[gentoo-commits] proj/devmanual:master commit in: tasks-reference/pam/ - gentoo-commits

From:	"Göktürk Yüksek" <gokturk@g.o>
To:	gentoo-commits@l.g.o
Subject:	[gentoo-commits] proj/devmanual:master commit in: tasks-reference/pam/
Date:	Thu, 26 Dec 2019 21:58:22
Message-Id:	`1577397182.b910c781110ada38d6063098d04775ac8bfd77c2.gokturk@gentoo`

1

commit:     b910c781110ada38d6063098d04775ac8bfd77c2

2

Author:     Mikle Kolyada <zlogene <AT> gentoo <DOT> org>

3

AuthorDate: Wed Dec 25 18:10:47 2019 +0000

4

Commit:     Göktürk Yüksek <gokturk <AT> gentoo <DOT> org>

5

CommitDate: Thu Dec 26 21:53:02 2019 +0000

6

URL:        https://gitweb.gentoo.org/proj/devmanual.git/commit/?id=b910c781

7

8

tasks-reference/pam: remove needless pam section

9

10

Closes: https://github.com/gentoo/devmanual/pull/128

11

Signed-off-by: Mikle Kolyada <zlogene <AT> gentoo.org>

12

Signed-off-by: Göktürk Yüksek <gokturk <AT> gentoo.org>

13

14

 tasks-reference/pam/text.xml | 36 ++++--------------------------------

15

 1 file changed, 4 insertions(+), 32 deletions(-)

16

17

diff --git a/tasks-reference/pam/text.xml b/tasks-reference/pam/text.xml

18

index 6aa04d6..62c8ec0 100644

19

--- a/tasks-reference/pam/text.xml

20

+++ b/tasks-reference/pam/text.xml

21

@@ -16,14 +16,6 @@ With PAM, a program just needs to require authentication for a given login class

22

 (defined in a <c>pam.d</c> file), and PAM framework will take care of calling the

23

 modules which will provide authentication.

24

 </p>

25

-

26

-<p>

27

-There are different PAM implementations. Gentoo Linux, by default, uses the

28

-Linux-PAM implementation which is installed via <c>sys-libs/pam</c>; FreeBSD and

29

-NetBSD (and hence Gentoo/FreeBSD) use OpenPAM, which is a minimal version.  The

30

-different implementations can provide different authentication modules, and can

31

-differ in some details of the configuration.

32

-</p>

33

 </body>

34

35

 <section>

36

@@ -89,7 +81,7 @@ The statement is composed of 3 or 4 tokens:

37

     the module, but this creates problems because not all the systems install the

38

     modules in the same place: Linux-PAM on Gentoo is generally set up to load

39

     them from <c>/lib/security</c>, but for example on AMD64 this become

40

-    <c>/lib64/security</c>, and on OpenPAM they are just in <c>/usr/lib(64)</c>. The

41

+    <c>/lib64/security</c>. The

42

     result is that providing the full path will lead to non-working <c>pamd</c>

43

     files, and the right way to handle this is just states the module name <d /> the

44

     PAM implementation will take care of finding the module.

45

@@ -99,16 +91,6 @@ The statement is composed of 3 or 4 tokens:

46

     passed to the module. These are module-dependent.

47

   </li>

48

 </ul>

49

-

50

-<p>

51

-As the number and the type of modules shipped with the implementation depends on

52

-the implementations themselves (Linux-PAM provides a full working set of

53

-modules, OpenPAM doesn't provide modules at all, and it's the operating system

54

-which provides them, as FreeBSD or NetBSD do), there are just a few modules

55

-which can be used directly in <c>pamd</c> files without the risk of providing a

56

-non-working configuration file:

57

-</p>

58

-

59

 <ul>

60

   <li>

61

     <c>pam_deny.so</c>, <c>pam_permit.so</c> <d /> they just report a failure or a success

62

@@ -163,25 +145,15 @@ completely non-portable. It is not used in all the implementations of Linux-PAM

63

64

<p>

65

 A solution came when AltLinux developers added a new instruction for the control

66

-token: <e>include</e>. That control token can be used on Linux-PAM 0.78 and on

67

-OpenPAM to do the same as a <c>required pam_stack.so</c>, replacing the module name

68

+token: <e>include</e>. That control token can be used since Linux-PAM 0.78

69

+to do the same as a <c>required pam_stack.so</c>, replacing the module name

70

 with the name of the login class to mimic.

71

 </p>

72

73

<p>

74

 In this way, instead of loading a module which in turn reloads pam, the option

75

 is parsed directly by the PAM implementation which loads the other login class

76

-and takes care of executing it, and the same syntax is valid on both Linux-PAM

77

-and OpenPAM systems.

78

-</p>

79

-

80

-<p>

81

-New packages (and new versions of old packages) should then use the <c>include</c>

82

-directive instead of <c>pam_stack.so</c> module, but to do that they need to depend

83

-on a later version of <c>sys-libs/pam</c> or on <c>sys-libs/openpam</c> (note: openpam

84

-is for now just on G/FreeBSD's project overlay) <d /> to resolve this,

85

-<c>virtual/pam</c> is set up to add the right dependency for the use of the include

86

-directive.

87

+and takes care of executing it.

88

 </p>

89

90

 </body>

1	commit: b910c781110ada38d6063098d04775ac8bfd77c2
2	Author: Mikle Kolyada <zlogene <AT> gentoo <DOT> org>
3	AuthorDate: Wed Dec 25 18:10:47 2019 +0000
4	Commit: Göktürk Yüksek <gokturk <AT> gentoo <DOT> org>
5	CommitDate: Thu Dec 26 21:53:02 2019 +0000
6	URL: https://gitweb.gentoo.org/proj/devmanual.git/commit/?id=b910c781
7
8	tasks-reference/pam: remove needless pam section
9
10	Closes: https://github.com/gentoo/devmanual/pull/128
11	Signed-off-by: Mikle Kolyada <zlogene <AT> gentoo.org>
12	Signed-off-by: Göktürk Yüksek <gokturk <AT> gentoo.org>
13
14	tasks-reference/pam/text.xml \| 36 ++++--------------------------------
15	1 file changed, 4 insertions(+), 32 deletions(-)
16
17	diff --git a/tasks-reference/pam/text.xml b/tasks-reference/pam/text.xml
18	index 6aa04d6..62c8ec0 100644
19	--- a/tasks-reference/pam/text.xml
20	+++ b/tasks-reference/pam/text.xml
21	@@ -16,14 +16,6 @@ With PAM, a program just needs to require authentication for a given login class
22	(defined in a <c>pam.d</c> file), and PAM framework will take care of calling the
23	modules which will provide authentication.
24	</p>
25	-
26	-<p>
27	-There are different PAM implementations. Gentoo Linux, by default, uses the
28	-Linux-PAM implementation which is installed via <c>sys-libs/pam</c>; FreeBSD and
29	-NetBSD (and hence Gentoo/FreeBSD) use OpenPAM, which is a minimal version. The
30	-different implementations can provide different authentication modules, and can
31	-differ in some details of the configuration.
32	-</p>
33	</body>
34
35	<section>
36	@@ -89,7 +81,7 @@ The statement is composed of 3 or 4 tokens:
37	the module, but this creates problems because not all the systems install the
38	modules in the same place: Linux-PAM on Gentoo is generally set up to load
39	them from <c>/lib/security</c>, but for example on AMD64 this become
40	- <c>/lib64/security</c>, and on OpenPAM they are just in <c>/usr/lib(64)</c>. The
41	+ <c>/lib64/security</c>. The
42	result is that providing the full path will lead to non-working <c>pamd</c>
43	files, and the right way to handle this is just states the module name <d /> the
44	PAM implementation will take care of finding the module.
45	@@ -99,16 +91,6 @@ The statement is composed of 3 or 4 tokens:
46	passed to the module. These are module-dependent.
47	</li>
48	</ul>
49	-
50	-<p>
51	-As the number and the type of modules shipped with the implementation depends on
52	-the implementations themselves (Linux-PAM provides a full working set of
53	-modules, OpenPAM doesn't provide modules at all, and it's the operating system
54	-which provides them, as FreeBSD or NetBSD do), there are just a few modules
55	-which can be used directly in <c>pamd</c> files without the risk of providing a
56	-non-working configuration file:
57	-</p>
58	-
59	<ul>
60	<li>
61	<c>pam_deny.so</c>, <c>pam_permit.so</c> <d /> they just report a failure or a success
62	@@ -163,25 +145,15 @@ completely non-portable. It is not used in all the implementations of Linux-PAM
63
64	<p>
65	A solution came when AltLinux developers added a new instruction for the control
66	-token: <e>include</e>. That control token can be used on Linux-PAM 0.78 and on
67	-OpenPAM to do the same as a <c>required pam_stack.so</c>, replacing the module name
68	+token: <e>include</e>. That control token can be used since Linux-PAM 0.78
69	+to do the same as a <c>required pam_stack.so</c>, replacing the module name
70	with the name of the login class to mimic.
71	</p>
72
73	<p>
74	In this way, instead of loading a module which in turn reloads pam, the option
75	is parsed directly by the PAM implementation which loads the other login class
76	-and takes care of executing it, and the same syntax is valid on both Linux-PAM
77	-and OpenPAM systems.
78	-</p>
79	-
80	-<p>
81	-New packages (and new versions of old packages) should then use the <c>include</c>
82	-directive instead of <c>pam_stack.so</c> module, but to do that they need to depend
83	-on a later version of <c>sys-libs/pam</c> or on <c>sys-libs/openpam</c> (note: openpam
84	-is for now just on G/FreeBSD's project overlay) <d /> to resolve this,
85	-<c>virtual/pam</c> is set up to add the right dependency for the use of the include
86	-directive.
87	+and takes care of executing it.
88	</p>
89
90	</body>

Gentoo Archives: gentoo-commits