифікацію для програм
26 Source0: http://ftp.kernel.org/pub/linux/libs/pam/pre/library/Linux-PAM-%{version}.tar.bz2
27 # Source0-md5: f526c794482ce21c31866549e05c45de
28 Source1: http://ftp.kernel.org/pub/linux/libs/pam/pre/library/Linux-PAM-%{version}.tar.bz2.sign
29 # Source1-md5: ffae0c1502acb7866a4a34e4b35eb6ec
30 Source2: ftp://ftp.pld-linux.org/software/pam/pam-pld-%{pam_pld_version}.tar.gz
31 # Source2-md5: a92ff06ff3ab5f96a7e1aaa04ef77fa7
33 Source4: system-auth.pamd
34 Source5: config-util.pamd
35 Source6: pam_selinux_check.pamd
36 Source7: system-auth.5
37 Source8: config-util.5
38 Patch0: %{name}-pld-modules.patch
39 Patch1: %{name}-modutil_mem_limit.patch
40 Patch2: %{name}-cracklib-try-first-pass.patch
41 Patch3: %{name}-cracklib-enforce.patch
42 Patch4: %{name}-tally-fail-close.patch
43 Patch5: %{name}-unix-blowfish.patch
44 Patch6: %{name}-mkhomedir-new-features.patch
45 Patch7: %{name}-db-gdbm.patch
46 Patch8: %{name}-exec-failok.patch
47 Patch9: %{name}-audit-no-log.patch
48 Patch10: %{name}-namespace-temp-logon.patch
49 Patch11: %{name}-namespace-homedir.patch
50 Patch12: %{name}-selinux-permit.patch
51 URL: http://www.kernel.org/pub/linux/libs/pam/
52 %{?with_audit:BuildRequires: audit-libs-devel >= 1.0.8}
53 BuildRequires: autoconf
54 BuildRequires: automake
56 BuildRequires: cracklib-devel >= 2.8.3
57 # gdbm due to db pulling libpthread
58 BuildRequires: gdbm-devel >= 1.8.3-7
60 BuildRequires: glibc-devel >= 6:2.5-0.5
61 %{?with_prelude:BuildRequires: libprelude-devel}
62 %{?with_selinux:BuildRequires: libselinux-devel >= 1.33.2}
63 BuildRequires: libtool >= 2:1.5
65 BuildRequires: docbook-dtd43-xml
66 BuildRequires: docbook-dtd44-xml
67 BuildRequires: docbook-style-xsl >= 1.69.1
70 BuildRequires: libxml2-progs
71 BuildRequires: libxslt-progs
74 Requires(post): coreutils
75 Requires: %{name}-libs = %{epoch}:%{version}-%{release}
77 Requires: /usr/bin/make
82 BuildRoot: %{tmpdir}/%{name}-%{version}-root-%(id -u -n)
85 PAM (Pluggable Authentication Modules) is a powerful, flexible,
86 extensible authentication system which allows the system administrator
87 to configure authentication services individually for every
88 pam-compliant application without recompiling any of the applications.
90 %description -l de.UTF-8
91 PAM (Pluggable Authentication Modules) ist ein leistungsfähiges,
92 flexibles und erweiterbares Authentifizierungssystem, mit dem der
93 Systemverwalter Authentifizierungs-Dienste individuell für jede
94 pam-kompatible Anwendung konfigurieren kann, ohne diese neu
95 kompilieren zu müssen.
97 %description -l es.UTF-8
98 PAM (Módulos de Autenticación Plugables) es un potente, flexible y
99 extensible sistema de autentificación, que permite al administrador
100 del sistema configurar servicios de autentificación individualmente
101 para cada aplicación pam compatible, sin la necesidad de recompilar
102 cualquier una de las aplicaciones.
104 %description -l fr.UTF-8
105 PAM (Pluggable Authentication Modules) est un systéme
106 d'authentification puissant, souple et extensible permettant à
107 l'administrateur système de configurer les individuellement les
108 services d'authentification pour chaque application conforme à PAM,
109 sans recompiler aucune application.
111 %description -l pl.UTF-8
112 PAM (Pluggable Authentication Modules) jest silnym i łatwo
113 dostosowywalnym do potrzeb systemem uwierzytelniania, który umożliwia
114 administratorowi indywidualne konfigurowanie poszczególnych usług,
115 które są dostosowane i skonsolidowane z bibliotekami PAM, bez
116 późniejszej ich rekompilacji w momencie zmiany sposobu
117 uwierzytelniania tychże usług.
119 %description -l pt_BR.UTF-8
120 PAM (Módulos de Autenticação Plugáveis) é um poderoso, flexível e
121 extensível sistema de autenticação, que permite o administrador do
122 sistema configurar serviços de autenticação individualmente para cada
123 aplicação pam compatível, sem necessidade de recompilar qualquer uma
126 %description -l uk.UTF-8
127 PAM (Pluggable Authentication Modules) - це потужна, гнучка, здатна до
128 розширення система аутентикації, яка дозволяє системному
129 адміністратору налагоджувати севіси авторизації доступу (аутентикації)
130 індивідуально для кожної pam-сумісної програми без необхідності
131 перекомпіляції самої програми. Це базовий механізм аутентикації в PLD
134 %description -l tr.UTF-8
135 PAM (Pluggable Authentication Modules) sistem yöneticilerinin
136 uygulamalardan herhangi birini yeniden derlemeksizin bütün PAM uyumlu
137 uygulamalar için doğrulama hizmetlerini ayarlamalarına yardımcı olan,
138 güclü, esnek ve kapsamlı bir doğrulama sistemidir.
140 %description -l ru.UTF-8
141 PAM (Pluggable Authentication Modules) - это мощная, гибкая,
142 расширяемая система аутентикации, позволяющая системному
143 администратору конфигурировать сервисы авторизации доступа
144 (аутентикации) индивидуально для каждой pam-совместимой программы без
145 необходимости перекомпилляции самой программы. Это базовый механизм
146 аутентикации в PLD Linux.
149 Summary: PAM modules and libraries
150 Summary(pl.UTF-8): Moduły i biblioteki PAM
152 Conflicts: pam < 0:0.80.1-2
153 Requires(triggerpostun): sed >= 4.0
154 Requires: cracklib >= 2.8.3
155 Requires: cracklib-dicts >= 2.8.3
156 Requires: gdbm >= 1.8.3-7
157 Requires: glibc >= 6:2.5-0.5
158 %{?with_audit:Requires: audit-libs >= 1.0.8}
159 %{?with_selinux:Requires: libselinux >= 1.33.2}
160 Obsoletes: pam-pam_cap
161 Obsoletes: pam-pam_opie
162 Obsoletes: pam-pam_pwdb
163 Obsoletes: pam-pam_radius
164 Obsoletes: pam-pam_skey
165 Obsoletes: pam-pam_tcpd
168 Core PAM modules and libraries.
170 %description libs -l pl.UTF-8
171 Moduły i biblioteki PAM.
174 Summary: PAM header files
175 Summary(pl.UTF-8): Pliki nagłówkowe i dokumentacja programisty do PAM
176 Summary(pt_BR.UTF-8): Bibliotecas e arquivos de inclusão para desenvolvimento com PAM
177 Summary(ru.UTF-8): Библиотеки разработчика для PAM
178 Summary(uk.UTF-8): Бібліотеки програміста для PAM
179 Group: Development/Libraries
180 Requires: %{name} = %{epoch}:%{version}-%{release}
181 %{?with_audit:Requires: audit-libs-devel >= 1.0.8}
182 Requires: filesystem >= 3.0-11
185 Header files for developing PAM based applications.
187 %description devel -l pl.UTF-8
188 Pliki nagłówkowe i dokumentacja programisty do PAM.
190 %description devel -l pt_BR.UTF-8
191 Bibliotecas e arquivos de inclusão para desenvolvimento com PAM
193 %description devel -l ru.UTF-8
194 Этот пакет содержит хедеры и библиотеки разработчика для PAM.
196 %description devel -l uk.UTF-8
197 Цей пакет містить хедери та бібліотеки програміста для PAM.
200 Summary: PAM static libraries
201 Summary(pl.UTF-8): Biblioteki statyczne PAM
202 Summary(ru.UTF-8): Статические библиотеки разработчика для PAM
203 Summary(uk.UTF-8): Статичні бібліотеки програміста для PAM
204 Group: Development/Libraries
205 Requires: %{name}-devel = %{epoch}:%{version}-%{release}
208 PAM static libraries.
210 %description static -l pl.UTF-8
211 Biblioteki statyczne PAM.
213 %description static -l ru.UTF-8
214 Этот пакет содержит статические библиотеки разработчика для PAM.
216 %description static -l uk.UTF-8
217 Цей пакет містить статичні бібліотеки програміста для PAM.
220 Summary: PAM module - SELinux support
221 Summary(pl.UTF-8): Moduł PAM pozwalający na zmianę kontekstów SELinuksa
224 %description pam_selinux
225 PAM module - SELinux support.
227 %description pam_selinux -l pl.UTF-8
228 Moduł PAM pozwalający na zmianę kontekstów SELinuksa.
231 %setup -q -a2 -n Linux-PAM-%{version}
256 --includedir=%{_includedir}/security \
257 --enable-isadir=../../%{_lib}/security \
259 %{!?with_selinux:--disable-selinux} \
260 %{!?with_prelude:--disable-prelude} \
261 %{!?with_audit:--disable-audit}
263 # we must explicitely update-gmo as we patch a po file
264 %{__make} -C po update-gmo
268 rm -rf $RPM_BUILD_ROOT
269 install -d $RPM_BUILD_ROOT{%{_libdir},/etc/pam.d,/var/log}
272 DESTDIR=$RPM_BUILD_ROOT
275 install modules/pam_selinux/.libs/pam_selinux_check $RPM_BUILD_ROOT%{_sbindir}
276 install modules/pam_selinux/pam_selinux_check.8 $RPM_BUILD_ROOT%{_mandir}/man8
277 install %{SOURCE6} $RPM_BUILD_ROOT/etc/pam.d/pam_selinux_check
281 for r in modules/pam_*/README ; do
282 cp -f $r doc/txts/README.$(basename $(dirname $r))
285 cp -f doc/index.html doc/html/
287 # fix PAM/pam man page
288 echo ".so PAM.8" > $RPM_BUILD_ROOT%{_mandir}/man8/pam.8
290 :> $RPM_BUILD_ROOT/etc/security/opasswd
291 :> $RPM_BUILD_ROOT/etc/security/blacklist
293 #:> $RPM_BUILD_ROOT/var/log/faillog
294 :> $RPM_BUILD_ROOT/var/log/tallylog
296 mv -f $RPM_BUILD_ROOT/%{_lib}/lib*.a $RPM_BUILD_ROOT%{_libdir}
298 cd $RPM_BUILD_ROOT/%{_lib}
299 for f in lib*.la ; do
300 sed -e 's|/%{_lib}/libpam|%{_libdir}/libpam|g' $f > $RPM_BUILD_ROOT%{_libdir}/$f
302 sed -i -e "s|libdir='/%{_lib}|libdir='%{_libdir}|g" $RPM_BUILD_ROOT%{_libdir}/$f
304 ln -sf /%{_lib}/$(echo libpam.so.*.*.*) $RPM_BUILD_ROOT%{_libdir}/libpam.so
305 ln -sf /%{_lib}/$(echo libpam_misc.so.*.*.*) $RPM_BUILD_ROOT%{_libdir}/libpam_misc.so
306 ln -sf /%{_lib}/$(echo libpamc.so.*.*.*) $RPM_BUILD_ROOT%{_libdir}/libpamc.so
309 install %{SOURCE3} $RPM_BUILD_ROOT/etc/pam.d/other
310 install %{SOURCE4} $RPM_BUILD_ROOT/etc/pam.d/system-auth
311 install %{SOURCE5} $RPM_BUILD_ROOT/etc/pam.d/config-util
313 install %{SOURCE7} $RPM_BUILD_ROOT%{_mandir}/man5/system-auth.5
314 install %{SOURCE8} $RPM_BUILD_ROOT%{_mandir}/man5/config-util.5
316 # Make sure every module subdirectory gave us a module. Yes, this is hackish.
317 for dir in modules/pam_* ; do
318 %if %{without selinux}
319 [ ${dir} = "modules/pam_selinux" ] && continue
321 if [ -d ${dir} ] ; then
322 if ! ls -1 $RPM_BUILD_ROOT/%{_lib}/security/`basename ${dir}`*.so ; then
323 echo ERROR `basename ${dir}` did not build a module.
329 for module in $RPM_BUILD_ROOT/%{_lib}/security/pam*.so ; do
330 # Check for module problems. Specifically, check that every module we just
331 # installed can actually be loaded by a minimal PAM-aware application.
332 if ! env LD_LIBRARY_PATH=$RPM_BUILD_ROOT/%{_lib} \
333 ./dlopen.sh -ldl -lpam -L$RPM_BUILD_ROOT/%{_lib} ${module} ; then
334 echo ERROR module: ${module} cannot be loaded.
337 # And for good measure, make sure that none of the modules pull in threading
338 # libraries, which if loaded in a non-threaded application, can cause Very
339 # Bad Things to happen.
340 if env LD_LIBRARY_PATH=$RPM_BUILD_ROOT/%{_lib} \
341 LD_PRELOAD=$RPM_BUILD_ROOT/%{_lib}/libpam.so ldd -r ${module} | \
342 fgrep -q libpthread ; then
343 echo ERROR module: ${module} pulls threading libraries.
348 # useless - shut up check-files
349 rm -f $RPM_BUILD_ROOT/%{_lib}/security/*.{la,a}
350 rm -rf $RPM_BUILD_ROOT%{_datadir}/doc/Linux-PAM
352 %if %{without selinux}
353 rm -rf $RPM_BUILD_ROOT{/%{_lib}/security/pam_selinux.so,%{_sbindir}/pam_selinux_check,%{_mandir}/man8/pam_selinux*.8*}
359 rm -rf $RPM_BUILD_ROOT
361 %triggerpostun libs -- %{name}-libs < 0.99.7.1
362 for f in `grep -l "\(pam_make\|pam_homedir\)" /etc/pam.d/*` ; do
364 *rpmorig|*rpmnew|*rpmsave|*~|*.orig)
368 cp -f "$f" "$f.rpmorig"
369 sed -i -e 's/pam_make\.so \(.*\)/pam_exec.so failok seteuid \/usr\/bin\/make -C \1/g' \
370 -e 's/pam_homedir\.so/pam_mkhomedir.so/g' "$f"
374 if [ -d /var/lock/console -a -d /var/run/console ]; then
375 cp -a /var/lock/console/* /var/run/console/ 2> /dev/null
376 rm -rf /var/lock/console
380 #if [ ! -a /var/log/faillog ] ; then
381 # touch /var/log/faillog
382 # chmod 600 /var/log/faillog
384 if [ ! -a /var/log/tallylog ] ; then
385 touch /var/log/tallylog
386 chmod 600 /var/log/tallylog
389 %post libs -p /sbin/ldconfig
390 %postun libs -p /sbin/ldconfig
392 %files -f Linux-PAM.lang
393 %defattr(644,root,root,755)
394 %doc AUTHORS CHANGELOG ChangeLog Copyright NEWS
395 %doc doc/txts/README*
398 %doc doc/sag/Linux-PAM_*.txt
401 %dir %attr(755,root,root) /etc/pam.d
402 %dir %attr(755,root,root) /etc/security/console.apps
403 %dir %attr(755,root,root) /etc/security/console.perms.d
404 %dir %attr(755,root,root) /var/run/console
405 %config(noreplace) %verify(not md5 mtime size) /etc/environment
406 %config(noreplace) %verify(not md5 mtime size) /etc/pam.d/other
407 %config(noreplace) %verify(not md5 mtime size) /etc/pam.d/system-auth
408 %config(noreplace) %verify(not md5 mtime size) /etc/pam.d/config-util
409 %config(noreplace) %verify(not md5 mtime size) /etc/security/access.conf
410 %config(noreplace) %verify(not md5 mtime size) /etc/security/blacklist
411 %config(noreplace) %verify(not md5 mtime size) /etc/security/console.handlers
412 %config(noreplace) %verify(not md5 mtime size) /etc/security/console.perms
413 %config(noreplace) %verify(not md5 mtime size) /etc/security/group.conf
414 %config(noreplace) %verify(not md5 mtime size) /etc/security/limits.conf
415 %config(noreplace) %verify(not md5 mtime size) /etc/security/namespace.conf
416 %attr(755,root,root) %config(noreplace) %verify(not md5 mtime size) /etc/security/namespace.init
417 %config(noreplace) %verify(not md5 mtime size) /etc/security/pam_env.conf
418 %config(noreplace) %verify(not md5 mtime size) /etc/security/time.conf
419 %config(noreplace) %verify(not md5 mtime size) /etc/security/trigram*
420 %config /etc/security/console.perms.d/50-default.perms
421 %attr(600,root,root) %config(noreplace) %verify(not md5 mtime size) /etc/security/opasswd
422 %attr(4755,root,root) /sbin/unix_chkpwd
423 %attr(755,root,root) %{_bindir}/pam_pwgen
424 %attr(755,root,root) %{_sbindir}/pam_console_apply
425 %attr(755,root,root) %{_sbindir}/pam_tally
426 %attr(755,root,root) %{_sbindir}/pam_tally2
427 %attr(755,root,root) %{_sbindir}/pam_timestamp_check
428 %attr(755,root,root) %{_sbindir}/pwgen_trigram
430 %{_mandir}/man8/PAM.*
431 %{_mandir}/man8/pam.*
432 %{_mandir}/man8/pam_[a-r]*
433 %{_mandir}/man8/pam_securetty*
434 %{_mandir}/man8/pam_shells*
435 %{_mandir}/man8/pam_succeed_if*
436 %{_mandir}/man8/pam_[t-x]*
437 %{_mandir}/man8/unix_chkpwd*
438 #%ghost %verify(not md5 size mtime) /var/log/faillog
439 %ghost %verify(not md5 size mtime) /var/log/tallylog
442 %defattr(644,root,root,755)
443 %dir /%{_lib}/security/pam_filter
444 %attr(755,root,root) /%{_lib}/lib*.so.*.*
445 %attr(755,root,root) /%{_lib}/security/pam_access.so
446 %attr(755,root,root) /%{_lib}/security/pam_console.so
447 %attr(755,root,root) /%{_lib}/security/pam_cracklib.so
448 %attr(755,root,root) /%{_lib}/security/pam_debug.so
449 %attr(755,root,root) /%{_lib}/security/pam_deny.so
450 %attr(755,root,root) /%{_lib}/security/pam_echo.so
451 %attr(755,root,root) /%{_lib}/security/pam_env.so
452 %attr(755,root,root) /%{_lib}/security/pam_exec.so
453 %attr(755,root,root) /%{_lib}/security/pam_faildelay.so
454 %attr(755,root,root) /%{_lib}/security/pam_filter.so
455 %attr(755,root,root) /%{_lib}/security/pam_filter/upperLOWER
456 %attr(755,root,root) /%{_lib}/security/pam_ftp.so
457 %attr(755,root,root) /%{_lib}/security/pam_group.so
458 %attr(755,root,root) /%{_lib}/security/pam_issue.so
459 %attr(755,root,root) /%{_lib}/security/pam_keyinit.so
460 %attr(755,root,root) /%{_lib}/security/pam_lastlog.so
461 %attr(755,root,root) /%{_lib}/security/pam_limits.so
462 %attr(755,root,root) /%{_lib}/security/pam_listfile.so
463 %attr(755,root,root) /%{_lib}/security/pam_localuser.so
464 %attr(755,root,root) /%{_lib}/security/pam_loginuid.so
465 %attr(755,root,root) /%{_lib}/security/pam_mail.so
466 %attr(755,root,root) /%{_lib}/security/pam_mkhomedir.so
467 %attr(755,root,root) /%{_lib}/security/pam_motd.so
468 %attr(755,root,root) /%{_lib}/security/pam_namespace.so
469 %attr(755,root,root) /%{_lib}/security/pam_nologin.so
470 %attr(755,root,root) /%{_lib}/security/pam_permit.so
471 %attr(755,root,root) /%{_lib}/security/pam_pwexport.so
472 %attr(755,root,root) /%{_lib}/security/pam_pwgen.so
473 %attr(755,root,root) /%{_lib}/security/pam_rhosts_auth.so
474 %attr(755,root,root) /%{_lib}/security/pam_rhosts.so
475 %attr(755,root,root) /%{_lib}/security/pam_rootok.so
476 %attr(755,root,root) /%{_lib}/security/pam_rps.so
477 %attr(755,root,root) /%{_lib}/security/pam_securetty.so
478 %attr(755,root,root) /%{_lib}/security/pam_shells.so
479 %attr(755,root,root) /%{_lib}/security/pam_stress.so
480 %attr(755,root,root) /%{_lib}/security/pam_succeed_if.so
481 %attr(755,root,root) /%{_lib}/security/pam_tally2.so
482 %attr(755,root,root) /%{_lib}/security/pam_tally.so
483 %attr(755,root,root) /%{_lib}/security/pam_time.so
484 %attr(755,root,root) /%{_lib}/security/pam_timestamp.so
485 %attr(755,root,root) /%{_lib}/security/pam_umask.so
486 %attr(755,root,root) /%{_lib}/security/pam_unix.so
487 %attr(755,root,root) /%{_lib}/security/pam_userdb.so
488 %attr(755,root,root) /%{_lib}/security/pam_warn.so
489 %attr(755,root,root) /%{_lib}/security/pam_wheel.so
490 %attr(755,root,root) /%{_lib}/security/pam_xauth.so
493 %defattr(644,root,root,755)
495 %doc doc/{adg,mwg}/Linux-PAM_*.txt
496 %doc doc/{adg,mwg,}/html
498 %attr(755,root,root) %{_libdir}/lib*.so
500 %{_includedir}/security/*.h
504 %defattr(644,root,root,755)
507 %{_libdir}/libpam_misc.a
511 %defattr(644,root,root,755)
512 %attr(755,root,root) /%{_lib}/security/pam_selinux.so
513 %attr(755,root,root) /%{_lib}/security/pam_selinux_permit.so
514 %attr(755,root,root) %{_sbindir}/pam_selinux_check
515 %config(noreplace) %verify(not size mtime md5) /etc/pam.d/pam_selinux_check
516 %config(noreplace) %verify(not size mtime md5) /etc/security/sepermit.conf
517 %{_mandir}/man8/pam_selinux*.8*