Changeset 22761

Show
Ignore:
Timestamp:
02/18/08 03:17:51 (2 years ago)
Author:
andersk
Message:

Explicitly allow root and (on Ubuntu) admin in addition to
nss-local-users.

Location:
trunk/debathena/config/pam-config/debian
Files:
4 modified

Legend:

Unmodified
Added
Removed

  • trunk/debathena/config/pam-config/debian/access.conf.append

    r22731 r22761  
    11 
    22#DEBATHENA BEGIN 
     3 
    34#DEBATHENA EXAMPLES 
    45## Only root and tabbott can log in. 
     
    89## Only root and users in group gsipb can log in. 
    910#-:ALL EXCEPT root gsipb:ALL 
    10 # Note that you can use Moira NFS groups here 
    11 # See http://debathena.mit.edu/access-controls for details 
     11# Note that you can use Moira NFS groups here. 
     12# See <http://debathena.mit.edu/access-controls> for details. 
    1213 
    13 # DEFAULT only allow remote access for users who have local accounts 
     14# DEFAULT: Only allow remote access for users who have local accounts 
    1415# on the machine (i.e. are in /etc/passwd).  Allow all other users to 
    1516# login only locally. 
    1617 
    17 +:nss-local-users:ALL 
    18 -:ALL:ALL EXCEPT LOCAL 
     18-:ALL EXCEPT root admin nss-local-users:ALL EXCEPT LOCAL 
     19 
    1920#DEBATHENA END 

  • trunk/debathena/config/pam-config/debian/control

    r22718 r22761  
    33Priority: extra 
    44Maintainer: Debian-Athena Project <debathena@mit.edu> 
    5 Build-Depends: cdbs (>= 0.4.23-1.1), debhelper (>= 4.2.0), debathena-config-build-common (>= 3.5~), debathena-config-build-common, libpam-runtime, gdm, debathena-ssh-server 
     5Build-Depends: cdbs (>= 0.4.23-1.1), debhelper (>= 4.2.0), debathena-config-build-common (>= 3.5~), debathena-config-build-common, libpam-runtime, gdm, debathena-ssh-server, lsb-release 
    66Standards-Version: 3.7.2 
    77 

  • trunk/debathena/config/pam-config/debian/control.in

    r22718 r22761  
    33Priority: extra 
    44Maintainer: Debian-Athena Project <debathena@mit.edu> 
    5 Build-Depends: @cdbs@, libpam-runtime, gdm, debathena-ssh-server 
     5Build-Depends: @cdbs@, libpam-runtime, gdm, debathena-ssh-server, lsb-release 
    66Standards-Version: 3.7.2 
    77 

  • trunk/debathena/config/pam-config/debian/rules

    r22731 r22761  
    3434 
    3535debian/ssh.debathena: $(call debathena_check_conffiles,/etc/pam.d/ssh) 
    36         perl -0pe '(s/^\#[\t ]+(account[ \t]+required[ \t]+pam_access.so)/$$1/m or s/^(?=\@include[ \t]+common-account)/account    required     pam_access.so\n/m) and s/^(\@include[ \t]+common-session)/$$1\nsession\toptional\tpam_mktemp.so var=XAUTHORITY prefix=\/var\/run\/athena-sessions\/xauth/m or die' $< > $@ 
     36        perl -0pe '(s/^\#[\t ]+(account[ \t]+required[ \t]+pam_access.so)/$$1/m or s/^(?=\@include[ \t]+common-account)/account    required     pam_access.so\n/m) and s/^(\@include[ \t]+common-session)/$$1\nsession    optional     pam_mktemp.so var=XAUTHORITY prefix=\/var\/run\/athena-sessions\/xauth/m or die' $< > $@ 
    3737 
    3838debian/login.debathena: $(call debathena_check_conffiles,/etc/pam.d/login) 
    3939        perl -0pe 's/^\#[\t ]+(account[ \t]+required[ \t]+pam_access.so)/$$1/m or die' $< > $@ 
    4040 
     41LSB_ID = $(shell lsb_release --short --id) 
    4142debian/access.conf.debathena: $(call debathena_check_conffiles,/etc/security/access.conf) 
     43ifeq ($(LSB_ID), Debian) 
     44        (cat $<; sed 's/root admin /root /' debian/access.conf.append) > $@ 
     45else 
     46    ifeq ($(LSB_ID), Ubuntu) 
    4247        cat $< debian/access.conf.append > $@ 
     48    else 
     49        $(error Unrecognized distribution ID $(LSB_ID).) 
     50    endif 
     51endif 
    4352 
    4453clean::