The day Slackware meets PAM: Wed Feb 12 05:05:50 UTC 2020
SlackwareThis Forum is for the discussion of Slackware Linux.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Hey folks! PAM has finally landed in /testing. Some here wanted it to go
right into the main tree immediately, and in a more normal development cycle
I'd have been inclined to agree (it is -current, after all).
And there's more to come... Xfce 4.14 and Plasma 5.18 LTS. AlienBob should be super happy! Well deserved indeed.
So, how many of you are happy? How many of you are sad? How many of you are trolls?
I'm happy.
EDIT: that changelog time can't be just coincidence.
And thanks as well to ivandi - I learned a lot from the SlackMATE build
scripts and was even occasionally thankful for the amusing ways you would
kick my ass on LQ. ;-) You're more than welcome to let us know where we've
messed up this time.
I think it's worth to quote Pat's message entirely.
Quote:
Originally Posted by Patrick Volkerding
Wed Feb 12 05:05:50 UTC 2020
Hey folks! PAM has finally landed in /testing. Some here wanted it to go
right into the main tree immediately, and in a more normal development cycle
I'd have been inclined to agree (it is -current, after all). But it's
probably better for it to appear in /testing first, to make sure we didn't
miss any bugs and also to serve as a warning shot that we'll be shaking up
the tree pretty good over the next few weeks. I'd like to see this merged
into the main tree in a day or two, so any testing is greatly appreciated.
Switching to the PAM packages (or reverting from them) is as easy as
installing all of them with upgradepkg --install-new, and if reverting then
remove the three leftover _pam packages. After reverting, a bit of residue
will remain in /etc/pam.d/ and /etc/security/ which can either be manually
deleted or simply ignored. While there are many more features available in
PAM compared with plain shadow, out of the box about the only noticable
change is the use of cracklib and libpwquality to check the quality of a
user-supplied password. Hopefully having PAM and krb5 will get us on track
to having proper Active Directory integration as well as using code paths
that are likely better audited these days. The attack surface *might* be
bigger, but it's also a lot better scrutinized.
Thanks to Robby Workman and Vincent Batts who did most of the initial heavy
lifting on the core PAM packages as a side project for many years. Thanks
also to Phantom X whose PAM related SlackBuilds were a valuable reference.
And thanks as well to ivandi - I learned a lot from the SlackMATE build
scripts and was even occasionally thankful for the amusing ways you would
kick my ass on LQ. ;-) You're more than welcome to let us know where we've
messed up this time.
The binutils and glibc packages in /testing were removed and are off the
table for now. I'm not seeing much upside to heading down that rabbit hole
at the moment. Next we need to be looking at Xfce 4.14 and Plasma 5.18 LTS
and some other things that have been held back since KDE4 couldn't use them.
Cheers! :-)
The bottom of this document needs addressing/revising/amending?
Code:
The ISOs are off to be replicated, a 6 CD-ROM 32-bit set and a dual-sided
32-bit/64-bit x86/x86_64 DVD. Please consider supporting the Slackware
project by picking up a copy from store.slackware.com. We're taking
pre-orders now, and offer a discount if you sign up for a subscription.
Just installed them all. Nothing obvious broke here.
It's nice having /etc/environment supported natively from xdm without having to hack it into /etc/X11/xdm/Xsession like I have been doing until now, but other than that I don't really care about PAM one way or the other. Having said that I think it's a welcome change. Thanks Pat.
P.S. Unless, I'm misremembering it, xdm seems to only display the password prompt after you've entered a username, whereas before PAM it showed both prompt fields from the start. I think I prefer the old way (I was used to pressing <tab> to move between fields: old 3270 user!), but I guess I'll get used to it... eventually
Adding the following to the /etc/X11/xdm/Xresources xlogin*login.translations entry helps if you're having trouble overcoming the the muscle memory:
I wonder if there is a way to install the packages from testing using slackpkg. I have already tried slackpkg install testing/* without success.
To switch to PAM packages using slackpkg, you need to edit /etc/slackpkg/slackpkg.conf, then replace the line :
Code:
PRIORITY=( patches %PKGMAIN extra pasture testing )
with :
Code:
PRIORITY=( testing patches %PKGMAIN extra pasture )
Then, simply run slackpkg upgrade-all :
Code:
$ slackpkg -dialog=off upgrade-all
Checking local integrity...DONE
Looking for packages to upgrade. Please wait...DONE
ConsoleKit2-1.2.1-x86_64-1_pam.txz
at-3.2.1-x86_64-1_pam.txz
cifs-utils-6.10-x86_64-2_pam.txz
cups-2.3.1-x86_64-1_pam.txz
cyrus-sasl-2.1.27-x86_64-2_pam.txz
dovecot-2.3.9.2-x86_64-1_pam.txz
gnome-keyring-3.34.0-x86_64-1_pam.txz
hplip-3.19.12-x86_64-2_pam.txz
libcap-2.31-x86_64-1_pam.txz
libcgroup-0.41-x86_64-5_pam.txz
mariadb-10.4.12-x86_64-1_pam.txz
netatalk-3.1.12-x86_64-2_pam.txz
netkit-rsh-0.17-x86_64-2_pam.txz
openssh-8.1p1-x86_64-1_pam.txz
openvpn-2.4.8-x86_64-1_pam.txz
polkit-0.116-x86_64-1_pam.txz
popa3d-1.0.3-x86_64-3_pam.txz
ppp-2.4.7-x86_64-3_pam.txz
proftpd-1.3.6b-x86_64-1_pam.txz
samba-4.11.6-x86_64-1_pam.txz
screen-4.8.0-x86_64-1_pam.txz
shadow-4.8.1-x86_64-2_pam.txz
sudo-1.8.31-x86_64-1_pam.txz
system-config-printer-1.5.12-x86_64-2_pam.txz
util-linux-2.35.1-x86_64-1_pam.txz
vsftpd-3.0.3-x86_64-5_pam.txz
xdm-1.1.11-x86_64-9_pam.txz
xlockmore-5.62-x86_64-1_pam.txz
xscreensaver-5.43-x86_64-1_pam.txz
Total package(s): 29
Do you wish to upgrade selected packages (Y/n)?
To go back to original packages, change the line PRIORITY= in slackpkg.conf to its original value, then run slackpkg upgrade-all.
Note that you'll need to install the new packages (cracklib,libpwquality,pam) manually since packages in testing are not supported by command "install-new". (This would requires to modify /usr/libexec/slackpkg/install-new.awk).
--
SeB
Last edited by phenixia2003; 02-12-2020 at 01:03 PM.
Reason: wrong location of install-new.awk
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.