Jason's Home Page - Linux HOWTOs

pam - Linux PAM - Pluggable Authentication Modules ChangeLog

Web site:

http://www.kernel.org/pub/linux/libs/pam/

HOWTO

# Linux-PAM 0.99.6.3
# ==================
# Due to security concerns and thinking it's more trouble than it's worth,
# Slackware does not include PAM.

# Prerequisites:
# bison
# flex
# grep
# Berkeley DB (bdb)
# sgml2txt, sgml2html, sgml2latex (optional; Slackware includes these in
#  it's sgml-tools/linuxdoc-tools packages)
# ghostscript's ps2pdf (optional)
# cracklib (optional; without it you won't get pam_cracklib)

# Below, there's a part I run to blow away old library files to ensure that
# there aren't any extra files lying around that aren't in use.  If you
# run a multi-user system where PAM-linked apps may be in use while you
# upgrade PAM or if a daemon is running that uses PAM, you may want to skip
# the part that cleans out libpam* from /lib below and clean up old files
# manually when you're done with the upgrade.

# There used to be a blurb in here to install an old version of cracklib
# under the /usr prefix.  If you did that, remove it by following the
# uninstall instructions at the bottom of the cracklib howto, then install
# the new version covered in there.  Then come back here and continue with
# the rest.

# Now grab, build, and install Linux-PAM:
cd
test -f installed/Linux-PAM-0.99.6.3.tar.bz2 &&
mv installed/Linux-PAM-0.99.6.3.tar.bz2 .
test ! -f Linux-PAM-0.99.6.3.tar.bz2 &&
wget http://ftp.kernel.org/pub/linux/libs/pam/pre/library/\
Linux-PAM-0.99.6.3.tar.bz2

# Verify tarball w/ md5sum:
# (this came from my gpg-verified tarball)
echo "4c2830ed55a41e795af6a482009a036c  Linux-PAM-0.99.6.3.tar.bz2" | \
md5sum -c

# Verify tarball w/ sha1sum:
# (this also came from my gpg-verified tarball)
echo "984f86b5a767fba1572c7963b8f8c997132fff2b  Linux-PAM-0.99.6.3.tar.\
bz2" | sha1sum -c

# Verify tarball w/ gpg:
( gpg --list-keys 517D0F0E > /dev/null 2>&1 || gpg --recv-keys 517D0F0E ) &&
wget -nc ftp://ftp.kernel.org/pub/linux/libs/pam/pre/library/\
Linux-PAM-0.99.6.3.tar.bz2.sign &&
  gpg --verify Linux-PAM-0.99.6.3.tar.bz2.sign &&
   rm Linux-PAM-0.99.6.3.tar.bz2.sign

mkdir -p -m 0700 src
cd src
find -maxdepth 1 -type d -name "Linux-PAM-*" -exec rm -r {} \;
tar xjvf ~/Linux-PAM-0.99.6.3.tar.bz2
cd Linux-PAM-0.99.6.3
test $UID = 0 && chown -R root:root .
./configure --mandir=/usr/man

# Not sure about this version, but older versions would fail if you didn't
# have tex installed.  If that appears to be happening to you, try 'make -i'
# to skip the docs it's unable to build.  You'll need to run 'make -i
# install' too.

make

# Become root to clean up old files and to install it
su

# Backup your /etc/security files (if you have any):
test -d /etc/security &&
( mkdir -p -m 0700 ~/backup
   cd /etc/security
   tar cjvf ~/backup/pam-etc-security-`date +%Y%m%d`.tar.bz2 . )

( cd /lib ; rm -f libpam.* libpamc.* libpam_misc.* )
make install
chown -R $USER .

# Put the various files in /etc/pam.d (other, login, sshd, ...).
# There's a sample pam.conf in the conf subdirectory of the source and you
# can also get some examples from the pam_ldap source.
# And here: http://englanders.cc/pub/linux/misc/shadow-pamfiles.tgz
mkdir -p /etc/pam.d
cd /etc/pam.d

# Become yourself again
exit

cd
mkdir -p -m 0700 installed
rm -f installed/Linux-PAM-*.tar.*
mv Linux-PAM-0.99.6.3.tar.bz2 installed/

# If you ever want to uninstall Linux-PAM, this should do it:
cd
su
test -d src/Linux-PAM-* && ( cd src/Linux-PAM-* ; make uninstall )
( cd /lib ; rm -f libpam.* libpam_misc.* libpamc.* ; ldconfig )
test -d /lib/security && rm -r /lib/security
( cd /sbin ; rm -f pam_tally unix_chkpwd )
test -d /usr/include/security && rm -r /usr/include/security
( cd /usr/man/man3 ; rm -f pam_authenticate.3 pam_fail_delay.3 \
  pam_setcred.3 pam_chauthtok.3 pam_get_item.3 pam_start.3 \
  pam_close_session.3 pam_open_session.3 pam_strerror.3 pam_end.3 \
  pam_set_item.3 )
( cd /usr/man/man8 ; rm -f pam.8 pam.conf.8 pam.d.8 pam_localuser.8 \
  pam_succeed_if.8 pam_xauth.8 )
ldconfig
exit
find ~/src -maxdepth 1 -type d -name "Linux-PAM-*" -exec rm -r {} \;
rm -f ~/installed/Linux-PAM-*.tar.*