Package: libpam-heimdal Version: 3.15-2 Severity: wishlist Tags: patch Hi, attached patch adds support for automatic pam configuration via libpam-auth-update taken from libpam-krb5. Would be nice to have this applied since it eases pam configuration a lot. Cheers, -- Guido
-- System Information: Debian Release: squeeze/sid APT prefers unstable APT policy: (500, 'unstable'), (500, 'testing'), (500, 'stable'), (1, 'experimental') Architecture: i386 (i686) Kernel: Linux 2.6.31 (SMP w/2 CPU cores) Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash
>From c14c4eb9ba81423a3b8eee462517847cba861b90 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Guido=20G=C3=BCnther?= <[email protected]> Date: Sun, 18 Oct 2009 12:35:31 +0200 Subject: [PATCH] add pam-auth-update from libpam-krb5 --- debian/control | 2 +- debian/pam-auth-update | 20 ++++++++++++++++++++ debian/postinst | 6 ++++++ debian/prerm | 20 ++++++++++++++++++++ debian/rules | 4 ++++ 5 files changed, 51 insertions(+), 1 deletions(-) create mode 100644 debian/pam-auth-update create mode 100644 debian/postinst create mode 100644 debian/prerm diff --git a/debian/control b/debian/control index 8f37842..8b47d00 100644 --- a/debian/control +++ b/debian/control @@ -7,7 +7,7 @@ Build-Depends: debhelper (>= 5.0.2), heimdal-dev (>= 0.3e), libpam0g-dev, quilt Package: libpam-heimdal Architecture: any -Depends: ${shlibs:Depends} +Depends: ${shlibs:Depends}, ${misc:Depends}, libpam-runtime (>= 1.0.1-6~) Conflicts: libpam-krb5 Description: PAM module for Heimdal Kerberos 5 A Kerberos PAM module for use with Heimdal Kerberos 5. This diff --git a/debian/pam-auth-update b/debian/pam-auth-update new file mode 100644 index 0000000..f6a0d3a --- /dev/null +++ b/debian/pam-auth-update @@ -0,0 +1,20 @@ +Name: Heimdal Kerberos authentication +Default: yes +Priority: 704 +Conflicts: krb5-openafs +Auth-Type: Primary +Auth: + [success=end default=ignore] pam_krb5.so minimum_uid=1000 try_first_pass +Auth-Initial: + [success=end default=ignore] pam_krb5.so minimum_uid=1000 +Account-Type: Additional +Account: + required pam_krb5.so minimum_uid=1000 +Password-Type: Primary +Password: + requisite pam_krb5.so minimum_uid=1000 use_authtok +Password-Initial: + requisite pam_krb5.so minimum_uid=1000 +Session-Type: Additional +Session: + optional pam_krb5.so minimum_uid=1000 diff --git a/debian/postinst b/debian/postinst new file mode 100644 index 0000000..3e5c17c --- /dev/null +++ b/debian/postinst @@ -0,0 +1,6 @@ +#!/bin/sh + +set -e +pam-auth-update --package + +#DEBHELPER# diff --git a/debian/prerm b/debian/prerm new file mode 100644 index 0000000..177e364 --- /dev/null +++ b/debian/prerm @@ -0,0 +1,20 @@ +#!/bin/sh + +set -e + +# pam-auth-update --remove removes the named profile from the active config. +# It arguably should be called during deconfigure as well, but deconfigure +# can happen in some cases during a dist-upgrade and we don't want to +# deconfigure all PAM modules in the middle of a dist-upgrade by accident. +# +# More importantly, with the current implementation, --remove also removes +# all local preferences for the named config (such as whether it's enabled +# or disabled), which we don't want to do on deconfigure. +# +# This may need to change later as pam-auth-update evolves. + +if [ "$1" = "remove" ] ; then + pam-auth-update --package --remove heimdal +fi + +#DEBHELPER# diff --git a/debian/rules b/debian/rules index 616fa34..daf1e55 100755 --- a/debian/rules +++ b/debian/rules @@ -61,6 +61,10 @@ install: build # Add here commands to install the package into debian/tmp. dh_install + install -d debian/libpam-heimdal/usr/share/pam-configs + install -m 644 debian/pam-auth-update \ + debian/libpam-heimdal/usr/share/pam-configs/heimdal + # Build architecture-independent files here. binary-indep: build install -- 1.6.5
