From: Todd C. Miller <Todd.Miller@courtesan.com>
Date: Thu, 8 Dec 2011 14:10:07 +0000 (-0500)
Subject: Mention how to configure pam_hpsec on HP-UX to play nicely with sudo.
X-Git-Tag: SUDO_1_8_4~110^2
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=edd32aa8dfd329ec8c03fb7979e3501d60b593a7;p=sudo

Mention how to configure pam_hpsec on HP-UX to play nicely with sudo.
---

diff --git a/INSTALL b/INSTALL
index 35065407c..7c9d32a68 100644
--- a/INSTALL
+++ b/INSTALL
@@ -738,6 +738,12 @@ HP-UX:
 
     sudo	session	required	libpam_hpsec.so.1 bypass_umask
 
+    If every command run via sudo displays information about the last
+    successful login and the last authentication failure you should
+    make use an /etc/pam.conf line like:
+
+    sudo	session	required	libpam_hpsec.so.1 bypass_umask bypass_last_login
+
 Digital UNIX:
     By default, sudo will use SIA (Security Integration Architecture)
     to validate a user.  If you want to use an alternative authentication
diff --git a/configure b/configure
index 91313be88..7561536ea 100755
--- a/configure
+++ b/configure
@@ -22023,6 +22023,14 @@ fi
 
 if test "$with_pam" = "yes"; then
     case $host in
+	*-*-hpux*)
+	    if  -f /usr/lib/security/libpam_hpsec.so.1 ; then
+		{ $as_echo "$as_me:${as_lineno-$LINENO}: You may wish to add the following line to /etc/pam.conf" >&5
+$as_echo "$as_me: You may wish to add the following line to /etc/pam.conf" >&6;}
+		{ $as_echo "$as_me:${as_lineno-$LINENO}: sudo session required libpam_hpsec.so.1 bypass_umask bypass_last_login" >&5
+$as_echo "$as_me: sudo session required libpam_hpsec.so.1 bypass_umask bypass_last_login" >&6;}
+	    fi
+	    ;;
 	*-*-linux*)
 	    { $as_echo "$as_me:${as_lineno-$LINENO}: You will need to customize sample.pam and install it as /etc/pam.d/sudo" >&5
 $as_echo "$as_me: You will need to customize sample.pam and install it as /etc/pam.d/sudo" >&6;}
diff --git a/configure.in b/configure.in
index ee4007fd3..57374bbca 100644
--- a/configure.in
+++ b/configure.in
@@ -3065,6 +3065,12 @@ dnl Spew any text the user needs to know about
 dnl
 if test "$with_pam" = "yes"; then
     case $host in
+	*-*-hpux*)
+	    if [ -f /usr/lib/security/libpam_hpsec.so.1 ]; then
+		AC_MSG_NOTICE([You may wish to add the following line to /etc/pam.conf])
+		AC_MSG_NOTICE([sudo session required libpam_hpsec.so.1 bypass_umask bypass_last_login])
+	    fi
+	    ;;
 	*-*-linux*)
 	    AC_MSG_NOTICE([You will need to customize sample.pam and install it as /etc/pam.d/sudo])
 	    ;;