=================
VERSION 2.3.9 -
+ - Renamed PAM_OS_X configuration setting to PAM_OLD_OS_X since it only
+ is needed for OS X 10.5 and older.
- Rearranged ifdef's so that undefining SLEEP_LOCK actually completely
disables the sleep-on-failure behavior.
- Minor documentation fixes
create a /etc/pam.d/pwauth file or edit the /etc/pam.conf file.
If you have a /etc/pam.d directory, you need to create a file named
- "pwauth" inside it. To authenticate out of the Unix Shadow file
- under Redhat 6.x, the /etc/pam.d/pwauth file should look something like
- this:
+ "pwauth" inside it. The contents of this file are going to be
+ entirely different for different versions of Unix, since there is
+ no standardization here. Your best bet is probably to take
+ an existing file in that directory and modify it. The few
+ ancient examples listed below should be taken more as examples of
+ the general appearance of these things than as useful prototypes.
+
+ To authenticate out of the Unix Shadow file under Redhat 6.x, the
+ /etc/pam.d/pwauth file would look something like this:
auth required /lib/security/pam_pwdb.so shadow nullok
auth required /lib/security/pam_nologin.so
account required /lib/security/pam_pwdb.so
- Under OS X 10.4.11, something like the following works (possibly the
- pam_securityserver line should be removed):
+ Under OS X 10.4.11, the following is reported to work (possibly
+ the pam_securityserver line should be removed):
auth required pam_nologin.so
auth sufficient pam_securityserver.so
#ifdef NEED_UID
#include <pwd.h>
#endif
-#ifdef PAM_OS_X
+#ifdef PAM_OLD_OS_X
#include <pam/pam_appl.h>
#else
#include <security/pam_appl.h>
/* #define SHADOW_AIX /* AIX */
/* #define SHADOW_HPUX /* HPUX ? */
-/* #define PAM /* Linux PAM or OpenPAM*/
-/* #define PAM_OS_X /* PAM on OS X */
+/* #define PAM /* Linux PAM or OpenPAM */
+/* #define PAM_OLD_OS_X /* PAM on OS X version 10.5 or older */
/* #define PAM_SOLARIS /* PAM on Solaris other than 2.6 */
/* #define PAM_SOLARIS_26 /* PAM on Solaris 2.6 */
/* #define LOGIN_CONF_OPENBSD /* login.conf on OpenBSD */
* way to figure it out is just to do a "ps" and see what most apache processes
* are running as.)
*
- * There are two ways to do this. First, you can compile in the uid numbers
- * that are allowed to run this program, by listing them on the SERVER_UID
- * variable below. At runtime, pwauth will check that the uid of the user
- * that invoked it is on this list. So if you have just one uid that should
- * be able to run pwauth, you can say something like:
+ * There are two ways to configure this. First, you can compile in the uid
+ * numbers that are allowed to run this program, by listing them on the
+ * SERVER_UID variable below. At runtime, pwauth will check that the uid
+ * of the user that invoked it is on this list. So if you have just one
+ * uid that should be able to run pwauth, you can say something like:
* #define SERVER_UIDS 72
* If you have several, separate them by commas, like this:
* #define SERVER_UIDS 12,343,93
projects / pwauth / commitdiff