You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@knox.apache.org by mo...@apache.org on 2017/03/30 18:22:38 UTC

svn commit: r1789545 - in /knox/trunk/books: 0.10.0/config_pam_authn.md 0.11.0/config_pam_authn.md 0.12.0/config_pam_authn.md

Author: more
Date: Thu Mar 30 18:22:37 2017
New Revision: 1789545

URL: http://svn.apache.org/viewvc?rev=1789545&view=rev
Log:
KNOX-915 - Add PAM config example for Ubuntu (Krishna Pandey via Sandeep More)

Modified:
    knox/trunk/books/0.10.0/config_pam_authn.md
    knox/trunk/books/0.11.0/config_pam_authn.md
    knox/trunk/books/0.12.0/config_pam_authn.md

Modified: knox/trunk/books/0.10.0/config_pam_authn.md
URL: http://svn.apache.org/viewvc/knox/trunk/books/0.10.0/config_pam_authn.md?rev=1789545&r1=1789544&r2=1789545&view=diff
==============================================================================
--- knox/trunk/books/0.10.0/config_pam_authn.md (original)
+++ knox/trunk/books/0.10.0/config_pam_authn.md Thu Mar 30 18:22:37 2017
@@ -79,4 +79,19 @@ The third field indicates what action is
 * sufficient: Given that all preceding modules have succeeded, the success of this module leads to an immediate and successful return to the application (failure of this module is ignored).
 * optional: The success or failure of this module is generally not recorded.
 
-The fourth field contains the name of the loadable module, pam_*.so. For the sake of readability, the full pathname of each module is not given. Before Linux-PAM-0.56 was released, there was no support for a default authentication-module directory. If you have an earlier version of Linux-PAM installed, you will have to specify the full path for each of the modules. Your distribution most likely placed these modules exclusively in one of the following directories: /lib/security/ or /usr/lib/security/.
\ No newline at end of file
+The fourth field contains the name of the loadable module, pam_*.so. For the sake of readability, the full pathname of each module is not given. Before Linux-PAM-0.56 was released, there was no support for a default authentication-module directory. If you have an earlier version of Linux-PAM installed, you will have to specify the full path for each of the modules. Your distribution most likely placed these modules exclusively in one of the following directories: /lib/security/ or /usr/lib/security/.
+
+Also, find below a non-normative example of a PAM config file(/etc/pam.d/login) for Ubuntu:
+
+    #%PAM-1.0
+    
+    auth       required     pam_sepermit.so
+    # pam_selinux.so close should be the first session rule
+    session    required     pam_selinux.so close
+    session    required     pam_loginuid.so
+    # pam_selinux.so open should only be followed by sessions to be executed in the user context
+    session    required     pam_selinux.so open env_params
+    session    optional     pam_keyinit.so force revoke
+    
+    session    required     pam_env.so user_readenv=1 envfile=/etc/default/locale
+    @include password-auth

Modified: knox/trunk/books/0.11.0/config_pam_authn.md
URL: http://svn.apache.org/viewvc/knox/trunk/books/0.11.0/config_pam_authn.md?rev=1789545&r1=1789544&r2=1789545&view=diff
==============================================================================
--- knox/trunk/books/0.11.0/config_pam_authn.md (original)
+++ knox/trunk/books/0.11.0/config_pam_authn.md Thu Mar 30 18:22:37 2017
@@ -80,4 +80,19 @@ The third field indicates what action is
 * sufficient: Given that all preceding modules have succeeded, the success of this module leads to an immediate and successful return to the application (failure of this module is ignored).
 * optional: The success or failure of this module is generally not recorded.
 
-The fourth field contains the name of the loadable module, pam_*.so. For the sake of readability, the full pathname of each module is not given. Before Linux-PAM-0.56 was released, there was no support for a default authentication-module directory. If you have an earlier version of Linux-PAM installed, you will have to specify the full path for each of the modules. Your distribution most likely placed these modules exclusively in one of the following directories: /lib/security/ or /usr/lib/security/.
\ No newline at end of file
+The fourth field contains the name of the loadable module, pam_*.so. For the sake of readability, the full pathname of each module is not given. Before Linux-PAM-0.56 was released, there was no support for a default authentication-module directory. If you have an earlier version of Linux-PAM installed, you will have to specify the full path for each of the modules. Your distribution most likely placed these modules exclusively in one of the following directories: /lib/security/ or /usr/lib/security/.
+
+Also, find below a non-normative example of a PAM config file(/etc/pam.d/login) for Ubuntu:
+
+    #%PAM-1.0
+    
+    auth       required     pam_sepermit.so
+    # pam_selinux.so close should be the first session rule
+    session    required     pam_selinux.so close
+    session    required     pam_loginuid.so
+    # pam_selinux.so open should only be followed by sessions to be executed in the user context
+    session    required     pam_selinux.so open env_params
+    session    optional     pam_keyinit.so force revoke
+    
+    session    required     pam_env.so user_readenv=1 envfile=/etc/default/locale
+    @include password-auth

Modified: knox/trunk/books/0.12.0/config_pam_authn.md
URL: http://svn.apache.org/viewvc/knox/trunk/books/0.12.0/config_pam_authn.md?rev=1789545&r1=1789544&r2=1789545&view=diff
==============================================================================
--- knox/trunk/books/0.12.0/config_pam_authn.md (original)
+++ knox/trunk/books/0.12.0/config_pam_authn.md Thu Mar 30 18:22:37 2017
@@ -80,4 +80,19 @@ The third field indicates what action is
 * sufficient: Given that all preceding modules have succeeded, the success of this module leads to an immediate and successful return to the application (failure of this module is ignored).
 * optional: The success or failure of this module is generally not recorded.
 
-The fourth field contains the name of the loadable module, pam_*.so. For the sake of readability, the full pathname of each module is not given. Before Linux-PAM-0.56 was released, there was no support for a default authentication-module directory. If you have an earlier version of Linux-PAM installed, you will have to specify the full path for each of the modules. Your distribution most likely placed these modules exclusively in one of the following directories: /lib/security/ or /usr/lib/security/.
\ No newline at end of file
+The fourth field contains the name of the loadable module, pam_*.so. For the sake of readability, the full pathname of each module is not given. Before Linux-PAM-0.56 was released, there was no support for a default authentication-module directory. If you have an earlier version of Linux-PAM installed, you will have to specify the full path for each of the modules. Your distribution most likely placed these modules exclusively in one of the following directories: /lib/security/ or /usr/lib/security/.
+
+Also, find below a non-normative example of a PAM config file(/etc/pam.d/login) for Ubuntu:
+
+    #%PAM-1.0
+    
+    auth       required     pam_sepermit.so
+    # pam_selinux.so close should be the first session rule
+    session    required     pam_selinux.so close
+    session    required     pam_loginuid.so
+    # pam_selinux.so open should only be followed by sessions to be executed in the user context
+    session    required     pam_selinux.so open env_params
+    session    optional     pam_keyinit.so force revoke
+    
+    session    required     pam_env.so user_readenv=1 envfile=/etc/default/locale
+    @include password-auth