From: jan@unixpapa.com Date: Thu, 14 Apr 2011 13:44:02 +0000 (+0000) Subject: OS X no longer puts the PAM header files in a weird place. X-Git-Tag: pwauth-2.3.10~3 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=c4f08fa70e574336d7463a3587d25b824504666a;p=pwauth OS X no longer puts the PAM header files in a weird place. --- diff --git a/pwauth/CHANGES b/pwauth/CHANGES index 2c5287d..1def5f5 100644 --- a/pwauth/CHANGES +++ b/pwauth/CHANGES @@ -2,6 +2,8 @@ Pwauth Change Log ================= VERSION 2.3.9 - + - Renamed PAM_OS_X configuration setting to PAM_OLD_OS_X since it only + is needed for OS X 10.5 and older. - Rearranged ifdef's so that undefining SLEEP_LOCK actually completely disables the sleep-on-failure behavior. - Minor documentation fixes diff --git a/pwauth/INSTALL b/pwauth/INSTALL index f53f8d4..0fe0f6b 100644 --- a/pwauth/INSTALL +++ b/pwauth/INSTALL @@ -30,16 +30,22 @@ with other forms of authentication. create a /etc/pam.d/pwauth file or edit the /etc/pam.conf file. If you have a /etc/pam.d directory, you need to create a file named - "pwauth" inside it. To authenticate out of the Unix Shadow file - under Redhat 6.x, the /etc/pam.d/pwauth file should look something like - this: + "pwauth" inside it. The contents of this file are going to be + entirely different for different versions of Unix, since there is + no standardization here. Your best bet is probably to take + an existing file in that directory and modify it. The few + ancient examples listed below should be taken more as examples of + the general appearance of these things than as useful prototypes. + + To authenticate out of the Unix Shadow file under Redhat 6.x, the + /etc/pam.d/pwauth file would look something like this: auth required /lib/security/pam_pwdb.so shadow nullok auth required /lib/security/pam_nologin.so account required /lib/security/pam_pwdb.so - Under OS X 10.4.11, something like the following works (possibly the - pam_securityserver line should be removed): + Under OS X 10.4.11, the following is reported to work (possibly + the pam_securityserver line should be removed): auth required pam_nologin.so auth sufficient pam_securityserver.so diff --git a/pwauth/auth_pam.c b/pwauth/auth_pam.c index 25f37eb..9f301d9 100644 --- a/pwauth/auth_pam.c +++ b/pwauth/auth_pam.c @@ -41,7 +41,7 @@ #ifdef NEED_UID #include #endif -#ifdef PAM_OS_X +#ifdef PAM_OLD_OS_X #include #else #include diff --git a/pwauth/config.h b/pwauth/config.h index 9a86203..55caf46 100644 --- a/pwauth/config.h +++ b/pwauth/config.h @@ -118,8 +118,8 @@ /* #define SHADOW_AIX /* AIX */ /* #define SHADOW_HPUX /* HPUX ? */ -/* #define PAM /* Linux PAM or OpenPAM*/ -/* #define PAM_OS_X /* PAM on OS X */ +/* #define PAM /* Linux PAM or OpenPAM */ +/* #define PAM_OLD_OS_X /* PAM on OS X version 10.5 or older */ /* #define PAM_SOLARIS /* PAM on Solaris other than 2.6 */ /* #define PAM_SOLARIS_26 /* PAM on Solaris 2.6 */ /* #define LOGIN_CONF_OPENBSD /* login.conf on OpenBSD */ @@ -243,11 +243,11 @@ * way to figure it out is just to do a "ps" and see what most apache processes * are running as.) * - * There are two ways to do this. First, you can compile in the uid numbers - * that are allowed to run this program, by listing them on the SERVER_UID - * variable below. At runtime, pwauth will check that the uid of the user - * that invoked it is on this list. So if you have just one uid that should - * be able to run pwauth, you can say something like: + * There are two ways to configure this. First, you can compile in the uid + * numbers that are allowed to run this program, by listing them on the + * SERVER_UID variable below. At runtime, pwauth will check that the uid + * of the user that invoked it is on this list. So if you have just one + * uid that should be able to run pwauth, you can say something like: * #define SERVER_UIDS 72 * If you have several, separate them by commas, like this: * #define SERVER_UIDS 12,343,93