1 |
commit: b910c781110ada38d6063098d04775ac8bfd77c2 |
2 |
Author: Mikle Kolyada <zlogene <AT> gentoo <DOT> org> |
3 |
AuthorDate: Wed Dec 25 18:10:47 2019 +0000 |
4 |
Commit: Göktürk Yüksek <gokturk <AT> gentoo <DOT> org> |
5 |
CommitDate: Thu Dec 26 21:53:02 2019 +0000 |
6 |
URL: https://gitweb.gentoo.org/proj/devmanual.git/commit/?id=b910c781 |
7 |
|
8 |
tasks-reference/pam: remove needless pam section |
9 |
|
10 |
Closes: https://github.com/gentoo/devmanual/pull/128 |
11 |
Signed-off-by: Mikle Kolyada <zlogene <AT> gentoo.org> |
12 |
Signed-off-by: Göktürk Yüksek <gokturk <AT> gentoo.org> |
13 |
|
14 |
tasks-reference/pam/text.xml | 36 ++++-------------------------------- |
15 |
1 file changed, 4 insertions(+), 32 deletions(-) |
16 |
|
17 |
diff --git a/tasks-reference/pam/text.xml b/tasks-reference/pam/text.xml |
18 |
index 6aa04d6..62c8ec0 100644 |
19 |
--- a/tasks-reference/pam/text.xml |
20 |
+++ b/tasks-reference/pam/text.xml |
21 |
@@ -16,14 +16,6 @@ With PAM, a program just needs to require authentication for a given login class |
22 |
(defined in a <c>pam.d</c> file), and PAM framework will take care of calling the |
23 |
modules which will provide authentication. |
24 |
</p> |
25 |
- |
26 |
-<p> |
27 |
-There are different PAM implementations. Gentoo Linux, by default, uses the |
28 |
-Linux-PAM implementation which is installed via <c>sys-libs/pam</c>; FreeBSD and |
29 |
-NetBSD (and hence Gentoo/FreeBSD) use OpenPAM, which is a minimal version. The |
30 |
-different implementations can provide different authentication modules, and can |
31 |
-differ in some details of the configuration. |
32 |
-</p> |
33 |
</body> |
34 |
|
35 |
<section> |
36 |
@@ -89,7 +81,7 @@ The statement is composed of 3 or 4 tokens: |
37 |
the module, but this creates problems because not all the systems install the |
38 |
modules in the same place: Linux-PAM on Gentoo is generally set up to load |
39 |
them from <c>/lib/security</c>, but for example on AMD64 this become |
40 |
- <c>/lib64/security</c>, and on OpenPAM they are just in <c>/usr/lib(64)</c>. The |
41 |
+ <c>/lib64/security</c>. The |
42 |
result is that providing the full path will lead to non-working <c>pamd</c> |
43 |
files, and the right way to handle this is just states the module name <d /> the |
44 |
PAM implementation will take care of finding the module. |
45 |
@@ -99,16 +91,6 @@ The statement is composed of 3 or 4 tokens: |
46 |
passed to the module. These are module-dependent. |
47 |
</li> |
48 |
</ul> |
49 |
- |
50 |
-<p> |
51 |
-As the number and the type of modules shipped with the implementation depends on |
52 |
-the implementations themselves (Linux-PAM provides a full working set of |
53 |
-modules, OpenPAM doesn't provide modules at all, and it's the operating system |
54 |
-which provides them, as FreeBSD or NetBSD do), there are just a few modules |
55 |
-which can be used directly in <c>pamd</c> files without the risk of providing a |
56 |
-non-working configuration file: |
57 |
-</p> |
58 |
- |
59 |
<ul> |
60 |
<li> |
61 |
<c>pam_deny.so</c>, <c>pam_permit.so</c> <d /> they just report a failure or a success |
62 |
@@ -163,25 +145,15 @@ completely non-portable. It is not used in all the implementations of Linux-PAM |
63 |
|
64 |
<p> |
65 |
A solution came when AltLinux developers added a new instruction for the control |
66 |
-token: <e>include</e>. That control token can be used on Linux-PAM 0.78 and on |
67 |
-OpenPAM to do the same as a <c>required pam_stack.so</c>, replacing the module name |
68 |
+token: <e>include</e>. That control token can be used since Linux-PAM 0.78 |
69 |
+to do the same as a <c>required pam_stack.so</c>, replacing the module name |
70 |
with the name of the login class to mimic. |
71 |
</p> |
72 |
|
73 |
<p> |
74 |
In this way, instead of loading a module which in turn reloads pam, the option |
75 |
is parsed directly by the PAM implementation which loads the other login class |
76 |
-and takes care of executing it, and the same syntax is valid on both Linux-PAM |
77 |
-and OpenPAM systems. |
78 |
-</p> |
79 |
- |
80 |
-<p> |
81 |
-New packages (and new versions of old packages) should then use the <c>include</c> |
82 |
-directive instead of <c>pam_stack.so</c> module, but to do that they need to depend |
83 |
-on a later version of <c>sys-libs/pam</c> or on <c>sys-libs/openpam</c> (note: openpam |
84 |
-is for now just on G/FreeBSD's project overlay) <d /> to resolve this, |
85 |
-<c>virtual/pam</c> is set up to add the right dependency for the use of the include |
86 |
-directive. |
87 |
+and takes care of executing it. |
88 |
</p> |
89 |
|
90 |
</body> |