[linux-pam] #4: [PATCH] po/ja.po: Fix some wrong translations and so on
by fedora-badges
#4: [PATCH] po/ja.po: Fix some wrong translations and so on
--------------------+-------------------------------------------------------
Reporter: fumiyas | Owner: pam-developers(a)lists.fedorahosted.org
Type: defect | Status: new
Priority: major | Component: library
Version: 1.1.x | Keywords: l10n
--------------------+-------------------------------------------------------
I've updated po/ja.po to fix some wrong translations and so on.
Please see and commit the attached patch to master repository if you feel
good.
Should I contact the original translator (Kiyoto Hashida
<khashida(a)redhat.com>) to check and confirm this patch?
--
Ticket URL: <https://fedorahosted.org/linux-pam/ticket/4>
linux-pam <http://fedorahosted.org/linux-pam>
The Linux-PAM (Pluggable Authentication Modules) project
8 years, 10 months
[linux-pam] #9: Allow pam_lastlog to write to utmp as an option
by fedora-badges
#9: Allow pam_lastlog to write to utmp as an option
-------------------------+-------------------------------------------------
Reporter: | Owner: pam-developers@…
shadowkyogre | Status: new
Type: | Component: modules
enhancement | Keywords: pam_lastlog utmp update patch
Priority: major | prototype
Version: 1.1.x | Blocking:
Blocked By: |
-------------------------+-------------------------------------------------
The following patch for pam_lastlog allows it to write to utmp as well as
wtmp. Part of the code is from xorg-sessreg to help make a utmp entry. I
only tested this on my desktop, which is running Arch Linux, so some
modifications may need to be made in order to make it more portable.
--
Ticket URL: <https://fedorahosted.org/linux-pam/ticket/9>
linux-pam <http://fedorahosted.org/linux-pam>
The Linux-PAM (Pluggable Authentication Modules) project
9 years
[linux-pam] #5: multiple pam_namespace unmount problems
by fedora-badges
#5: multiple pam_namespace unmount problems
-----------------------------+------------------------------
Reporter: andersblomdell | Owner: pam-developers@…
Type: defect | Status: new
Priority: major | Component: library
Version: 1.1.x | Keywords:
Blocked By: | Blocking:
-----------------------------+------------------------------
This is essentially a short version of the bug in:
http://bugzilla.redhat.com/show_bug.cgi?id=755216
Essentially pam_namespace (1.1.5) suffers the following problems:
1. The (bind) mounts done in the new namespace is visible in the
original namespace (Error "too many levels of symbolic links").
2. At pam_namespace exit, the original mounting is restored for any
remaining child processes (daemons), which is a security problem.
Patch is attached
--
Ticket URL: <https://fedorahosted.org/linux-pam/ticket/5>
linux-pam <http://fedorahosted.org/linux-pam>
The Linux-PAM (Pluggable Authentication Modules) project
10 years, 2 months
[linux-pam] #8: [PATCH] pam_exec: Support showing stdout via pam_info, and only running for a specified module type
by fedora-badges
#8: [PATCH] pam_exec: Support showing stdout via pam_info, and only running for
a specified module type
---------------------------+------------------------------
Reporter: joshtriplett | Owner: pam-developers@…
Type: enhancement | Status: new
Priority: major | Component: modules
Version: | Keywords: patch
Blocked By: | Blocking:
---------------------------+------------------------------
The attached patches implement two new options for the pam_exec module.
Patch 1 adds a "stdout" option, which shows the stdout (and stderr) of
the executed command via pam_info. For instance, adding the following
line to /etc/pam.d/login right before the line for pam_motd:
{{{
session optional pam_exec.so stdout /usr/bin/seq 5
}}}
will print five lines (numbered 1-5) at the start and end of the
session. In order to implement this option without breaking the
existing support for the expose_authtok option, I had to
reorganize the file descriptor handling to move the loop that closes all
unwanted
file descriptors below all the code that sets up stdin/stdout/stderr,
and add some new code before that setup to ensure that none of the pipes
ended up on stdin/stdout/stderr where they might get closed by dup2.
Patch 2 adds a "type" option, which causes pam_exec to only execute the
command when the PAM module type matches the given type. In particular,
this makes it possible to run only at the start or end of a session,
without having to write a separate wrapper script to check the PAM_TYPE
environment variable. For example, adding the following to
/etc/pam.d/login right before the line for pam_motd:
{{{
session optional pam_exec.so type=open_session /bin/sleep 5
}}}
will sleep for 5 seconds at login time, but not at logout time,
demonstrating that the option works.
Together, these options make it possible to show dynamically generated
output at the start of a PAM session. For example, the following
pam_exec invocation produces the same output as the current dynamically
generated first line of the Debian motd:
{{{
session optional pam_exec.so type=open_session stdout /bin/uname -snrvm
}}}
(As an aside, I attempted to submit these patches to pam-
developers(a)lists.fedorahosted.org, but I couldn't seem to subscribe to
that list (no response to my subscription confirmation), and thus my mail
got moderated. Does pam-developers moderate subscriptions?)
--
Ticket URL: <https://fedorahosted.org/linux-pam/ticket/8>
linux-pam <http://fedorahosted.org/linux-pam>
The Linux-PAM (Pluggable Authentication Modules) project
10 years, 6 months
[linux-pam] #12: Typo in limits.conf
by fedora-badges
#12: Typo in limits.conf
----------------------+-------------------------------
Reporter: wzyboy | Owner: pam-developers@…
Type: defect | Status: new
Priority: trivial | Component: documentation
Version: 1.1.x | Keywords: typo, limits.conf
Blocked By: | Blocking:
----------------------+-------------------------------
{{{
#<domain> can be:
# - an user name
# - a group name, with @group syntax
# - the wildcard *, for default entry
# - the wildcard %, can be also used with %group syntax,
# for maxlogin limit
}}}
There is a typo in /etc/limits.conf. The phrase 'an user name' should be
corrected with 'a user name' or 'a username', as 'user' starts with a
consonant instead of a vowel.
--
Ticket URL: <https://fedorahosted.org/linux-pam/ticket/12>
linux-pam <http://fedorahosted.org/linux-pam>
The Linux-PAM (Pluggable Authentication Modules) project
11 years, 4 months
Drop manual context selection from pam_selinux
by Tomas Mraz
The manual context selection is an obsolete feature that does not work
properly anyway.
I'm sending the attached patch on behalf of Dan Walsh.
OK to commit?
--
Tomas Mraz
No matter how far down the wrong road you've gone, turn back.
Turkish proverb
11 years, 4 months
tst-pam_pwhistory1 is broken
by Tomas Mraz
It runs with real uid == 0 when the pam_pwhistory does not enforce the
restriction anymore. The following patch fixes the test:
diff --git a/xtests/tst-pam_pwhistory1.pamd b/xtests/tst-pam_pwhistory1.pamd
index 68e1b94..d60db7c 100644
--- a/xtests/tst-pam_pwhistory1.pamd
+++ b/xtests/tst-pam_pwhistory1.pamd
@@ -1,6 +1,6 @@
#%PAM-1.0
auth required pam_permit.so
account required pam_permit.so
-password required pam_pwhistory.so remember=10 retry=1
+password required pam_pwhistory.so remember=10 retry=1 enforce_for_root
password required pam_unix.so use_authtok md5
session required pam_permit.so
OK to commit?
--
Tomas Mraz
No matter how far down the wrong road you've gone, turn back.
Turkish proverb
11 years, 4 months