[linux-pam] #4: [PATCH] po/ja.po: Fix some wrong translations and so on
by fedora-badges
#4: [PATCH] po/ja.po: Fix some wrong translations and so on
--------------------+-------------------------------------------------------
Reporter: fumiyas | Owner: pam-developers(a)lists.fedorahosted.org
Type: defect | Status: new
Priority: major | Component: library
Version: 1.1.x | Keywords: l10n
--------------------+-------------------------------------------------------
I've updated po/ja.po to fix some wrong translations and so on.
Please see and commit the attached patch to master repository if you feel
good.
Should I contact the original translator (Kiyoto Hashida
<khashida(a)redhat.com>) to check and confirm this patch?
--
Ticket URL: <https://fedorahosted.org/linux-pam/ticket/4>
linux-pam <http://fedorahosted.org/linux-pam>
The Linux-PAM (Pluggable Authentication Modules) project
8 years, 11 months
[linux-pam] #9: Allow pam_lastlog to write to utmp as an option
by fedora-badges
#9: Allow pam_lastlog to write to utmp as an option
-------------------------+-------------------------------------------------
Reporter: | Owner: pam-developers@…
shadowkyogre | Status: new
Type: | Component: modules
enhancement | Keywords: pam_lastlog utmp update patch
Priority: major | prototype
Version: 1.1.x | Blocking:
Blocked By: |
-------------------------+-------------------------------------------------
The following patch for pam_lastlog allows it to write to utmp as well as
wtmp. Part of the code is from xorg-sessreg to help make a utmp entry. I
only tested this on my desktop, which is running Arch Linux, so some
modifications may need to be made in order to make it more portable.
--
Ticket URL: <https://fedorahosted.org/linux-pam/ticket/9>
linux-pam <http://fedorahosted.org/linux-pam>
The Linux-PAM (Pluggable Authentication Modules) project
9 years
[linux-pam] #5: multiple pam_namespace unmount problems
by fedora-badges
#5: multiple pam_namespace unmount problems
-----------------------------+------------------------------
Reporter: andersblomdell | Owner: pam-developers@…
Type: defect | Status: new
Priority: major | Component: library
Version: 1.1.x | Keywords:
Blocked By: | Blocking:
-----------------------------+------------------------------
This is essentially a short version of the bug in:
http://bugzilla.redhat.com/show_bug.cgi?id=755216
Essentially pam_namespace (1.1.5) suffers the following problems:
1. The (bind) mounts done in the new namespace is visible in the
original namespace (Error "too many levels of symbolic links").
2. At pam_namespace exit, the original mounting is restored for any
remaining child processes (daemons), which is a security problem.
Patch is attached
--
Ticket URL: <https://fedorahosted.org/linux-pam/ticket/5>
linux-pam <http://fedorahosted.org/linux-pam>
The Linux-PAM (Pluggable Authentication Modules) project
10 years, 3 months
[linux-pam] #8: [PATCH] pam_exec: Support showing stdout via pam_info, and only running for a specified module type
by fedora-badges
#8: [PATCH] pam_exec: Support showing stdout via pam_info, and only running for
a specified module type
---------------------------+------------------------------
Reporter: joshtriplett | Owner: pam-developers@…
Type: enhancement | Status: new
Priority: major | Component: modules
Version: | Keywords: patch
Blocked By: | Blocking:
---------------------------+------------------------------
The attached patches implement two new options for the pam_exec module.
Patch 1 adds a "stdout" option, which shows the stdout (and stderr) of
the executed command via pam_info. For instance, adding the following
line to /etc/pam.d/login right before the line for pam_motd:
{{{
session optional pam_exec.so stdout /usr/bin/seq 5
}}}
will print five lines (numbered 1-5) at the start and end of the
session. In order to implement this option without breaking the
existing support for the expose_authtok option, I had to
reorganize the file descriptor handling to move the loop that closes all
unwanted
file descriptors below all the code that sets up stdin/stdout/stderr,
and add some new code before that setup to ensure that none of the pipes
ended up on stdin/stdout/stderr where they might get closed by dup2.
Patch 2 adds a "type" option, which causes pam_exec to only execute the
command when the PAM module type matches the given type. In particular,
this makes it possible to run only at the start or end of a session,
without having to write a separate wrapper script to check the PAM_TYPE
environment variable. For example, adding the following to
/etc/pam.d/login right before the line for pam_motd:
{{{
session optional pam_exec.so type=open_session /bin/sleep 5
}}}
will sleep for 5 seconds at login time, but not at logout time,
demonstrating that the option works.
Together, these options make it possible to show dynamically generated
output at the start of a PAM session. For example, the following
pam_exec invocation produces the same output as the current dynamically
generated first line of the Debian motd:
{{{
session optional pam_exec.so type=open_session stdout /bin/uname -snrvm
}}}
(As an aside, I attempted to submit these patches to pam-
developers(a)lists.fedorahosted.org, but I couldn't seem to subscribe to
that list (no response to my subscription confirmation), and thus my mail
got moderated. Does pam-developers moderate subscriptions?)
--
Ticket URL: <https://fedorahosted.org/linux-pam/ticket/8>
linux-pam <http://fedorahosted.org/linux-pam>
The Linux-PAM (Pluggable Authentication Modules) project
10 years, 7 months
pam_xauth needs to be two-phase when combined with pam_namaspace
by Anders Blomdell
While stress-testing the module in
https://lists.fedorahosted.org/pipermail/pam-developers/2012-October/0003...,
I found that the current pam_xauth does not work properly when the old
home-directory is hidden after the unshare (the same problem can occur
with pam_namespace). The reason is that the reading of xauth-cookie
needs to be done before the unshare, and the writing needs to be done
after the unshare. Attached is a python mockup (to be called by
pam_python from http://ace-host.stuart.id.au/russell/files/pam_python/)
of a revised xauth module.
The .conf file should contain something like:
session optional pam_python.so /etc/pam.d/xauth.py get
# The following include might make the current home-directory
# unreadable (by pam_namespace or other modules doing pam_unshare)
session include system-auth
session optional pam_python.so /etc/pam.d/xauth.py set
Regards
Anders Blomdell
--
Anders Blomdell Email: anders.blomdell(a)control.lth.se
Department of Automatic Control
Lund University Phone: +46 46 222 4625
P.O. Box 118 Fax: +46 46 138118
SE-221 00 Lund, Sweden
11 years, 6 months
[PATCH] Fix building with GLIBC 2.16 and SELinux.
by Diego Elio Pettenò
From: "Jory A. Pratt" <anarchy(a)gentoo.org>
Signed-off-by: Diego Elio Pettenò <flameeyes(a)flameeyes.eu>
---
modules/pam_unix/pam_unix_passwd.c | 1 +
1 file modificato, 1 inserzione(+)
diff --git a/modules/pam_unix/pam_unix_passwd.c b/modules/pam_unix/pam_unix_passwd.c
index 9e1302d..b5f5ae9 100644
--- a/modules/pam_unix/pam_unix_passwd.c
+++ b/modules/pam_unix/pam_unix_passwd.c
@@ -46,6 +46,7 @@
#include <unistd.h>
#include <errno.h>
#include <sys/types.h>
+#include <sys/resource.h>
#include <pwd.h>
#include <syslog.h>
#include <shadow.h>
--
1.7.12
11 years, 6 months
Re: [Pam-developers] [linux-pam] release version 1.1.6
by Thorsten Kukuk
On Fri, Aug 17, kukuk wrote:
> commit d4931cce402b5957189ccd34fb283b1e8db47901
> Author: Thorsten Kukuk <kukuk(a)orinoco.thkukuk.de>
> Date: Fri Aug 17 11:48:15 2012 +0200
>
> release version 1.1.6
Ok, Linux-1.1.6 is released, www.linux-pam.org is updated.
Thorsten
--
Thorsten Kukuk, Project Manager/Release Manager SLES
SUSE LINUX Products GmbH, Maxfeldstr. 5, D-90409 Nuernberg
GF: Jeff Hawn, Jennifer Guild, Felix Imendörffer, HRB 16746 (AG Nürnberg)
11 years, 6 months
pam_unshare
by Anders Blomdell
Hi All,
The attached pam_unshare was primarily written in order to create a
pam_namespace replacement that handled automounter and made it possible
to let a script decide if unshare should be called. I hope it could be
of use for someone else as well (inclusion in pam-linux would be a plus :-))
Besides the module and its documentation, I enclose a preliminary
version of a python script exercising some of the functionality
('session required pam_unshare.so cond /etc/pam.d/hide.py' in config file).
Regards
Anders Blomdell
--
Anders Blomdell Email: anders.blomdell(a)control.lth.se
Department of Automatic Control
Lund University Phone: +46 46 222 4625
P.O. Box 118 Fax: +46 46 138118
SE-221 00 Lund, Sweden
11 years, 6 months
