3 %bcond_without audit # don't build audit log plugin
4 %bcond_without ldap # build without LDAP support
5 %bcond_without selinux # build without SELinux support
6 %bcond_with bioapi # with BioAPI support in passwd
7 %bcond_with gnutls # use GnuTLS instead of OpenSSL
9 Summary: Utilities to manage the passwd and shadow user information
10 Summary(pl.UTF-8): Narzędzia do zarządzania informacjami o użytkownikach z passwd i shadow
16 #Source0: ftp://ftp.kernel.org/pub/linux/utils/net/NIS/%{name}-%{version}.tar.bz2
17 Source0: http://www.linux-nis.org/download/pwdutils/%{name}-%{version}.tar.bz2
18 # Source0-md5: 25a77a0ab376eacf24ad5eab7af4cdce
19 Source1: %{name}.useradd
20 Source2: %{name}.rpasswdd.init
21 Source3: %{name}.login.defs
28 Source10: rpasswd.pamd
29 Patch0: %{name}-f-option.patch
30 Patch1: %{name}-no_bash.patch
31 Patch2: %{name}-silent_crontab.patch
32 Patch3: %{name}-pl.po-update.patch
33 Patch4: %{name}-selinux.patch
34 Patch5: %{name}-am.patch
35 Patch6: %{name}-libc-lock.patch
36 Patch7: %{name}-format-security.patch
37 URL: http://www.thkukuk.de/pam/pwdutils/
38 %{?with_audit:BuildRequires: audit-libs-devel}
39 BuildRequires: autoconf
40 BuildRequires: automake >= 1:1.9
41 %{?with_bioapi:BuildRequires: bioapi-devel}
42 BuildRequires: gcc >= 5:3.2
43 BuildRequires: gettext-devel
44 %{?with_gnutls:BuildRequires: gnutls-devel >= 1.0.0}
45 BuildRequires: libnscd-devel
46 %{?with_selinux:BuildRequires: libselinux-devel}
47 BuildRequires: libtool
48 BuildRequires: libxcrypt-devel
49 %{?with_ldap:BuildRequires: openldap-devel >= 2.4.6}
50 BuildRequires: openslp-devel
51 %{!?with_gnutls:BuildRequires: openssl-devel >= 0.9.7d}
52 BuildRequires: pam-devel
53 BuildRequires: rpmbuild(macros) >= 1.268
54 BuildRequires: sed >= 4.0
55 Requires: pam >= 0.99.7.1
56 Provides: shadow = 2:%{version}-%{release}
57 Provides: shadow-extras = 2:%{version}-%{release}
59 Obsoletes: shadow-extras
60 Obsoletes: shadow-utils
61 Conflicts: util-linux < 2.12-10
62 BuildRoot: %{tmpdir}/%{name}-%{version}-root-%(id -u -n)
64 # for pam module in /%{_lib}/security
65 %define _libdir /%{_lib}
68 pwdutils is a collection of utilities to manage the passwd and shadow
69 user information. The difference to the shadow suite is that these
70 utilities can also modify the information stored in NIS, NIS+, or
71 LDAP. PAM is used for user authentication and changing the pasword. It
72 contains passwd, chage, chfn, chsh, and a daemon for changing the
73 password on a remote machine over a secure SSL connection. The daemon
74 also uses PAM so that it can change passwords independent of where
77 %description -l pl.UTF-8
78 pwdutils to zestaw narzędzi do zarządzania informacjami o
79 użytkownikach z passwd i shadow. Różnica w stosunku do pakietu shadow
80 polega na tym, że te narzędzia mogą także modyfikować informacje
81 zapisane w bazie NIS, NIS+ lub LDAP. PAM jest używany do
82 uwierzytelniania użytkowników i zmiany haseł. Zestaw zawiera passwd,
83 chage, chfn, chsh oraz demona do zmiany hasła na zdalnej maszynie po
84 bezpiecznym połączeniu SSL. Demon także używa PAM, więc można zmieniać
85 hasła niezależnie od tego, gdzie są przechowywane.
88 Summary: audit log plugin for pwdutils
89 Summary(pl.UTF-8): Wtyczka logująca audit dla pwdutils
91 Requires: %{name} = %{version}-%{release}
93 %description log-audit
94 audit log plugin for pwdutils.
96 %description log-audit -l pl.UTF-8
97 Wtyczka logująca audit dla pwdutils.
100 Summary: Remote password update client
101 Summary(pl.UTF-8): Klient do zdalnego uaktualniania haseł
102 Group: Applications/System
104 %description -n rpasswd
105 rpasswd changes passwords for user accounts on a remote server over a
106 secure SSL connection. A normal user may only change the password for
107 their own account, if the user knows the password of the administrator
108 account (in the moment this is the root password on the server), he
109 may change the password for any account if he calls rpasswd with the
112 %description -n rpasswd -l pl.UTF-8
113 rpasswd pozwala zmieniać hasła użytkowników na zdalnym serwerze przy
114 użyciu bezpiecznego połączenia SSL. Zwykły użytkownik może zmienić
115 jedynie swoje hasło, a jeśli zna hasło administratora (obecnie jest to
116 hasło roota na serwerze), może zmienić hasło dla dowolnego konta
117 wywołując rpasswd z opcją -a.
120 Summary: Remote password update daemon
121 Summary(pl.UTF-8): Demon do zdalnego uaktualniania haseł
122 Group: Applications/System
123 Requires(post,preun): /sbin/chkconfig
126 %description -n rpasswdd
127 rpasswdd is a daemon that lets users change their passwords in the
128 presence of a directory service like NIS, NIS+ or LDAP over a secure
129 SSL connection. rpasswdd behaves like the normal passwd(1) program and
130 uses PAM for authentication and changing the password, so it can be
131 configured very flexible for the local requirements.
133 %description -n rpasswdd -l pl.UTF-8
134 rpasswdd to demon pozwalający użytkownikom zmieniać hasła w obecności
135 usług katalogowych takich jak NIS, NIS+ czy LDAP po bezpiecznym
136 połączeniu SSL. rpasswdd zachowuje się tak, jak normalny program
137 passwd(1) i używam PAM do uwierzytelniania i zmiany haseł, więc może
138 być bardzo elastycznie konfigurowany dla lokalnych wymagań.
140 %package -n pam-pam_rpasswd
141 Summary: pam_rpasswd - PAM module to change remote password
142 Summary(pl.UTF-8): pam_rpasswd - moduł PAM do zdalnej zmiany hasła
144 # rpasswd.conf is in rpasswd
145 Requires: rpasswd = %{version}-%{release}
147 %description -n pam-pam_rpasswd
148 The pam_rpasswd PAM module is for changing the password of user
149 accounts on a remote server over a secure SSL connection. It only
150 provides functionality for one PAM management group: password
153 %description -n pam-pam_rpasswd -l pl.UTF-8
154 Moduł PAM pam_rpasswd służy do zmiany haseł dla kont użytkowników na
155 zdalnym serwerze po bezpiecznym połączeniu SSL. Udostępnia
156 funkcjonalność tylko dla jednej grupy zarządzania PAM: zmiany haseł.
179 %{?with_bioapi:CPPFLAGS="-I/usr/include/bioapi"} \
180 %{!?with_bioapi:ac_cv_header_bioapi_h=no ac_cv_lib_bioapi100_BioAPI_Init=no} \
181 %{?with_audit:--enable-audit-plugin} \
182 %{!?with_gnutls:--disable-gnutls} \
183 --%{?with_ldap:en}%{!?with_ldap:dis}able-ldap \
185 --enable-pam_rpasswd \
186 --%{?with_selinux:en}%{!?with_selinux:dis}able-selinux \
192 rm -rf $RPM_BUILD_ROOT
193 install -d $RPM_BUILD_ROOT/etc/{rc.d/init.d,pwdutils,security,skel/{etc,tmp}}
196 DESTDIR=$RPM_BUILD_ROOT
198 mv -f $RPM_BUILD_ROOT%{_sbindir}/*.local $RPM_BUILD_ROOT%{_sysconfdir}/pwdutils
199 install %{SOURCE1} $RPM_BUILD_ROOT%{_sysconfdir}/default/useradd
200 install %{SOURCE2} $RPM_BUILD_ROOT/etc/rc.d/init.d/rpasswdd
201 install %{SOURCE3} $RPM_BUILD_ROOT%{_sysconfdir}/login.defs
203 install %{SOURCE4} $RPM_BUILD_ROOT/etc/pam.d/chage
204 install %{SOURCE5} $RPM_BUILD_ROOT/etc/pam.d/chfn
205 install %{SOURCE6} $RPM_BUILD_ROOT/etc/pam.d/chsh
206 install %{SOURCE7} $RPM_BUILD_ROOT/etc/pam.d/passwd
207 install %{SOURCE8} $RPM_BUILD_ROOT/etc/pam.d/useradd
208 install %{SOURCE9} $RPM_BUILD_ROOT/etc/pam.d/shadow
209 install %{SOURCE10} $RPM_BUILD_ROOT/etc/pam.d/rpasswd
211 %{__rm} $RPM_BUILD_ROOT%{_libdir}/pwdutils/*.{la,a}
212 %{__rm} $RPM_BUILD_ROOT/%{_lib}/security/pam_*.la
213 %{__rm} $RPM_BUILD_ROOT%{_sysconfdir}/init.d/rpasswdd
215 :> $RPM_BUILD_ROOT%{_sysconfdir}/shadow
216 :> $RPM_BUILD_ROOT/etc/security/chfn.allow
217 :> $RPM_BUILD_ROOT/etc/security/chsh.allow
222 rm -rf $RPM_BUILD_ROOT
225 if [ ! -f %{_sysconfdir}/shadow ]; then
230 /sbin/chkconfig --add rpasswdd
231 %service rpasswdd restart "rpasswdd daemon"
234 if [ "$1" = "0" ]; then
235 %service rpasswdd stop
236 /sbin/chkconfig --del rpasswdd
239 %files -f %{name}.lang
240 %defattr(644,root,root,755)
241 %doc AUTHORS ChangeLog NEWS README THANKS TODO
242 %attr(600,root,root) %config(noreplace) %verify(not md5 mtime size) %ghost %{_sysconfdir}/shadow
243 %attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/default/*
244 %attr(750,root,root) %dir %{_sysconfdir}/%{name}
245 %attr(750,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/%{name}/*.local
246 %attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/%{name}/logging
247 %attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) /etc/pam.d/chage
248 %attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) /etc/pam.d/chfn
249 %attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) /etc/pam.d/chsh
250 %attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) /etc/pam.d/passwd
251 %attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) /etc/pam.d/useradd
252 %attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) /etc/pam.d/shadow
253 %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/login.defs
254 %attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) /etc/security/chfn.allow
255 %attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) /etc/security/chsh.allow
257 %dir %config(missingok) %attr(700,root,root) /etc/skel/tmp
258 %attr(755,root,root) %{_bindir}/chage
259 %attr(4755,root,root) %{_bindir}/chfn
260 %attr(4755,root,root) %{_bindir}/chsh
261 %attr(4755,root,root) %{_bindir}/expiry
262 %attr(4755,root,root) %{_bindir}/gpasswd
263 %attr(4755,root,root) %{_bindir}/newgrp
264 %attr(4755,root,root) %{_bindir}/passwd
265 %attr(4755,root,root) %{_bindir}/sg
266 %attr(755,root,root) %{_sbindir}/chpasswd
267 %attr(755,root,root) %{_sbindir}/groupadd
268 %attr(755,root,root) %{_sbindir}/groupdel
269 %attr(755,root,root) %{_sbindir}/groupmod
270 %attr(755,root,root) %{_sbindir}/grpconv
271 %attr(755,root,root) %{_sbindir}/grpck
272 %attr(755,root,root) %{_sbindir}/grpunconv
273 %attr(755,root,root) %{_sbindir}/pwconv
274 %attr(755,root,root) %{_sbindir}/pwck
275 %attr(755,root,root) %{_sbindir}/pwunconv
276 %attr(755,root,root) %{_sbindir}/useradd
277 %attr(755,root,root) %{_sbindir}/userdel
278 %attr(755,root,root) %{_sbindir}/usermod
279 %attr(755,root,root) %{_sbindir}/vigr
280 %attr(755,root,root) %{_sbindir}/vipw
281 %dir %{_libdir}/pwdutils
282 %attr(755,root,root) %{_libdir}/pwdutils/liblog_syslog.so*
283 %{_mandir}/man1/chage.1*
284 %{_mandir}/man1/chfn.1*
285 %{_mandir}/man1/chsh.1*
286 %{_mandir}/man1/expiry.1*
287 %{_mandir}/man1/gpasswd.1*
288 %{_mandir}/man1/newgrp.1*
289 %{_mandir}/man1/passwd.1*
290 %{_mandir}/man1/sg.1*
291 %{_mandir}/man5/login.defs.5*
292 %{_mandir}/man8/chpasswd.8*
293 %{_mandir}/man8/groupadd.8*
294 %{_mandir}/man8/groupdel.8*
295 %{_mandir}/man8/groupmod.8*
296 %{_mandir}/man8/grpck.8*
297 %{_mandir}/man8/grpconv.8*
298 %{_mandir}/man8/grpunconv.8*
299 %{_mandir}/man8/pwck.8*
300 %{_mandir}/man8/pwconv.8*
301 %{_mandir}/man8/pwunconv.8*
302 %{_mandir}/man8/useradd.8*
303 %{_mandir}/man8/userdel.8*
304 %{_mandir}/man8/usermod.8*
305 %{_mandir}/man8/vigr.8*
306 %{_mandir}/man8/vipw.8*
310 %defattr(644,root,root,755)
311 %attr(755,root,root) %{_libdir}/pwdutils/liblog_audit.so*
315 %defattr(644,root,root,755)
316 %attr(755,root,root) %{_bindir}/rpasswd
317 %attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/rpasswd.conf
318 %{_mandir}/man1/rpasswd.1*
319 %{_mandir}/man5/rpasswd.conf.5*
322 %defattr(644,root,root,755)
323 %attr(755,root,root) %{_sbindir}/rpasswdd
324 %attr(754,root,root) /etc/rc.d/init.d/rpasswdd
325 %attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) /etc/pam.d/rpasswd
326 %{_mandir}/man8/rpasswdd.8*
328 %files -n pam-pam_rpasswd
329 %defattr(644,root,root,755)
330 %attr(755,root,root) /%{_lib}/security/pam_rpasswd.so
331 %{_mandir}/man8/pam_rpasswd.8*