diff options
author | Sergey Poznyakoff <gray@gnu.org> | 2014-05-21 23:01:50 +0300 |
---|---|---|
committer | Sergey Poznyakoff <gray@gnu.org> | 2014-05-21 23:01:50 +0300 |
commit | d953e91e234f4237289367699f6a277554a789c5 (patch) | |
tree | 078ccd17ebc317fd167a856d0c0c5c8be68dd7bb | |
parent | 3e9c3f3c3b9edce9e3821f11be27350cae33b288 (diff) | |
download | pam-modules-d953e91e234f4237289367699f6a277554a789c5.tar.gz pam-modules-d953e91e234f4237289367699f6a277554a789c5.tar.bz2 |
Version 1.9release_1_9
* NEWS: Update version number.
* configure.ac: Likewise.
* doc/pam_ldaphome.8in: Reorder configuration statements.
* pamck/pamck.c: Update copyright years.
-rw-r--r-- | NEWS | 4 | ||||
-rw-r--r-- | configure.ac | 2 | ||||
-rw-r--r-- | doc/pam_ldaphome.8in | 116 | ||||
-rw-r--r-- | pamck/pamck.c | 2 |
4 files changed, 67 insertions, 57 deletions
@@ -5,7 +5,7 @@ See the end of file for copying conditions. | |||
5 | Please send pam-modules bug reports to <bug-pam-modules@gnu.org.ua> | 5 | Please send pam-modules bug reports to <bug-pam-modules@gnu.org.ua> |
6 | 6 | ||
7 | 7 | ||
8 | Version 1.8.93, (Git) | 8 | Version 1.9, 2014-05-21 |
9 | 9 | ||
10 | * New module pam_groupmember | 10 | * New module pam_groupmember |
11 | 11 | ||
@@ -168,7 +168,7 @@ Version 0.1 | |||
168 | ========================================================================= | 168 | ========================================================================= |
169 | Copyright information: | 169 | Copyright information: |
170 | 170 | ||
171 | Copyright (C) 2001, 2004-2005, 2007-2012 Sergey Poznyakoff | 171 | Copyright (C) 2001, 2004-2005, 2007-2014 Sergey Poznyakoff |
172 | 172 | ||
173 | Permission is granted to anyone to make or distribute verbatim copies | 173 | Permission is granted to anyone to make or distribute verbatim copies |
174 | of this document as received, in any medium, provided that the | 174 | of this document as received, in any medium, provided that the |
diff --git a/configure.ac b/configure.ac index 413dc80..c45e5fd 100644 --- a/configure.ac +++ b/configure.ac | |||
@@ -16,7 +16,7 @@ | |||
16 | 16 | ||
17 | AC_PREREQ(2.63) | 17 | AC_PREREQ(2.63) |
18 | 18 | ||
19 | AC_INIT(pam-modules, 1.8.93, bug-pam-modules@gnu.org.ua) | 19 | AC_INIT(pam-modules, 1.9, bug-pam-modules@gnu.org.ua) |
20 | AC_CONFIG_SRCDIR(pam_fshadow/pam_fshadow.c) | 20 | AC_CONFIG_SRCDIR(pam_fshadow/pam_fshadow.c) |
21 | AC_CONFIG_AUX_DIR([build-aux]) | 21 | AC_CONFIG_AUX_DIR([build-aux]) |
22 | AC_CONFIG_MACRO_DIR([m4]) | 22 | AC_CONFIG_MACRO_DIR([m4]) |
diff --git a/doc/pam_ldaphome.8in b/doc/pam_ldaphome.8in index 5150849..f40ee66 100644 --- a/doc/pam_ldaphome.8in +++ b/doc/pam_ldaphome.8in | |||
@@ -14,7 +14,7 @@ | |||
14 | .\" You should have received a copy of the GNU General Public License | 14 | .\" You should have received a copy of the GNU General Public License |
15 | .\" along with PAM-Modules. If not, see <http://www.gnu.org/licenses/>. | 15 | .\" along with PAM-Modules. If not, see <http://www.gnu.org/licenses/>. |
16 | .so config.so | 16 | .so config.so |
17 | .TH PAM_LDAPHOME 8 "May 19, 2014" "PAM-MODULES" "Pam-Modules User Reference" | 17 | .TH PAM_LDAPHOME 8 "May 21, 2014" "PAM-MODULES" "Pam-Modules User Reference" |
18 | .SH NAME | 18 | .SH NAME |
19 | pam_ldaphome \- create and populate user home directories | 19 | pam_ldaphome \- create and populate user home directories |
20 | .SH SYNOPSIS | 20 | .SH SYNOPSIS |
@@ -46,27 +46,7 @@ split across several physical lines of text by ending each line but | |||
46 | the last with a backslash character. | 46 | the last with a backslash character. |
47 | .PP | 47 | .PP |
48 | Available configuration directives are: | 48 | Available configuration directives are: |
49 | .TP | 49 | .SS LDAP Settings |
50 | .BI allow\-home\-dir " PATH" | ||
51 | Lists directories in which it is allowed to create home directories. | ||
52 | \fIPATH\fR is a list of directories separated by colons. The user's | ||
53 | home directory will be created only if the directory part of its name | ||
54 | is listed in \fIPATH\fR. | ||
55 | .TP | ||
56 | .BI skel " DIR" | ||
57 | Supplies the name of a \fIskeleton directory\fR. The contents of this | ||
58 | directory is copied to each newly created user home directory. The | ||
59 | file modes and permissions are retained. | ||
60 | .TP | ||
61 | .BI uri " ARG" | ||
62 | Sets the URI of the LDAP server to consult for the user profile. | ||
63 | .TP | ||
64 | .BI ldap\-version " NUM" | ||
65 | Sets the LDAP version to use. Valid arguments are | ||
66 | .B 2 | ||
67 | and | ||
68 | .B 3 | ||
69 | (the default). | ||
70 | .TP | 50 | .TP |
71 | .BI base " SEARCHBASE" | 51 | .BI base " SEARCHBASE" |
72 | Use \fISEARCHBASE\fR as starting point for searches. | 52 | Use \fISEARCHBASE\fR as starting point for searches. |
@@ -81,6 +61,21 @@ password for simple authentication. | |||
81 | .BI bindpwfile " FILE" | 61 | .BI bindpwfile " FILE" |
82 | Read password for simple authentication from \fIFILE\fR. | 62 | Read password for simple authentication from \fIFILE\fR. |
83 | .TP | 63 | .TP |
64 | .BI filter " EXPR" | ||
65 | Defines a LDAP filter expression which returns the user profile. The | ||
66 | \fIEXPR\fR should conform to the string representation for search | ||
67 | filters as defined in RFC 4515. | ||
68 | .TP | ||
69 | .BI ldap\-version " NUM" | ||
70 | Sets the LDAP version to use. Valid arguments are | ||
71 | .B 2 | ||
72 | and | ||
73 | .B 3 | ||
74 | (the default). | ||
75 | .TP | ||
76 | .BI pubkey\-attr " TEXT" | ||
77 | Defines the name of the attribute that keeps user's public SSH key. | ||
78 | .TP | ||
84 | .BI tls " VAL" | 79 | .BI tls " VAL" |
85 | Controls whether TLS is desired or required. If \fIVAL\fR is | 80 | Controls whether TLS is desired or required. If \fIVAL\fR is |
86 | \fBno\fR (the default), TLS will not be used. If it is \fByes\fR, | 81 | \fBno\fR (the default), TLS will not be used. If it is \fByes\fR, |
@@ -89,32 +84,15 @@ anyway if it fails. Finally, if \fIVAL\fR is the word \fBonly\fR, the | |||
89 | use of TLS becomes mandatory, and the module will not establish LDAP | 84 | use of TLS becomes mandatory, and the module will not establish LDAP |
90 | connection unless \fIStartTLS\fR succeeds. | 85 | connection unless \fIStartTLS\fR succeeds. |
91 | .TP | 86 | .TP |
92 | .BI min\-uid " N" | 87 | .BI uri " ARG" |
93 | Sets the minimal UID. For users with UIDs less than \fIN\fR, | 88 | Sets the URI of the LDAP server to consult for the user profile. |
94 | \fBpam_ldaphome\fR will return \fBPAM_SUCCESS\fR immediately. This | 89 | .SS Home directory creation |
95 | allows you to have a set of basic users whose credentials are kept in | ||
96 | the system database and who will not be disturbed by | ||
97 | \fBpam_ldaphome\fR. See also \fBmin\-gid\fR and \fBallow\-groups\fR. | ||
98 | .TP | ||
99 | .BI min\-gid " N" | ||
100 | Sets the minimal GID. For users with GIDs less than \fIN\fR, | ||
101 | the module will return \fBPAM_SUCCESS\fR immediately. | ||
102 | .TP | ||
103 | \fBallow\-groups\fR \fIGROUP\fR [\fIGROUP\fR...] | ||
104 | Only handle members of the listed groups. | ||
105 | .TP | ||
106 | .BI filter " EXPR" | ||
107 | Defines a LDAP filter expression which returns the user profile. The | ||
108 | \fIEXPR\fR should conform to the string representation for search | ||
109 | filters as defined in RFC 4515. | ||
110 | .TP | ||
111 | .BI import\-public\-keys " BOOL" | ||
112 | When set to \fBno\fR, disables importing public keys from LDAP. You | ||
113 | may wish to use this option if you are using \fBopenssh\fR 6.1 or | ||
114 | later with \fBldappubkey\fR as \fBAuthorizedKeysCommand\fR. | ||
115 | .TP | 90 | .TP |
116 | .BI pubkey\-attr " TEXT" | 91 | .BI allow\-home\-dir " PATH" |
117 | Defines the name of the attribute that keeps user's public SSH key. | 92 | Lists directories in which it is allowed to create home directories. |
93 | \fIPATH\fR is a list of directories separated by colons. The user's | ||
94 | home directory will be created only if the directory part of its name | ||
95 | is listed in \fIPATH\fR. | ||
118 | .TP | 96 | .TP |
119 | .BI copy\-buf\-size " N" | 97 | .BI copy\-buf\-size " N" |
120 | Sets the size of the buffer used to copy files from the skeleton | 98 | Sets the size of the buffer used to copy files from the skeleton |
@@ -123,8 +101,11 @@ directory to the newly created home. The default value is 16384 bytes. | |||
123 | .BI home\-dir\-mode " MODE" | 101 | .BI home\-dir\-mode " MODE" |
124 | Defines the file mode (octal) for creation of the user directories. | 102 | Defines the file mode (octal) for creation of the user directories. |
125 | .TP | 103 | .TP |
126 | .BI keyfile\-mode " MODE" | 104 | .BI skel " DIR" |
127 | Defines the file mode (octal) for creation of authorized keys files. | 105 | Supplies the name of a \fIskeleton directory\fR. The contents of this |
106 | directory is copied to each newly created user home directory. The | ||
107 | file modes and permissions are retained. | ||
108 | .SS Authorized keys file control | ||
128 | .TP | 109 | .TP |
129 | .BI authorized_keys " NAME" | 110 | .BI authorized_keys " NAME" |
130 | Sets the pathname (relative to the home directory) for the authorized | 111 | Sets the pathname (relative to the home directory) for the authorized |
@@ -134,6 +115,35 @@ operation, this value must be the same as the value of | |||
134 | .BR sshd_config (5). | 115 | .BR sshd_config (5). |
135 | Unless you change the latter, there's no need to edit it. | 116 | Unless you change the latter, there's no need to edit it. |
136 | .TP | 117 | .TP |
118 | .BI import\-public\-keys " BOOL" | ||
119 | When set to \fBno\fR, disables importing public keys from LDAP. You | ||
120 | may wish to use this option if you are using \fBopenssh\fR 6.2p1 or | ||
121 | later with \fBldappubkey\fR as \fBAuthorizedKeysCommand\fR. | ||
122 | .TP | ||
123 | .BI keyfile\-mode " MODE" | ||
124 | Defines the file mode (octal) for creation of authorized keys files. | ||
125 | .SS Access control | ||
126 | .TP | ||
127 | \fBallow\-groups\fR \fIGROUP\fR [\fIGROUP\fR...] | ||
128 | Only handle members of the listed groups. | ||
129 | .TP | ||
130 | .BI min\-gid " N" | ||
131 | Sets the minimal GID. For users with GIDs less than \fIN\fR, | ||
132 | the module will return \fBPAM_SUCCESS\fR immediately. | ||
133 | .TP | ||
134 | .BI min\-uid " N" | ||
135 | Sets the minimal UID. For users with UIDs less than \fIN\fR, | ||
136 | \fBpam_ldaphome\fR will return \fBPAM_SUCCESS\fR immediately. This | ||
137 | allows you to have a set of basic users whose credentials are kept in | ||
138 | the system database and who will not be disturbed by | ||
139 | \fBpam_ldaphome\fR. See also \fBmin\-gid\fR and \fBallow\-groups\fR. | ||
140 | .SS Initialization script support | ||
141 | .TP | ||
142 | .BI exec\-timeout " SECONDS" | ||
143 | Sets maximum time the \fBinitrc\-command\fR is allowed to run. If | ||
144 | it runs longer than \fISECONDS\fR, it will be terminated with a | ||
145 | \fBSIGKILL\fR, and the module will return \fBPAM_SYSTEM_ERR\fR. | ||
146 | .TP | ||
137 | .BI initrc\-command " COMMAND" | 147 | .BI initrc\-command " COMMAND" |
138 | Run \fICOMMAND\fR after populating the user home directory with | 148 | Run \fICOMMAND\fR after populating the user home directory with |
139 | files from the skeleton directory. The user login name is passed to | 149 | files from the skeleton directory. The user login name is passed to |
@@ -144,10 +154,6 @@ standard output is redirected to standard errror. | |||
144 | The command should exit with code 0 on success. If it exits with a | 154 | The command should exit with code 0 on success. If it exits with a |
145 | non-zero code, PAM_SYSTEM_ERR will be reported. | 155 | non-zero code, PAM_SYSTEM_ERR will be reported. |
146 | .TP | 156 | .TP |
147 | .BI initrc-log " FILE" | ||
148 | Redirects standard output and error from the | ||
149 | \fBinitrc\-command\fR to \fIFILE\fR. | ||
150 | .TP | ||
151 | \fBinitrc\-environ\fR \fIENV\fR ... | 157 | \fBinitrc\-environ\fR \fIENV\fR ... |
152 | Modifies the environment of \fBinitrc\-command\fR. | 158 | Modifies the environment of \fBinitrc\-command\fR. |
153 | 159 | ||
@@ -185,6 +191,10 @@ is removed from it before assignment. | |||
185 | .RE | 191 | .RE |
186 | The \fIVALUE\fR part can be enclosed in single or double quotes, in | 192 | The \fIVALUE\fR part can be enclosed in single or double quotes, in |
187 | which case the usual shell dequoting rules apply. | 193 | which case the usual shell dequoting rules apply. |