PAM Integration: Difference between revisions

For Yocto 1.1 we are working to ensure that PAM (Pluggable Authentication Module) support is consistent and enabled in recipes where it is applicable.

Recipes with PAM support

The following recipes were identified to have PAM support (some already implemented) on 2011-06-27:

• at

• consolekit

• cronie

• cups

• dropbear

• gnome-keyring

• libcap

• libuser

• mc

• openssh
  • Absent configuration /etc/pam.d/sshd, we need to add patches. After adding this file, it can supprot pam function through simple test.
• polkit

• screen

• shadow

• sudo

• util-linux

Note also:

• The busybox box login has a option to use pam, but we use tinylogin's login right now (tinylogin also provides the su command)
• gettext has a example file use pam in source code, I think it is just a example and don't need care
• sysvinit has a patch contrib/notify-pam-dead.patch for /sbin/init to use pam , and it doesn't patched right now. And the package doesn't provide pam related configure option either.
• In xserver-xf86-lite source code subdir os/utils checks #ifdef USE_PAM but there are no configure-time options for PAM.

Identify upstream PAM patches to use

After checking the Fedora develop repository, the following packages may need patches

• libpam: need update from current 1.1.3 to 1.1.4
• screen: need update from current 4.0.3 to 4.1.0, check Fedora screen.pam
• util-linux: check Fedora source file util-linux-remote.pamd
• at: check Fedora util-linux-remote.pamd
• cups: check Fedora cups-1.1.16-system-auth.patch
• openssh: check Fedora sshd.pam

PAM Unit Tests

Use source code directory Linux-PAM-1.1.3/xtests to run unit test. 15 of 28 failed, need to fix them.

• tst-pam_access1
• tst-pam_access2
• tst-pam_access3
• tst-pam_access4
• tst-pam_authsucceed
• tst-pam_cracklib1
• tst-pam_cracklib2
• tst-pam_dispatch1
• tst-pam_dispatch2
• tst-pam_dispatch3
• tst-pam_dispatch4
• tst-pam_pwhistory1
• tst-pam_substack2
• tst-pam_succeed_if1
• tst-pam_time1