November 22, 2013

Adding Linux PAM

If you have an embedded Linux, but want to add Linux PAM to your system, here are some of the thing I have found out:

What you will need:
1. Linux-PAM package
2. Shadow package (Debian or Linux From Scratch has source)
3. cracklib package (sourceforge)

Linux-pam needs cracklib to test password complexity.

1. compile and install cracklib
CC=ppc-linux-gcc ./configure --host=ppc-linux
make
make install DESTDIR=/home/me/install

2. compile and install linux-pam
LIBS="-lcrack" CFLAGS=-I/home/me/install/usr/local/include LDFLAGS=-L/home/me/install/usr/local/lib/ CC=ppc-linux-gcc ./configure --host=ppc-linux --disable-nis --disable-selinux --disable-regenerate-docu --disable-nls --disable-rpath
make install DESTDIR=/home/me/install
(you may want to change the installed *.la files to point to the right directory. this is bug of libtools)

3. compile shadow
LIBS="-lpam -lpamc" CFLAGS=-I/home/tzhang/install/usr/include LDFLAGS=-L/home/tzhang/install/lib64/ CC=ppc-linux-gcc ./configure --host=ppc-linux  --with-libpam --without-selinux  --without-sha-crypt --without-nscd --disable-shadowgrp
make

you will need to transfer the following files to your target (as you go along, you may need more modules):
/lib64/
/lib64/security
/lib64/security/pam_unix.so
/lib64/security/pam_cracklib.so
/lib64/libcrack.so.2


and then: 
useradd
passwd
login


create the following files under /etc/pam.d/
/etc/pam.d/system-auth
/etc/pam.d/passwd
/etc/pam.d/other

also login.defs:
-bash-3.00# cat /etc/login.defs
ENV_SUPATH  PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
ENV_PATH    PATH=/usr/local/bin:/usr/bin:/bin:/usr/local/games:/usr/games
MAIL_DIR        /var/mail

and this one:
-bash-3.00# cat /etc/default/useradd
SHELL=/bin/sh

make sure you have at least an empty shadow file 
$ touch /etc/shadow

PAM is used when adding user, changing password, login, etc. You can also hook your application to PAM authentication.

No comments:

Post a Comment