PAM Kerberos and ADS for Slackware-current - Call for testing
SlackwareThis Forum is for the discussion of Slackware Linux.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Thu Sep 18 16:24:55 EDT 2014 (vbatts)
* including fresh package builds for x86_64
Sat Jul 26 17:41:01 CDT 2014 (rworkman)
* updated most everything to -current versions (with some newer)
* updated the new stuff to latest upstream versions
Timeline:
Started circa the release of Slackware-14.2
was the hackings on Linux-PAM integreation to Slackware Linux.
To date it has just keep up with the -current development branch.
Overview:
This is the addition of two packages (pam, cracklib), and the rebuild of a series of packages, to overhaul the authentication in Slackware Linux, using Linux-PAM
It looks like Vincent Batts and Robby Workman are testing the integration of Linux Pam for the next slackware release.
I think this a good news. It will greatly ease the integration of Kerberos/LDAP authentication in slackware.
Last edited by Bourdieu; 10-08-2014 at 05:25 AM.
Reason: Mistake about the authors of thoses changes
It looks like Vincent Batts and Robby Workman are testing the integration of Linux Pam for the next slackware release.
I think this a good news. It will greatly ease the integration of Kerberos/LDAP authentication in slackware.
Yeah, hope we'll see something in the ChangeLog.
Service configs in /etc/pam.d need a lot of testing and customization. And for now Batts and Workman's configs look plain vanilla. So I am pretty sure there will be no PAM in 14.2. Lets hope for 15.
That said I uploaded several PAM enabled slackbuilds for those willing to tweak service configs.
Tested cups, vsftpd, at, cron(dcron has no PAM support so I replaced it with cronie from SBo).
Will test openvpn at some point.
Not sure about ipopd, imapd. Is there somebody who still uses wu-imap.
Added cracklib. Kerberos has his own passord policy. So it's your choice.
Added slackbuilds for xdm xlockmore screen.
Changed PAM slackbuild to make unix_chkpwd sgid shadow. That makes xlock and screen C+a x work. No need for sgid shadow for xlock.
Added PASSWDTYPE=pam to alpine slackbuild to make imapd and ipop3d actually use PAM. Works fine.
Replaced sendmail. I prefer killing brain cells with a glass of wine than reading sendmail.cf. Exim is in SBo and I changed the slackbuild to use PAM. Put a reasonable default config, relay on auth over tls only. Works fine with PAM+LDAP.
I think I'll stop here. There are some 30 slackbuilds that provide a complete PAM, LDAP, Kerberos, NFS4, ADS support. If some work on PAM is going on at slackware.com I think my little project will be helpful. For me the advantages of having these technologies in Slackware are more than obvious.
Anyway, lets look at the Slackware's mail subsystem. Sendmail uses procmail as LDA. Procmail supports mbox and maildir. UW-IMAP supports mbox mbx and mix. It has tmail and dmail to support delivery in mbx/mix but both are not shipped by default ?!?. So we are left with the old flat file mbox. IMO nowadays mbox is only suitable for collecting mails from failed cron jobs.
At least exim supports mbx and has a human readable config. I am doing my best to keep compatible, but in it's present state Slackware's mail subsystem is not suitable for more than several dozen users setup.
At least exim supports mbx and has a human readable config. I am doing my best to keep compatible, but in it's present state Slackware's mail subsystem is not suitable for more than several dozen users setup.
The recent discussion about PAM revived my interest in this project. So I did a clean install of the current (skipped only KDE) and pamified it. Did some cleanup and recompiled more stuff that uses pam or kerberos. The process went flawlessly. XFCE, xdm, xlock, network-manager, Console-kit, polkit ... work as expected. The default authentication method is pam_unix (shadow) so nothing changes for the user
The number of packages that have to be recompiled is considerable and growing. I think we are close to 14.2 release so my intention is to maintain this stuff until the the start of the next development cycle. If Pat considers PAM for Slackware 15 this project is a good starting point.
I just read this on his twitter, dunno really if related (hashbangbash.com is his own domain/homepage): I suppose you can try pinging him on freenode or write a message (as written here).
If anybody needs something from that repository, here is a mirror (updated at the beginning of october).
Nice work ivandi! You probably should add package kmod to the list. Kmod does have a tool that uses PAM if available.
If you redo any Slackbuilds for SBo, it might be useful to name them with the *-pam.SlackBuild schema. Most likely several Slackbuild scripts will need PAM enabling modifications.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.