i.pamconf revision 7c478bd95313f5f23a4c958a745db2134aa03244
#
# CDDL HEADER START
#
# The contents of this file are subject to the terms of the
# Common Development and Distribution License, Version 1.0 only
# (the "License"). You may not use this file except in compliance
# with the License.
#
# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
# See the License for the specific language governing permissions
# and limitations under the License.
#
# When distributing Covered Code, include this CDDL HEADER in each
# file and include the License file at usr/src/OPENSOLARIS.LICENSE.
# If applicable, add the following below this CDDL HEADER, with the
# fields enclosed by brackets "[]" replaced with your own identifying
# information: Portions Copyright [yyyy] [name of copyright owner]
#
# CDDL HEADER END
#
#
#ident "%Z%%M% %I% %E% SMI"
#
# Copyright 2004 Sun Microsystems, Inc. All rights reserved.
# Use is subject to license terms.
#
COMMENT_PREFIX="#"
export PATH
if [ -f $KRB5_CONF_FILE ]; then
if [ $? = 1 ]; then
fi
fi
}
#
# No comments or blanks lines allowed in entries below
#
cat > ${KERB_ENTRIES} << EOF
krlogin auth required pam_unix_cred.so.1
krlogin auth binding pam_krb5.so.1
krlogin auth required pam_unix_auth.so.1
krsh auth required pam_unix_cred.so.1
krsh auth binding pam_krb5.so.1
krsh auth required pam_unix_auth.so.1
ktelnet auth required pam_unix_cred.so.1
ktelnet auth binding pam_krb5.so.1
ktelnet auth required pam_unix_auth.so.1
EOF
}
#
# No comments or blanks lines allowed in entries below
#
cat > ${PPP_ENTRIES} << EOF
ppp auth requisite pam_authtok_get.so.1
ppp auth required pam_dhkeys.so.1
ppp auth required pam_unix_cred.so.1
ppp auth required pam_unix_auth.so.1
ppp auth required pam_dial_auth.so.1
EOF
}
#
# No comments or blanks lines allowed in entries below
#
cat > ${CRON_ENTRIES} << EOF
cron account required pam_unix_account.so.1
EOF
}
#
do
if [ ! -f $dest ] ; then
else
echo "${dest} default entries updated, \c" \
>> ${CLEANUP_FILE}
>> ${CLEANUP_FILE}
#
#Update pam.conf with relative pathname
#
fi
fi
#
# Update pam.conf with entries for PAM modules pam_authtok_get,
# pam_authtok_check, pam_authtok_store, pam_unix_auth, pam_unix_account,
# pam_unix_cred, pam_unix_session, pam_dhkeys and pam_passwd_auth
#
echo "${dest} updating pam_unix with default PAM entries \c" \
>> ${CLEANUP_FILE}
>> ${CLEANUP_FILE}
nawk '/^#/ { print; next } \
$4 ~ /pam_unix.so/ && $2 == "auth" { \
print $1 "\t" $2 " " "requisite\t\t" \
"pam_authtok_get.so.1"; \
print $1 "\t" $2 " " $3 "\t\t" \
"pam_dhkeys.so.1"; \
print $1 "\t" $2 " " $3 "\t\t" \
"pam_unix_cred.so.1"; \
print $1 "\t" $2 " " $3 "\t\t" \
"pam_unix_auth.so.1"; \
next \
} \
$4 ~ /pam_passwd_auth.so.1/ && $2 == "auth" { \
if ($1 == "passwd") \
passwd_seen = 1;\
}\
$4 ~ /pam_rhosts_auth/ && $1 == "rsh" && $3 == "required" { \
print $1 "\t" $2 " " "sufficient\t\t" $4; \
print $1 "\t" $2 " " "required\t\t" "pam_unix_cred.so.1"; \
next \
}\
$4 ~ /pam_unix_cred/ && $3 == "required" { \
cred_seen = 1;\
print; \
next \
}\
$4 ~ /pam_unix_auth/ && $1 == "rsh" && $3 == "required" { \
if (cred_seen == 0) { \
print $1 "\t" $2 " " "required\t\t" \
"pam_unix_cred.so.1"; \
} \
next \
} \
$4 ~ /pam_unix_auth/ && $3 == "required" { \
if (cred_seen == 0) { \
print $1 "\t" $2 " " "required\t\t" \
"pam_unix_cred.so.1"; \
} \
print ; \
next \
}\
END {
if (passwd_seen == 0) { \
print "passwd" "\t" "auth required\t\t" \
"pam_passwd_auth.so.1"; \
} \
} \
$4 ~ /pam_unix.so/ && $2 == "account" { \
print $1 "\t" $2 " " $3 "\t\t" \
"pam_unix_account.so.1"; \
next \
} \
$4 ~ /pam_unix.so/ && $2 == "session" { \
print $1 "\t" $2 " " $3 "\t\t" \
"pam_unix_session.so.1"; \
next \
} \
$4 ~ /pam_unix.so/ && $2 == "password" { \
print $1 "\t" $2 " " $3 "\t\t" \
"pam_dhkeys.so.1"; \
print $1 "\t" $2 " " "requisite\t\t" \
"pam_authtok_get.so.1"; \
print $1 "\t" $2 " " "requisite\t\t" \
"pam_authtok_check.so.1"; \
print $1 "\t" $2 " " $3 "\t\t" \
"pam_authtok_store.so.1"; \
next \
} \
#
#update pam.conf with entries for roles
#
if [ $? = 1 ] ; then
echo "${dest} updating default entries for roles, \c" \
>> ${CLEANUP_FILE}
>> ${CLEANUP_FILE}
nawk '/^#/ { print; next } \
$4 ~ /pam_role_auth/ { next } \
$2 == "account" && $4 ~ /pam_unix/ { \
print $1 "\t" $2 " requisite\t\t" \
"pam_roles.so.1"; \
print; \
next \
} \
fi
#
#update pam.conf with entries for projects
#
if [ $? = 0 ] ; then
echo "${dest} removing pam_project.so" >> ${CLEANUP_FILE}
fi
#
# update pam.conf to append PPP entries if not already present
# (note: default list above already has role added, so we
# must do this after the upgrade above has run.)
#
do
# See if the entry already exists
grep \
if [ $? = 1 ] ; then
# Doesn't exist, enter into pam.conf
fi
done < ${PPP_ENTRIES}
# Append PPP lines if any were not present already.
echo "${dest} updating entries for PPP; \c" \
>> ${CLEANUP_FILE}
>> ${CLEANUP_FILE}
fi
#
# update pam.conf to append cron entries if not already present
# (note: the kerberos default list above already has the cron entried added.)
#
do
# See if the entry already exists
grep \
if [ $? = 1 ] ; then
# Doesn't exist, enter into pam.conf
fi
done < ${CRON_ENTRIES}
# Append cron lines if any were not present already.
echo "${dest} updating entries for cron, \c" \
>> ${CLEANUP_FILE}
>> ${CLEANUP_FILE}
fi
#
# update pam.conf to append kerberos entries if not already present
#
cat ${KERB_ENTRIES} |
do
# See if the entry already exists
grep \
if [ $? = 1 ] ; then
# Check if service name is 'dtlogin' and it is
# mentioned explicitly, then add kerberos 'dtlogin'
fi
else
# Doesn't exist, enter into pam.conf
fi
fi
done)
# Append kerberos lines if any were not present already.
echo "${dest} updating entries to add kerberos, \c" \
>> ${CLEANUP_FILE}
>> ${CLEANUP_FILE}
fi
#
# due to the change in pam_ldap functionalty.
#
if [ $? = 0 ] ; then
>> ${CLEANUP_FILE}
echo "because its functionality has changed, \c" \
>> ${CLEANUP_FILE}
echo "refer to pam_ldap(5) documentation for more information" \
>> ${CLEANUP_FILE}
fi
#
fi
done
#
exit 0