pam_stack patch for pam-1.1.3


Ever since the invention in 2004 by Nalin Dahyabhai and its roll-out in 2005 by Thorsten Kukuk countless eyes were drawn from the rest of the Unix world, in how Linux did its PAM in practice. They seem to have been happily surprised with PAM on Linux. A well known SCO Consultant wrote a special web-page with a introductory course in PAM : http://aplawrence.com/Basics/understandingpam.html Other - more in depth - analysts decided to start authoring books like :

Mechanics of User Identification and Authentication: Fundamentals of Identity Management by Dobromir Todorov Hardcover: 760 pages Publisher: Auerbach Publications; 1 edition (June 18, 2007) Language: English ISBN-10: 1420052195 ISBN-13: 978-1420052190 http://www.amazon.com/Mechanics-User-Identification-Authentication-Fundamentals/dp/1420052195/

which did not forget to mention and give a full treatise on PAM allways featuring of course the pam_stack.so version. In addition several third party applications were rolled out on Linux, sometimes binary only, but all relied for their authentication on PAM with pam_stack.so inside its authentication configuration. With this patch at least a lot of documentation starts to make sense again, which can be of great relief when trying to lock your back- or frontdoor in a hurry.


From stock@stokkie.net Sun Jul 12 14:28:42 2015 +0200
Date: Sun, 12 Jul 2015 14:28:41 +0200 (CEST)
From: "Robert M. Stockmann" 
To: lwn@lwn.net
cc: Thorsten Kukuk 
Subject: pam_stack patch for pam-1.1.3 
Message-ID: 
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Status: RO
X-Status: 
X-Keywords:                 


In Oct 2005 tmraz from RedHat decided that pam_stack.so was deprecated :
http://www.redhat.com/archives/rhl-devel-list/2005-October/msg00050.html

    Linux-PAM 0.78 and later contains include directive which obsoletes
    using the pam_stack module. This module is rather a hack as it requires
    access to pam library internals for its operation and will never be
    accepted to upstream.

What the engineer never realized was that redhat with its pam and pam_stack.so
has become the upstream. So i decided to rol the pam_stack module back into
pam-1.1.3-4.src.rpm (mandriva 2011) using a patch . Downloads are at :

ftp://ftp.crashrecovery.org/pub/linux/pam/RPMS/mdv2011/

total 2456
-rw-r--r--  1 root root  162059 Jul  2 00:15 lib64pam0-1.1.3-7-mdv2011.0.x86_64.rpm
-rw-r--r--  1 root root   98977 Jul  2 00:15 lib64pam-devel-1.1.3-7-mdv2011.0.x86_64.rpm
-rw-r--r--  1 root root   43086 Jul  2 00:12 Linux-PAM-1.1.3-pam_stack-v2.patch
-rw-r--r--  1 root root     579 Jul  2 01:50 MD5SUM
-rw-r--r--  1 root root  283408 Jul  2 00:15 pam-1.1.3-7-mdv2011.0.x86_64.rpm
-rw-r--r--  1 root root 1223552 Jul  2 00:15 pam-1.1.3-7.src.rpm
-rw-r--r--  1 root root  592440 Jul  2 00:15 pam-debug-1.1.3-7-mdv2011.0.x86_64.rpm
-rw-r--r--  1 root root   54127 Jul  2 00:15 pam-doc-1.1.3-7-mdv2011.0.x86_64.rpm
-rw-r--r--  1 root root    1073 Jul  2 00:14 README.pam_stack
-rw-r--r--  1 root root     700 Jul  2 01:51 SHA1SUM
-rw-r--r--  1 root root     362 Jul  2 01:45 sshd.pam

pam_stack indeed uses internal functions to the Linux-PAM library
but this possible linking problem is solved like this :

# Copyright (c) 2005 Thorsten Kukuk 
# Copyright (c) 2005 Red Hat, Inc.
#

CLEANFILES = *~

man_MANS = pam_stack.8
EXTRA_DIST = README $(man_MANS)

securelibdir = $(SECUREDIR)
secureconfdir = $(SCONFIGDIR)

AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include
AM_LDFLAGS = -no-undefined -avoid-version -module \
        $(top_srcdir)/libpam/pam_misc.lo \
        $(top_srcdir)/libpam/pam_env.lo \
        $(top_srcdir)/libpam/pam_dispatch.lo \
        $(top_srcdir)/libpam/pam_handlers.lo \
        $(top_srcdir)/libpam/pam_dynamic.lo \
        $(top_srcdir)/libpam/pam_audit.lo \
        $(top_srcdir)/libpam/pam_data.lo \
        $(top_srcdir)/libpam/pam_end.lo \
        -L$(top_builddir)/libpam -lpam
if HAVE_VERSIONING
  AM_LDFLAGS += -Wl,--version-script=$(srcdir)/../modules.map
endif

securelib_LTLIBRARIES = pam_stack.la
pam_stack_la_LIBADD = -L$(top_builddir)/libpam -lpam


I posted this initially at the Mandriva Forums at :
https://forums.openmandriva.org/en/discussion/1009/pam-stack-patch-for-pam-1-1-3-4-src-rpm-mandriva-2011

But this posting was removed in recent hours. A Google cache of
this page can be found here :

http://crashrecovery.org/daily/12.07.2015/pam_stack-patch-for-pam-1.1.3-4.src.rpm.html

Best Regards,

Robert Stockmann
-- 
Robert M. Stockmann - RHCE
Network Engineer - UNIX/Linux Specialist
crashrecovery.org  stock@stokkie.net