# Tanım: The Shadow package contains programs for handling passwords in a secure way. # URL: http://shadow.pld.org.pl/ # Paketçi: milisarge # Gerekler: name=shadow version=4.2.1 release=1 source=( http://pkg-shadow.alioth.debian.org/releases/shadow-$version.tar.xz) build() { cd shadow-$version sed -i 's/groups$(EXEEXT) //' src/Makefile.in find man -name Makefile.in -exec sed -i 's/groups\.1 / /' {} \; sed -i -e 's@#ENCRYPT_METHOD DES@ENCRYPT_METHOD SHA512@' \ -e 's@/var/spool/mail@/var/mail@' etc/login.defs sed -i 's/1000/999/' etc/useradd ./configure --sysconfdir=/etc make make DESTDIR=$PKG install sed -i 's/yes/no/' $PKG/etc/default/useradd sed -i 's/GROUP/# GROUP/' $PKG/etc/default/useradd mv -v $PKG/usr/bin/* $PKG/bin mv -v $PKG/usr/sbin/* $PKG/sbin # # Following sed comment appropriate lines in etc/login.defs, and stop login # from performing these functions. First backup the etc/login.defs install -v -m644 $PKG/etc/login.defs{,.orig} for FUNCTION in FAIL_DELAY FAILLOG_ENAB \ LASTLOG_ENAB \ MAIL_CHECK_ENAB \ OBSCURE_CHECKS_ENAB \ PORTTIME_CHECKS_ENAB \ QUOTAS_ENAB \ CONSOLE MOTD_FILE \ FTMP_FILE NOLOGINS_FILE \ ENV_HZ PASS_MIN_LEN \ SU_WHEEL_ONLY \ CRACKLIB_DICTPATH \ PASS_CHANGE_TRIES \ PASS_ALWAYS_WARN \ CHFN_AUTH ENCRYPT_METHOD \ ENVIRON_FILE do sed -i "s/^${FUNCTION}/# &/" $PKG/etc/login.defs done # # Configuration files for pam mkdir -p $PKG/etc/pam.d cat > $PKG/etc/pam.d/system-account << "EOF" # Begin /etc/pam.d/system-account account required pam_unix.so # End /etc/pam.d/system-account EOF cat > $PKG/etc/pam.d/system-auth << "EOF" # Begin /etc/pam.d/system-auth auth required pam_unix.so # End /etc/pam.d/system-auth EOF cat > $PKG/etc/pam.d/system-password << "EOF" # Begin /etc/pam.d/system-password # use sha512 hash for encryption, use shadow, and try to use any previously # defined authentication token (chosen password) set by any prior module password required pam_pwhistory.so retry=3 password required pam_unix.so sha512 shadow try_first_pass # End /etc/pam.d/system-password EOF cat > $PKG/etc/pam.d/system-session << "EOF" # Begin /etc/pam.d/system-session session required pam_unix.so session optional pam_loginuid.so session optional pam_ck_connector.so nox11 # End /etc/pam.d/system-session EOF cat > $PKG/etc/pam.d/login << "EOF" # Begin /etc/pam.d/login # Set failure delay before next prompt to 3 seconds auth optional pam_faildelay.so delay=3000000 # Check to make sure that the user is allowed to login auth requisite pam_nologin.so # Check to make sure that root is allowed to login # Disabled by default. You will need to create /etc/securetty # file for this module to function. See man 5 securetty. #auth required pam_securetty.so # Additional group memberships - disabled by default #auth optional pam_group.so # include the default auth settings auth include system-auth # check access for the user account required pam_access.so # include the default account settings account include system-account # Set default environment variables for the user session required pam_env.so # Set resource limits for the user session required pam_limits.so # Display date of last login - Disabled by default #session optional pam_lastlog.so # Display the message of the day - Disabled by default #session optional pam_motd.so # Check user's mail - Disabled by default #session optional pam_mail.so standard quiet # include the default session and password settings session include system-session password include system-password # End /etc/pam.d/login EOF cat > $PKG/etc/pam.d/passwd << "EOF" # Begin /etc/pam.d/passwd password include system-password # End /etc/pam.d/passwd EOF cat > $PKG/etc/pam.d/su << "EOF" # Begin /etc/pam.d/su # always allow root auth sufficient pam_rootok.so auth include system-auth # include the default account settings account include system-account # Set default environment variables for the service user session required pam_env.so # include system session defaults session include system-session # End /etc/pam.d/su EOF cat > $PKG/etc/pam.d/chage << "EOF" #Begin /etc/pam.d/chage # always allow root auth sufficient pam_rootok.so # include system defaults for auth account and session auth include system-auth account include system-account session include system-session # Always permit for authentication updates password required pam_permit.so # End /etc/pam.d/chage EOF for PROGRAM in chfn chgpasswd chpasswd chsh groupadd groupdel \ groupmems groupmod newusers useradd userdel usermod do install -v -m644 $PKG/etc/pam.d/chage $PKG/etc/pam.d/${PROGRAM} sed -i "s/chage/$PROGRAM/" $PKG/etc/pam.d/${PROGRAM} done # Backup others [ -f $PKG/pam.d/other ] && install -v -m644 $PKG/etc/pam.d/other{,.orig} # Other # cat > $PKG/etc/pam.d/other << "EOF" # Begin /etc/pam.d/other auth required pam_warn.so auth required pam_deny.so account required pam_warn.so account required pam_deny.so password required pam_warn.so password required pam_deny.so session required pam_warn.so session required pam_deny.so # End /etc/pam.d/other EOF # Replace the login and ressource limits file if [ -f $PKG/etc/login.access ]; then mv -v $PKG/etc/login.access{,.NOUSE} fi if [ -f $PKG/etc/limits ]; then mv -v $PKG/etc/limits{,.NOUSE} fi rm $PKG/usr/share/man/man8/nologin.8 rm $PKG/sbin/nologin }