123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222 |
- # Description: The Shadow package contains programs for handling passwords in a secure way.
- # URL: http://shadow.pld.org.pl/
- # Maintainer: pkg-shadow-devel@lists.alioth.debian.org
- # Packager: pierre at nutyx dot org
- name=shadow
- version=4.2.1
- release=1
- source=( http://pkg-shadow.alioth.debian.org/releases/shadow-$version.tar.xz)
- build()
- {
- cd shadow-$version
- sed -i 's/groups$(EXEEXT) //' src/Makefile.in
- find man -name Makefile.in -exec sed -i 's/groups\.1 / /' {} \;
- sed -i -e 's@#ENCRYPT_METHOD DES@ENCRYPT_METHOD SHA512@' \
- -e 's@/var/spool/mail@/var/mail@' etc/login.defs
- sed -i 's/1000/999/' etc/useradd
- ./configure --sysconfdir=/etc
- make
- make DESTDIR=$PKG install
- sed -i 's/yes/no/' $PKG/etc/default/useradd
- sed -i 's/GROUP/# GROUP/' $PKG/etc/default/useradd
- mv -v $PKG/usr/bin/* $PKG/bin
- mv -v $PKG/usr/sbin/* $PKG/sbin
- #
- # Following sed comment appropriate lines in etc/login.defs, and stop login
- # from performing these functions. First backup the etc/login.defs
- install -v -m644 $PKG/etc/login.defs{,.orig}
- for FUNCTION in FAIL_DELAY FAILLOG_ENAB \
- LASTLOG_ENAB \
- MAIL_CHECK_ENAB \
- OBSCURE_CHECKS_ENAB \
- PORTTIME_CHECKS_ENAB \
- QUOTAS_ENAB \
- CONSOLE MOTD_FILE \
- FTMP_FILE NOLOGINS_FILE \
- ENV_HZ PASS_MIN_LEN \
- SU_WHEEL_ONLY \
- CRACKLIB_DICTPATH \
- PASS_CHANGE_TRIES \
- PASS_ALWAYS_WARN \
- CHFN_AUTH ENCRYPT_METHOD \
- ENVIRON_FILE
- do
- sed -i "s/^${FUNCTION}/# &/" $PKG/etc/login.defs
- done
- #
- # Configuration files for pam
- mkdir -p $PKG/etc/pam.d
- cat > $PKG/etc/pam.d/system-account << "EOF"
- # Begin /etc/pam.d/system-account
- account required pam_unix.so
- # End /etc/pam.d/system-account
- EOF
- cat > $PKG/etc/pam.d/system-auth << "EOF"
- # Begin /etc/pam.d/system-auth
- auth required pam_unix.so
- # End /etc/pam.d/system-auth
- EOF
- cat > $PKG/etc/pam.d/system-password << "EOF"
- # Begin /etc/pam.d/system-password
- # use sha512 hash for encryption, use shadow, and try to use any previously
- # defined authentication token (chosen password) set by any prior module
- password required pam_pwhistory.so retry=3
- password required pam_unix.so sha512 shadow try_first_pass
- # End /etc/pam.d/system-password
- EOF
- cat > $PKG/etc/pam.d/system-session << "EOF"
- # Begin /etc/pam.d/system-session
- session required pam_unix.so
- session optional pam_loginuid.so
- session optional pam_ck_connector.so nox11
- # End /etc/pam.d/system-session
- EOF
- cat > $PKG/etc/pam.d/login << "EOF"
- # Begin /etc/pam.d/login
- # Set failure delay before next prompt to 3 seconds
- auth optional pam_faildelay.so delay=3000000
- # Check to make sure that the user is allowed to login
- auth requisite pam_nologin.so
- # Check to make sure that root is allowed to login
- # Disabled by default. You will need to create /etc/securetty
- # file for this module to function. See man 5 securetty.
- #auth required pam_securetty.so
- # Additional group memberships - disabled by default
- #auth optional pam_group.so
- # include the default auth settings
- auth include system-auth
- # check access for the user
- account required pam_access.so
- # include the default account settings
- account include system-account
- # Set default environment variables for the user
- session required pam_env.so
- # Set resource limits for the user
- session required pam_limits.so
- # Display date of last login - Disabled by default
- #session optional pam_lastlog.so
- # Display the message of the day - Disabled by default
- #session optional pam_motd.so
- # Check user's mail - Disabled by default
- #session optional pam_mail.so standard quiet
- # include the default session and password settings
- session include system-session
- password include system-password
- # End /etc/pam.d/login
- EOF
- cat > $PKG/etc/pam.d/passwd << "EOF"
- # Begin /etc/pam.d/passwd
- password include system-password
- # End /etc/pam.d/passwd
- EOF
- cat > $PKG/etc/pam.d/su << "EOF"
- # Begin /etc/pam.d/su
- # always allow root
- auth sufficient pam_rootok.so
- auth include system-auth
- # include the default account settings
- account include system-account
- # Set default environment variables for the service user
- session required pam_env.so
- # include system session defaults
- session include system-session
- # End /etc/pam.d/su
- EOF
- cat > $PKG/etc/pam.d/chage << "EOF"
- #Begin /etc/pam.d/chage
- # always allow root
- auth sufficient pam_rootok.so
- # include system defaults for auth account and session
- auth include system-auth
- account include system-account
- session include system-session
- # Always permit for authentication updates
- password required pam_permit.so
- # End /etc/pam.d/chage
- EOF
- for PROGRAM in chfn chgpasswd chpasswd chsh groupadd groupdel \
- groupmems groupmod newusers useradd userdel usermod
- do
- install -v -m644 $PKG/etc/pam.d/chage $PKG/etc/pam.d/${PROGRAM}
- sed -i "s/chage/$PROGRAM/" $PKG/etc/pam.d/${PROGRAM}
- done
- # Backup others
- [ -f $PKG/pam.d/other ] && install -v -m644 $PKG/etc/pam.d/other{,.orig}
- # Other
- #
- cat > $PKG/etc/pam.d/other << "EOF"
- # Begin /etc/pam.d/other
- auth required pam_warn.so
- auth required pam_deny.so
- account required pam_warn.so
- account required pam_deny.so
- password required pam_warn.so
- password required pam_deny.so
- session required pam_warn.so
- session required pam_deny.so
- # End /etc/pam.d/other
- EOF
- # Replace the login and ressource limits file
- if [ -f $PKG/etc/login.access ]; then
- mv -v $PKG/etc/login.access{,.NOUSE}
- fi
- if [ -f $PKG/etc/limits ]; then
- mv -v $PKG/etc/limits{,.NOUSE}
- fi
- rm $PKG/usr/share/man/man8/nologin.8
- rm $PKG/sbin/nologin
- }
|