ipkg -m acnb ${POPT}
CFLAGS="${CFLAGS} -fPIC" ipkg -m acnb ${LIBTIRPC}
ipkg ${PAM}
+ipkg ${SHADOW}
ipkg -m noac ${OPENSSL}
ipkg ${WGET} "--with-ssl=openssl"
ipkg -m noac ${PCIUTILS}
--- /dev/null
+#Begin /etc/pam.d/chage
+
+# always allow root
+auth sufficient pam_rootok.so
+
+# include system defaults for auth account and session
+auth include system-auth
+account include system-account
+session include system-session
+
+# Always permit for authentication updates
+password required pam_permit.so
+
+# End /etc/pam.d/chage
--- /dev/null
+# Begin /etc/pam.d/login
+
+# Set failure delay before next prompt to 3 seconds
+auth optional pam_faildelay.so delay=3000000
+
+# Check to make sure that the user is allowed to login
+auth requisite pam_nologin.so
+
+# Check to make sure that root is allowed to login
+# Disabled by default. You will need to create /etc/securetty
+# file for this module to function. See man 5 securetty.
+#auth required pam_securetty.so
+
+# Additional group memberships - disabled by default
+#auth optional pam_group.so
+
+# include the default auth settings
+auth include system-auth
+
+# check access for the user
+account required pam_access.so
+
+# include the default account settings
+account include system-account
+
+# Set default environment variables for the user
+session required pam_env.so
+
+# Set resource limits for the user
+session required pam_limits.so
+
+# Display date of last login - Disabled by default
+#session optional pam_lastlog.so
+
+# Display the message of the day - Disabled by default
+#session optional pam_motd.so
+
+# Check user's mail - Disabled by default
+#session optional pam_mail.so standard quiet
+
+# include the default session and password settings
+session include system-session
+password include system-password
+
+# End /etc/pam.d/login
--- /dev/null
+# Begin /etc/pam.d/other
+
+auth required pam_warn.so
+auth required pam_deny.so
+account required pam_warn.so
+account required pam_deny.so
+password required pam_warn.so
+password required pam_deny.so
+session required pam_warn.so
+session required pam_deny.so
+
+# End /etc/pam.d/other
--- /dev/null
+# Begin /etc/pam.d/passwd
+
+password include system-password
+
+# End /etc/pam.d/passwd
--- /dev/null
+# Begin /etc/pam.d/su
+
+# always allow root
+auth sufficient pam_rootok.so
+auth include system-auth
+
+# include the default account settings
+account include system-account
+
+# Set default environment variables for the service user
+session required pam_env.so
+
+# include system session defaults
+session include system-session
+
+# End /etc/pam.d/su
--- /dev/null
+# Begin /etc/pam.d/system-account
+
+account required pam_unix.so
+
+# End /etc/pam.d/system-account
--- /dev/null
+# Begin /etc/pam.d/system-auth
+
+auth required pam_unix.so
+
+# End /etc/pam.d/system-auth
--- /dev/null
+# Begin /etc/pam.d/system-password
+
+# use sha512 hash for encryption, use shadow, and try to use any previously
+# defined authentication token (chosen password) set by any prior module
+password required pam_unix.so sha512 shadow try_first_pass
+
+# End /etc/pam.d/system-password
--- /dev/null
+# Begin /etc/pam.d/system-session
+
+session required pam_unix.so
+
+# End /etc/pam.d/system-session
update_packages_init ${*}
+# These packages were already downloaded for stage2:
+lpkg 2 ${SHADOW}
+
# These packages are only for stage3
fpkg -m gnu ${WHICH}
fpkg -e "tar.gz" ${BASHCOMPLETION} "http://www.caliban.org/files/bash"
--- /dev/null
+#!/bin/bash
+
+hvconfig_pre()
+{
+ CONFIGURE_OPTS="\
+ ${CONFIGURE_OPTS} \
+ --without-selinux"
+
+ cd ${LFS_TMP}/${PACKAGE}
+
+ # Disable the installation of the groups program and its man page, as
+ # Coreutils provides a better version.
+ sed -i 's/groups$(EXEEXT) //' src/Makefile.in
+ find man -name Makefile.in -exec sed -i 's/groups\.1 / /' {} \;
+
+ # Instead of using the default crypt method, use the more secure SHA-512 method
+ # of password encryption, which also allows passwords longer than 8 characters.
+ # It is also necessary to change the obsolete /var/spool/mail location for user
+ # mailboxes that Shadow uses by default to the /var/mail location used currently:
+ sed -i -e 's@#ENCRYPT_METHOD DES@ENCRYPT_METHOD SHA512@' \
+ -e 's@/var/spool/mail@/var/mail@' /etc/login.defs
+}
+
+hvbuild_post()
+{
+ # Expands PATH to /usr/local/bin for normal and root user and to
+ # /usr/local/sbin for root user only:
+ sed -i -e 's@PATH=/sbin:/bin:/usr/sbin:/usr/bin@&:/usr/local/sbin:/usr/local/bin@' \
+ -e 's@PATH=/bin:/usr/bin@&:/usr/local/bin@' /etc/login.defs
+
+ # Move some misplaced symlinks/programs to their proper locations.
+ mv /usr/bin/passwd /bin
+
+ # Disable creation of mailbox files by useradd:
+ sed -i 's/yes/no/' /etc/default/useradd
+
+ # Configure Linux-PAM:
+ install -v -m644 /etc/login.defs /etc/login.defs.orig
+ for FUNCTION in FAIL_DELAY FAILLOG_ENAB \
+ LASTLOG_ENAB \
+ MAIL_CHECK_ENAB \
+ OBSCURE_CHECKS_ENAB \
+ PORTTIME_CHECKS_ENAB \
+ QUOTAS_ENAB \
+ CONSOLE MOTD_FILE \
+ FTMP_FILE NOLOGINS_FILE \
+ ENV_HZ PASS_MIN_LEN \
+ SU_WHEEL_ONLY \
+ CRACKLIB_DICTPATH \
+ PASS_CHANGE_TRIES \
+ PASS_ALWAYS_WARN \
+ CHFN_AUTH ENCRYPT_METHOD \
+ ENVIRON_FILE
+ do
+ sed -i "s/^${FUNCTION}/# &/" /etc/login.defs
+ done
+
+ install -v -m644 ${SCRDIR}/misc/shadow-pam.d/* /etc/pam.d/
+
+ for PROGRAM in chfn chgpasswd chpasswd chsh groupadd groupdel \
+ groupmems groupmod newusers useradd userdel usermod
+ do
+ install -v -m644 /etc/pam.d/chage /etc/pam.d/${PROGRAM}
+ sed -i "s/chage/$PROGRAM/" /etc/pam.d/${PROGRAM}
+ done
+
+ # Configuring Login Access
+ # Instead of using the /etc/login.access file for controlling access to the
+ # system, Linux-PAM uses the pam_access.so module along with the
+ # /etc/security/access.conf file. Rename the /etc/login.access file:
+ [ -f /etc/login.access ] && mv -v /etc/login.access{,.NOUSE}
+
+ # Configuring Resource Limits
+ # Instead of using the /etc/limits file for limiting usage of system
+ # resources, Linux-PAM uses the pam_limits.so module along with the
+ # /etc/security/limits.conf file. Rename the /etc/limits file:
+ [ -f /etc/limits ] && mv -v /etc/limits{,.NOUSE}
+}