3 %bcond_without audit # don't build audit log plugin
4 %bcond_without ldap # build without LDAP support
5 %bcond_without selinux # build without SELinux support
6 %bcond_with bioapi # with BioAPI support in passwd
7 %bcond_with gnutls # use GnuTLS instead of OpenSSL
9 Summary: Utilities to manage the passwd and shadow user information
10 Summary(pl.UTF-8): Narzędzia do zarządzania informacjami o użytkownikach z passwd i shadow
16 #Source0: ftp://ftp.kernel.org/pub/linux/utils/net/NIS/%{name}-%{version}.tar.bz2
17 Source0: http://www.linux-nis.org/download/pwdutils/%{name}-%{version}.tar.bz2
18 # Source0-md5: 25a77a0ab376eacf24ad5eab7af4cdce
19 Source1: %{name}.useradd
20 Source2: %{name}.rpasswdd.init
21 Source3: %{name}.login.defs
28 Source10: rpasswd.pamd
29 Patch0: %{name}-f-option.patch
30 Patch1: %{name}-no_bash.patch
31 Patch2: %{name}-silent_crontab.patch
32 Patch3: %{name}-pl.po-update.patch
33 Patch4: %{name}-selinux.patch
34 Patch5: %{name}-am.patch
35 Patch6: %{name}-libc-lock.patch
36 Patch7: %{name}-format-security.patch
38 URL: http://www.thkukuk.de/pam/pwdutils/
39 %{?with_audit:BuildRequires: audit-libs-devel}
40 BuildRequires: autoconf
41 BuildRequires: automake >= 1:1.9
42 %{?with_bioapi:BuildRequires: bioapi-devel}
43 BuildRequires: gcc >= 5:3.2
44 BuildRequires: gettext-tools
45 %{?with_gnutls:BuildRequires: gnutls-devel >= 1.0.0}
46 BuildRequires: libnscd-devel
47 %{?with_selinux:BuildRequires: libselinux-devel}
48 BuildRequires: libtool
49 BuildRequires: libxcrypt-devel
50 %{?with_ldap:BuildRequires: openldap-devel >= 2.3.0}
51 BuildRequires: openslp-devel
52 %{!?with_gnutls:BuildRequires: openssl-devel >= 0.9.7d}
53 BuildRequires: pam-devel
54 BuildRequires: rpmbuild(macros) >= 1.268
55 BuildRequires: sed >= 4.0
56 Requires: pam >= 0.99.7.1
58 Provides: shadow = 2:%{version}-%{release}
59 Provides: shadow-extras = 2:%{version}-%{release}
61 Obsoletes: shadow-extras
62 Obsoletes: shadow-utils
63 Conflicts: util-linux < 2.12-10
64 BuildRoot: %{tmpdir}/%{name}-%{version}-root-%(id -u -n)
66 # for pam module in /%{_lib}/security
67 %define _libdir /%{_lib}
70 pwdutils is a collection of utilities to manage the passwd and shadow
71 user information. The difference to the shadow suite is that these
72 utilities can also modify the information stored in NIS, NIS+, or
73 LDAP. PAM is used for user authentication and changing the pasword. It
74 contains passwd, chage, chfn, chsh, and a daemon for changing the
75 password on a remote machine over a secure SSL connection. The daemon
76 also uses PAM so that it can change passwords independent of where
79 %description -l pl.UTF-8
80 pwdutils to zestaw narzędzi do zarządzania informacjami o
81 użytkownikach z passwd i shadow. Różnica w stosunku do pakietu shadow
82 polega na tym, że te narzędzia mogą także modyfikować informacje
83 zapisane w bazie NIS, NIS+ lub LDAP. PAM jest używany do
84 uwierzytelniania użytkowników i zmiany haseł. Zestaw zawiera passwd,
85 chage, chfn, chsh oraz demona do zmiany hasła na zdalnej maszynie po
86 bezpiecznym połączeniu SSL. Demon także używa PAM, więc można zmieniać
87 hasła niezależnie od tego, gdzie są przechowywane.
90 Summary: audit log plugin for pwdutils
91 Summary(pl.UTF-8): Wtyczka logująca audit dla pwdutils
93 Requires: %{name} = %{version}-%{release}
95 %description log-audit
96 audit log plugin for pwdutils.
98 %description log-audit -l pl.UTF-8
99 Wtyczka logująca audit dla pwdutils.
102 Summary: Remote password update client
103 Summary(pl.UTF-8): Klient do zdalnego uaktualniania haseł
104 Group: Applications/System
106 %description -n rpasswd
107 rpasswd changes passwords for user accounts on a remote server over a
108 secure SSL connection. A normal user may only change the password for
109 their own account, if the user knows the password of the administrator
110 account (in the moment this is the root password on the server), he
111 may change the password for any account if he calls rpasswd with the
114 %description -n rpasswd -l pl.UTF-8
115 rpasswd pozwala zmieniać hasła użytkowników na zdalnym serwerze przy
116 użyciu bezpiecznego połączenia SSL. Zwykły użytkownik może zmienić
117 jedynie swoje hasło, a jeśli zna hasło administratora (obecnie jest to
118 hasło roota na serwerze), może zmienić hasło dla dowolnego konta
119 wywołując rpasswd z opcją -a.
122 Summary: Remote password update daemon
123 Summary(pl.UTF-8): Demon do zdalnego uaktualniania haseł
124 Group: Applications/System
125 Requires(post,preun): /sbin/chkconfig
128 %description -n rpasswdd
129 rpasswdd is a daemon that lets users change their passwords in the
130 presence of a directory service like NIS, NIS+ or LDAP over a secure
131 SSL connection. rpasswdd behaves like the normal passwd(1) program and
132 uses PAM for authentication and changing the password, so it can be
133 configured very flexible for the local requirements.
135 %description -n rpasswdd -l pl.UTF-8
136 rpasswdd to demon pozwalający użytkownikom zmieniać hasła w obecności
137 usług katalogowych takich jak NIS, NIS+ czy LDAP po bezpiecznym
138 połączeniu SSL. rpasswdd zachowuje się tak, jak normalny program
139 passwd(1) i używam PAM do uwierzytelniania i zmiany haseł, więc może
140 być bardzo elastycznie konfigurowany dla lokalnych wymagań.
142 %package -n pam-pam_rpasswd
143 Summary: pam_rpasswd - PAM module to change remote password
144 Summary(pl.UTF-8): pam_rpasswd - moduł PAM do zdalnej zmiany hasła
146 # rpasswd.conf is in rpasswd
147 Requires: rpasswd = %{version}-%{release}
149 %description -n pam-pam_rpasswd
150 The pam_rpasswd PAM module is for changing the password of user
151 accounts on a remote server over a secure SSL connection. It only
152 provides functionality for one PAM management group: password
155 %description -n pam-pam_rpasswd -l pl.UTF-8
156 Moduł PAM pam_rpasswd służy do zmiany haseł dla kont użytkowników na
157 zdalnym serwerze po bezpiecznym połączeniu SSL. Udostępnia
158 funkcjonalność tylko dla jednej grupy zarządzania PAM: zmiany haseł.
182 %{?with_bioapi:CPPFLAGS="-I/usr/include/bioapi"} \
183 %{!?with_bioapi:ac_cv_header_bioapi_h=no ac_cv_lib_bioapi100_BioAPI_Init=no} \
184 %{?with_audit:--enable-audit-plugin} \
185 %{!?with_gnutls:--disable-gnutls} \
186 --%{?with_ldap:en}%{!?with_ldap:dis}able-ldap \
188 --enable-pam_rpasswd \
189 --%{?with_selinux:en}%{!?with_selinux:dis}able-selinux \
195 rm -rf $RPM_BUILD_ROOT
196 install -d $RPM_BUILD_ROOT/etc/{rc.d/init.d,pwdutils,security,skel/{etc,tmp}}
199 DESTDIR=$RPM_BUILD_ROOT
201 mv -f $RPM_BUILD_ROOT%{_sbindir}/*.local $RPM_BUILD_ROOT%{_sysconfdir}/pwdutils
202 install %{SOURCE1} $RPM_BUILD_ROOT%{_sysconfdir}/default/useradd
203 install %{SOURCE2} $RPM_BUILD_ROOT/etc/rc.d/init.d/rpasswdd
204 install %{SOURCE3} $RPM_BUILD_ROOT%{_sysconfdir}/login.defs
206 install %{SOURCE4} $RPM_BUILD_ROOT/etc/pam.d/chage
207 install %{SOURCE5} $RPM_BUILD_ROOT/etc/pam.d/chfn
208 install %{SOURCE6} $RPM_BUILD_ROOT/etc/pam.d/chsh
209 install %{SOURCE7} $RPM_BUILD_ROOT/etc/pam.d/passwd
210 install %{SOURCE8} $RPM_BUILD_ROOT/etc/pam.d/useradd
211 install %{SOURCE9} $RPM_BUILD_ROOT/etc/pam.d/shadow
212 install %{SOURCE10} $RPM_BUILD_ROOT/etc/pam.d/rpasswd
214 %{__rm} $RPM_BUILD_ROOT%{_libdir}/pwdutils/*.{la,a}
215 %{__rm} $RPM_BUILD_ROOT/%{_lib}/security/pam_*.la
216 %{__rm} $RPM_BUILD_ROOT%{_sysconfdir}/init.d/rpasswdd
218 :> $RPM_BUILD_ROOT%{_sysconfdir}/shadow
219 :> $RPM_BUILD_ROOT/etc/security/chfn.allow
220 :> $RPM_BUILD_ROOT/etc/security/chsh.allow
225 rm -rf $RPM_BUILD_ROOT
228 if [ ! -f %{_sysconfdir}/shadow ]; then
233 /sbin/chkconfig --add rpasswdd
234 %service rpasswdd restart "rpasswdd daemon"
237 if [ "$1" = "0" ]; then
238 %service rpasswdd stop
239 /sbin/chkconfig --del rpasswdd
242 %files -f %{name}.lang
243 %defattr(644,root,root,755)
244 %doc AUTHORS ChangeLog NEWS README THANKS TODO
245 %attr(600,root,root) %config(noreplace) %verify(not md5 mtime size) %ghost %{_sysconfdir}/shadow
246 %attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/default/*
247 %attr(750,root,root) %dir %{_sysconfdir}/%{name}
248 %attr(750,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/%{name}/*.local
249 %attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/%{name}/logging
250 %attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) /etc/pam.d/chage
251 %attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) /etc/pam.d/chfn
252 %attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) /etc/pam.d/chsh
253 %attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) /etc/pam.d/passwd
254 %attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) /etc/pam.d/useradd
255 %attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) /etc/pam.d/shadow
256 %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/login.defs
257 %attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) /etc/security/chfn.allow
258 %attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) /etc/security/chsh.allow
260 %dir %config(missingok) %attr(700,root,root) /etc/skel/tmp
261 %attr(755,root,root) %{_bindir}/chage
262 %attr(4755,root,root) %{_bindir}/chfn
263 %attr(4755,root,root) %{_bindir}/chsh
264 %attr(4755,root,root) %{_bindir}/expiry
265 %attr(4755,root,root) %{_bindir}/gpasswd
266 %attr(4755,root,root) %{_bindir}/newgrp
267 %attr(4755,root,root) %{_bindir}/passwd
268 %attr(4755,root,root) %{_bindir}/sg
269 %attr(755,root,root) %{_sbindir}/chpasswd
270 %attr(755,root,root) %{_sbindir}/groupadd
271 %attr(755,root,root) %{_sbindir}/groupdel
272 %attr(755,root,root) %{_sbindir}/groupmod
273 %attr(755,root,root) %{_sbindir}/grpconv
274 %attr(755,root,root) %{_sbindir}/grpck
275 %attr(755,root,root) %{_sbindir}/grpunconv
276 %attr(755,root,root) %{_sbindir}/pwconv
277 %attr(755,root,root) %{_sbindir}/pwck
278 %attr(755,root,root) %{_sbindir}/pwunconv
279 %attr(755,root,root) %{_sbindir}/useradd
280 %attr(755,root,root) %{_sbindir}/userdel
281 %attr(755,root,root) %{_sbindir}/usermod
282 %attr(755,root,root) %{_sbindir}/vigr
283 %attr(755,root,root) %{_sbindir}/vipw
284 %dir %{_libdir}/pwdutils
285 %attr(755,root,root) %{_libdir}/pwdutils/liblog_syslog.so*
286 %{_mandir}/man1/chage.1*
287 %{_mandir}/man1/chfn.1*
288 %{_mandir}/man1/chsh.1*
289 %{_mandir}/man1/expiry.1*
290 %{_mandir}/man1/gpasswd.1*
291 %{_mandir}/man1/newgrp.1*
292 %{_mandir}/man1/passwd.1*
293 %{_mandir}/man1/sg.1*
294 %{_mandir}/man5/login.defs.5*
295 %{_mandir}/man8/chpasswd.8*
296 %{_mandir}/man8/groupadd.8*
297 %{_mandir}/man8/groupdel.8*
298 %{_mandir}/man8/groupmod.8*
299 %{_mandir}/man8/grpck.8*
300 %{_mandir}/man8/grpconv.8*
301 %{_mandir}/man8/grpunconv.8*
302 %{_mandir}/man8/pwck.8*
303 %{_mandir}/man8/pwconv.8*
304 %{_mandir}/man8/pwunconv.8*
305 %{_mandir}/man8/useradd.8*
306 %{_mandir}/man8/userdel.8*
307 %{_mandir}/man8/usermod.8*
308 %{_mandir}/man8/vigr.8*
309 %{_mandir}/man8/vipw.8*
313 %defattr(644,root,root,755)
314 %attr(755,root,root) %{_libdir}/pwdutils/liblog_audit.so*
318 %defattr(644,root,root,755)
319 %attr(755,root,root) %{_bindir}/rpasswd
320 %attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/rpasswd.conf
321 %{_mandir}/man1/rpasswd.1*
322 %{_mandir}/man5/rpasswd.conf.5*
325 %defattr(644,root,root,755)
326 %attr(755,root,root) %{_sbindir}/rpasswdd
327 %attr(754,root,root) /etc/rc.d/init.d/rpasswdd
328 %attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) /etc/pam.d/rpasswd
329 %{_mandir}/man8/rpasswdd.8*
331 %files -n pam-pam_rpasswd
332 %defattr(644,root,root,755)
333 %attr(755,root,root) /%{_lib}/security/pam_rpasswd.so
334 %{_mandir}/man8/pam_rpasswd.8*