diff options
| author | Kevin Tian <kevin.tian@intel.com> | 2010-08-03 15:53:38 +0800 |
|---|---|---|
| committer | Richard Purdie <rpurdie@linux.intel.com> | 2010-08-13 13:36:01 +0100 |
| commit | 46771a85b0cd8edeab2b2bb2b79754fb797f24b2 (patch) | |
| tree | 4b85393e5ddf09f5f45f64388c0105f361640be8 /meta/packages/pam/libpam-1.1.1/pam.d/common-account | |
| parent | 59e30ad05f3d51f5ebaaa7ffc855ce93a676a986 (diff) | |
| download | poky-46771a85b0cd8edeab2b2bb2b79754fb797f24b2.tar.gz | |
pam: rename to libpam and add core config files
So far pam is not really functional as there no pam config files exists, here
we borrow from openembedded to setup core /etc/pam.d to make it functional:
* change 'pam' to 'libpam' following Debian naming convention, and change
(R)DEPENDS in other recipes
* borrow openembedded libpam-base-files with changes:
- rename to libpam-runtime to follow Debian naming
- only keep common-* core files which can be traced back to Debian
libpam-runtime-1.0.1 for license track. Other service specific files
(such as atd, cron, ...) are removed because either they may contaminate
the license or it's right thing to have their own packages providing them
- use same libpam recipe instead of creating a new. This way other /etc/
stuff are all contained by libpam-runtime
* like openembedded, we package each pam plugin into seperate package now,
with some differnce though:
- Some ${sbindir} binaries are bound to specific PAM plugin. So better to
package them together with corresponding plugin package
- populate_sysroot_prepend is invoked before actual populate_sysroot, at
that time ${D} binaries haven't been tripped. So it's difficult to specify
-dev for those plugin pacakges from _prepend which are simply empty.
actually one -dev/-doc per recipe is one good exercise here.
Signed-off-by: Kevin Tian <kevin.tian@intel.com>
Diffstat (limited to 'meta/packages/pam/libpam-1.1.1/pam.d/common-account')
| -rw-r--r-- | meta/packages/pam/libpam-1.1.1/pam.d/common-account | 25 |
1 files changed, 25 insertions, 0 deletions
diff --git a/meta/packages/pam/libpam-1.1.1/pam.d/common-account b/meta/packages/pam/libpam-1.1.1/pam.d/common-account new file mode 100644 index 0000000000..316b17337b --- /dev/null +++ b/meta/packages/pam/libpam-1.1.1/pam.d/common-account | |||
| @@ -0,0 +1,25 @@ | |||
| 1 | # | ||
| 2 | # /etc/pam.d/common-account - authorization settings common to all services | ||
| 3 | # | ||
| 4 | # This file is included from other service-specific PAM config files, | ||
| 5 | # and should contain a list of the authorization modules that define | ||
| 6 | # the central access policy for use on the system. The default is to | ||
| 7 | # only deny service to users whose accounts are expired in /etc/shadow. | ||
| 8 | # | ||
| 9 | # As of pam 1.0.1-6, this file is managed by pam-auth-update by default. | ||
| 10 | # To take advantage of this, it is recommended that you configure any | ||
| 11 | # local modules either before or after the default block, and use | ||
| 12 | # pam-auth-update to manage selection of other modules. See | ||
| 13 | # pam-auth-update(8) for details. | ||
| 14 | # | ||
| 15 | |||
| 16 | # here are the per-package modules (the "Primary" block) | ||
| 17 | account [success=1 new_authtok_reqd=done default=ignore] pam_unix.so | ||
| 18 | # here's the fallback if no module succeeds | ||
| 19 | account requisite pam_deny.so | ||
| 20 | # prime the stack with a positive return value if there isn't one already; | ||
| 21 | # this avoids us returning an error just because nothing sets a success code | ||
| 22 | # since the modules above will each just jump around | ||
| 23 | account required pam_permit.so | ||
| 24 | # and here are more per-package modules (the "Additional" block) | ||
| 25 | # end of pam-auth-update config | ||