mirrors/pam-modules
1
0
Fork 0
mirror of git://git.gnu.org.ua/pam-modules.git synced 2025-04-26 08:29:54 +03:00
Code Issues Projects Releases Packages Wiki Activity Actions

Version 1.9

Browse source 
* NEWS: Update version number.
* configure.ac: Likewise.
* doc/pam_ldaphome.8in: Reorder configuration statements.
* pamck/pamck.c: Update copyright years.
This commit is contained in:
Sergey Poznyakoff 2014-05-21 23:01:50 +03:00
parent 3e9c3f3c3b
commit d953e91e23
4 changed files with 67 additions and 57 deletions
Download patch file Download diff file Expand all files Collapse all files

4
NEWS
View file

@ -5,7 +5,7 @@ See the end of file for copying conditions.
Please send pam-modules bug reports to <bug-pam-modules@gnu.org.ua> Please send pam-modules bug reports to <bug-pam-modules@gnu.org.ua>
Version 1.8.93, (Git) Version 1.9, 2014-05-21
* New module pam_groupmember * New module pam_groupmember
@ -168,7 +168,7 @@ Version 0.1
========================================================================= =========================================================================
Copyright information: Copyright information:
Copyright (C) 2001, 2004-2005, 2007-2012 Sergey Poznyakoff Copyright (C) 2001, 2004-2005, 2007-2014 Sergey Poznyakoff
Permission is granted to anyone to make or distribute verbatim copies Permission is granted to anyone to make or distribute verbatim copies
of this document as received, in any medium, provided that the of this document as received, in any medium, provided that the

2
configure.ac
View file

@ -16,7 +16,7 @@
AC_PREREQ(2.63) AC_PREREQ(2.63)
AC_INIT(pam-modules, 1.8.93, bug-pam-modules@gnu.org.ua) AC_INIT(pam-modules, 1.9, bug-pam-modules@gnu.org.ua)
AC_CONFIG_SRCDIR(pam_fshadow/pam_fshadow.c) AC_CONFIG_SRCDIR(pam_fshadow/pam_fshadow.c)
AC_CONFIG_AUX_DIR([build-aux]) AC_CONFIG_AUX_DIR([build-aux])
AC_CONFIG_MACRO_DIR([m4]) AC_CONFIG_MACRO_DIR([m4])

116
doc/pam_ldaphome.8in
View file

@ -14,7 +14,7 @@
.\" You should have received a copy of the GNU General Public License .\" You should have received a copy of the GNU General Public License
.\" along with PAM-Modules. If not, see <http://www.gnu.org/licenses/>. .\" along with PAM-Modules. If not, see <http://www.gnu.org/licenses/>.
.so config.so .so config.so
.TH PAM_LDAPHOME 8 "May 19, 2014" "PAM-MODULES" "Pam-Modules User Reference" .TH PAM_LDAPHOME 8 "May 21, 2014" "PAM-MODULES" "Pam-Modules User Reference"
.SH NAME .SH NAME
pam_ldaphome \- create and populate user home directories pam_ldaphome \- create and populate user home directories
.SH SYNOPSIS .SH SYNOPSIS
@ -46,27 +46,7 @@ split across several physical lines of text by ending each line but
the last with a backslash character. the last with a backslash character.
.PP .PP
Available configuration directives are: Available configuration directives are:
.TP .SS LDAP Settings
.BI allow\-home\-dir " PATH"
Lists directories in which it is allowed to create home directories.
\fIPATH\fR is a list of directories separated by colons. The user's
home directory will be created only if the directory part of its name
is listed in \fIPATH\fR.
.TP
.BI skel " DIR"
Supplies the name of a \fIskeleton directory\fR. The contents of this
directory is copied to each newly created user home directory. The
file modes and permissions are retained.
.TP
.BI uri " ARG"
Sets the URI of the LDAP server to consult for the user profile.
.TP
.BI ldap\-version " NUM"
Sets the LDAP version to use. Valid arguments are
.B 2
and
.B 3
(the default).
.TP .TP
.BI base " SEARCHBASE" .BI base " SEARCHBASE"
Use \fISEARCHBASE\fR as starting point for searches. Use \fISEARCHBASE\fR as starting point for searches.
@ -81,6 +61,21 @@ password for simple authentication.
.BI bindpwfile " FILE" .BI bindpwfile " FILE"
Read password for simple authentication from \fIFILE\fR. Read password for simple authentication from \fIFILE\fR.
.TP .TP
.BI filter " EXPR"
Defines a LDAP filter expression which returns the user profile. The
\fIEXPR\fR should conform to the string representation for search
filters as defined in RFC 4515.
.TP
.BI ldap\-version " NUM"
Sets the LDAP version to use. Valid arguments are
.B 2
and
.B 3
(the default).
.TP
.BI pubkey\-attr " TEXT"
Defines the name of the attribute that keeps user's public SSH key.
.TP
.BI tls " VAL" .BI tls " VAL"
Controls whether TLS is desired or required. If \fIVAL\fR is Controls whether TLS is desired or required. If \fIVAL\fR is
\fBno\fR (the default), TLS will not be used. If it is \fByes\fR, \fBno\fR (the default), TLS will not be used. If it is \fByes\fR,
@ -89,32 +84,15 @@ anyway if it fails. Finally, if \fIVAL\fR is the word \fBonly\fR, the
use of TLS becomes mandatory, and the module will not establish LDAP use of TLS becomes mandatory, and the module will not establish LDAP
connection unless \fIStartTLS\fR succeeds. connection unless \fIStartTLS\fR succeeds.
.TP .TP
.BI min\-uid " N" .BI uri " ARG"
Sets the minimal UID. For users with UIDs less than \fIN\fR, Sets the URI of the LDAP server to consult for the user profile.
\fBpam_ldaphome\fR will return \fBPAM_SUCCESS\fR immediately. This .SS Home directory creation
allows you to have a set of basic users whose credentials are kept in
the system database and who will not be disturbed by
\fBpam_ldaphome\fR. See also \fBmin\-gid\fR and \fBallow\-groups\fR.
.TP .TP
.BI min\-gid " N" .BI allow\-home\-dir " PATH"
Sets the minimal GID. For users with GIDs less than \fIN\fR, Lists directories in which it is allowed to create home directories.
the module will return \fBPAM_SUCCESS\fR immediately. \fIPATH\fR is a list of directories separated by colons. The user's
.TP home directory will be created only if the directory part of its name
\fBallow\-groups\fR \fIGROUP\fR [\fIGROUP\fR...] is listed in \fIPATH\fR.
Only handle members of the listed groups.
.TP
.BI filter " EXPR"
Defines a LDAP filter expression which returns the user profile. The
\fIEXPR\fR should conform to the string representation for search
filters as defined in RFC 4515.
.TP
.BI import\-public\-keys " BOOL"
When set to \fBno\fR, disables importing public keys from LDAP. You
may wish to use this option if you are using \fBopenssh\fR 6.1 or
later with \fBldappubkey\fR as \fBAuthorizedKeysCommand\fR.
.TP
.BI pubkey\-attr " TEXT"
Defines the name of the attribute that keeps user's public SSH key.
.TP .TP
.BI copy\-buf\-size " N" .BI copy\-buf\-size " N"
Sets the size of the buffer used to copy files from the skeleton Sets the size of the buffer used to copy files from the skeleton
@ -123,8 +101,11 @@ directory to the newly created home. The default value is 16384 bytes.
.BI home\-dir\-mode " MODE" .BI home\-dir\-mode " MODE"
Defines the file mode (octal) for creation of the user directories. Defines the file mode (octal) for creation of the user directories.
.TP .TP
.BI keyfile\-mode " MODE" .BI skel " DIR"
Defines the file mode (octal) for creation of authorized keys files. Supplies the name of a \fIskeleton directory\fR. The contents of this
directory is copied to each newly created user home directory. The
file modes and permissions are retained.
.SS Authorized keys file control
.TP .TP
.BI authorized_keys " NAME" .BI authorized_keys " NAME"
Sets the pathname (relative to the home directory) for the authorized Sets the pathname (relative to the home directory) for the authorized
@ -134,6 +115,35 @@ operation, this value must be the same as the value of
.BR sshd_config (5). .BR sshd_config (5).
Unless you change the latter, there's no need to edit it. Unless you change the latter, there's no need to edit it.
.TP .TP
.BI import\-public\-keys " BOOL"
When set to \fBno\fR, disables importing public keys from LDAP. You
may wish to use this option if you are using \fBopenssh\fR 6.2p1 or
later with \fBldappubkey\fR as \fBAuthorizedKeysCommand\fR.
.TP
.BI keyfile\-mode " MODE"
Defines the file mode (octal) for creation of authorized keys files.
.SS Access control
.TP
\fBallow\-groups\fR \fIGROUP\fR [\fIGROUP\fR...]
Only handle members of the listed groups.
.TP
.BI min\-gid " N"
Sets the minimal GID. For users with GIDs less than \fIN\fR,
the module will return \fBPAM_SUCCESS\fR immediately.
.TP
.BI min\-uid " N"
Sets the minimal UID. For users with UIDs less than \fIN\fR,
\fBpam_ldaphome\fR will return \fBPAM_SUCCESS\fR immediately. This
allows you to have a set of basic users whose credentials are kept in
the system database and who will not be disturbed by
\fBpam_ldaphome\fR. See also \fBmin\-gid\fR and \fBallow\-groups\fR.
.SS Initialization script support
.TP
.BI exec\-timeout " SECONDS"
Sets maximum time the \fBinitrc\-command\fR is allowed to run. If
it runs longer than \fISECONDS\fR, it will be terminated with a
\fBSIGKILL\fR, and the module will return \fBPAM_SYSTEM_ERR\fR.
.TP
.BI initrc\-command " COMMAND" .BI initrc\-command " COMMAND"
Run \fICOMMAND\fR after populating the user home directory with Run \fICOMMAND\fR after populating the user home directory with
files from the skeleton directory. The user login name is passed to files from the skeleton directory. The user login name is passed to
@ -144,10 +154,6 @@ standard output is redirected to standard errror.
The command should exit with code 0 on success. If it exits with a The command should exit with code 0 on success. If it exits with a
non-zero code, PAM_SYSTEM_ERR will be reported. non-zero code, PAM_SYSTEM_ERR will be reported.
.TP .TP
.BI initrc-log " FILE"
Redirects standard output and error from the
\fBinitrc\-command\fR to \fIFILE\fR.
.TP
\fBinitrc\-environ\fR \fIENV\fR ... \fBinitrc\-environ\fR \fIENV\fR ...
Modifies the environment of \fBinitrc\-command\fR. Modifies the environment of \fBinitrc\-command\fR.
@ -185,6 +191,10 @@ is removed from it before assignment.
.RE .RE
The \fIVALUE\fR part can be enclosed in single or double quotes, in The \fIVALUE\fR part can be enclosed in single or double quotes, in
which case the usual shell dequoting rules apply. which case the usual shell dequoting rules apply.
.TP
.BI initrc-log " FILE"
Redirects standard output and error from the
\fBinitrc\-command\fR to \fIFILE\fR.
.SH OPTIONS .SH OPTIONS
.TP .TP
.BI config= FILE .BI config= FILE

2
pamck/pamck.c
View file

@ -39,7 +39,7 @@ version()
{ {
printf("%s (%s) %s\n", program_name, PACKAGE, PACKAGE_VERSION); printf("%s (%s) %s\n", program_name, PACKAGE, PACKAGE_VERSION);
fputs ("\ fputs ("\
Copyright (C) 2009 Sergey Poznyakoff\n\ Copyright (C) 2009-2012, 2014 Sergey Poznyakoff\n\
\n\ \n\
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>.\n\ License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>.\n\
This is free software: you are free to change and redistribute it.\n\ This is free software: you are free to change and redistribute it.\n\