Dropline GNOME

[Barx]

Hi all

I saw in LQ forum that dropline implements PAM on slackware.

Now I haven't installed yet DL, so I haven't checked.

The question is: after installing DL, do I can login users via PAM ?

I need to authenticate users on logon on a radius server, and the easiest way seem to use PAM, which isn't included in slack.

I don't have any other thing to do with PAM, only login users (to allow surf on the internet)

Tnx all in advance for any reply

[zborgerd]

Hi all

I saw in LQ forum that dropline implements PAM on slackware.

Now I haven't installed yet DL, so I haven't checked.

The question is: after installing DL, do I can login users via PAM ?

I need to authenticate users on logon on a radius server, and the easiest way seem to use PAM, which isn't included in slack.

I don't have any other thing to do with PAM, only login users (to allow surf on the internet)

Tnx all in advance for any reply

We only provide limited PAM functionality for very basic authentication. We have pam-enabled login via our Shadow update, for pam_console support. Additionally, we use some consolehelper stuff. Our GDM has pam support as well.

You could possibly use the Dropline Shadow and PAM packages to have a pam-enabled login capability without installing all of the Dropline GNOME packages. You would have to compile any other PAM modules that you might need as well, and modify your pam configurations accordingly in /etc/pam.d. Additionally, you could use our build scripts that are included in the packages. They are located in /usr/src/dropline-build-system (we include these with all recent updates so that users can see how we build them, and tweak them as needed). The PAM and Shadow scripts are still a work-in-progress though, as they have been ported over from the old build engine. There are still a few small tweaks that must be made to them.

These packs are intended for Slackware 10.1, and should not be used with older versions of Slackware.

http://prdownloads.sourceforge.net/drop ... z?download
http://prdownloads.sourceforge.net/drop ... z?download
http://prdownloads.sourceforge.net/drop ... z?download
http://prdownloads.sourceforge.net/drop ... z?download (optional)

If you do try to use the Dropline Shadow package, I would advise you to try logging into another console to verify that /bin/login still works *before* logging back out. This is always my failsafe when testing PAM and Shadow updates, because if you break something, it's much easier to simply "upgradepkg" back to the previous version instead of rebooting off of a boot CD because you've locked yourself out by breaking /bin/login. I've never verified whether or not they work completely on stock Slackware systems that don't include the rest of DLG.

If you would like to try to build your own packs from the scripts that are included in the packs, you should use the Dropline Build System.

http://droplinegnome.org/home/dagmar/dr ... 05.tar.bz2

[wampl3r]

I recently went to install VMWare GSX on one of my Slack servers and discovered that it utilizes / requires PAM for authentication to its services. Being a Dropline user as well, I decided to try out the PAM packages on my stock server to see if it would work.

Through trial and error, I ended up installing the exact 4 packages listed above, copied in the VMWare provided pam.d file, and everything worked like a charm! I haven't seen a single side affect from updating the shadow package, and this server handles a variety of services and often has a high load.

fyi, its listed as optional above, but pam seems to be linked to cracklib and wouldn't authenticate without it so make sure its installed or you might not be able to login...

Hope that helps!
-Wamp

[zborgerd]

I recently went to install VMWare GSX on one of my Slack servers and discovered that it utilizes / requires PAM for authentication to its services. Being a Dropline user as well, I decided to try out the PAM packages on my stock server to see if it would work.

Through trial and error, I ended up installing the exact 4 packages listed above, copied in the VMWare provided pam.d file, and everything worked like a charm! I haven't seen a single side affect from updating the shadow package, and this server handles a variety of services and often has a high load.

fyi, its listed as optional above, but pam seems to be linked to cracklib and wouldn't authenticate without it so make sure its installed or you might not be able to login...

Hope that helps!
-Wamp

Thanks for verifying this. Glad it works well for you.

I've corrected the cracklib thing above (I had typed it in a bit of a rush). I suspect that anything that uses the system-auth service (there are many things) will use Cracklib as well, and will indeed require that it is installed.

[Barx]

tnx a lot for the help, I'll try to install it and I'll report my results ..

[zborgerd]

The packs in my previous post were were built for Slackware 10.1. The following packs should only be used for 10.2, and will be included in the upcoming Dropline GNOME 2.12.0 release. Please do not install these on older versions of Slackware.

http://osdn.dl.sourceforge.net/sourcefo ... 86-2dl.tgz
http://osdn.dl.sourceforge.net/sourcefo ... 86-2dl.tgz
http://osdn.dl.sourceforge.net/sourcefo ... 86-2dl.tgz
http://osdn.dl.sourceforge.net/sourcefo ... 86-1dl.tgz (optional)

[zborgerd]

Newer packs for 10.2.

http://osdn.dl.sourceforge.net/sourcefo ... 86-3dl.tgz
http://osdn.dl.sourceforge.net/sourcefo ... 86-1dl.tgz
http://osdn.dl.sourceforge.net/sourcefo ... 86-4dl.tgz
http://osdn.dl.sourceforge.net/sourcefo ... 86-1dl.tgz (optional)

[zborgerd]

New packs for 11.0, with many improvements:

http://osdn.dl.sourceforge.net/sourcefo ... 86-2dl.tgz
http://osdn.dl.sourceforge.net/sourcefo ... 86-2dl.tgz
http://osdn.dl.sourceforge.net/sourcefo ... 86-5dl.tgz
http://osdn.dl.sourceforge.net/sourcefo ... 86-4dl.tgz (optional)

These packs will be available in the 2.16.0 release of Dropline GNOME for Slackware 11.0. Please do not install them on anything older than Slackware 11.0.

[zborgerd]

Slight update. New PAM pack and usermode packs released a while back.

http://osdn.dl.sourceforge.net/sourcefo ... 86-4dl.tgz
http://osdn.dl.sourceforge.net/sourcefo ... 86-2dl.tgz
http://osdn.dl.sourceforge.net/sourcefo ... 86-5dl.tgz
http://osdn.dl.sourceforge.net/sourcefo ... 86-1dl.tgz (optional)

[vivir]

Is there any reason for this not to be similarly do-able
with 12.0 and New packs from 2.18.3 Pre-Release?

[Dagmar d'Surreal]

Not to do what? If you were looking to drop in a pam_radius module you could do that, but you're going to be on your own with respect to supporting it. None of us (that I'm aware of) even have a RADIUS server to test with, and it's those network-accessing modules that have been what's gotten PAM in trouble so many times in the past. Allow me to strongly recommend -fstack-protection-all on the pam_radius module just for starters.

Beyond that PAM for 12.0/2.18 should be working better than ever since I did a complete audit of how every single bloody piece of it goes together. This is not a task I would have wished on anyone, but it needed to be done.

[vivir]

Sorry, I kind of hijacked this thread. I'm not concerned with
radius just yet, nor vmware, just adding PAM to a minimal slack12.

I wonder if dropping in only the (4 mentioned) DLG
2.18 packages, not the entire DLG, will work for Slack12
as mentioned in some previous threads, (which I can't
locate at the moment) or if there might be some additional
dependencies introduced by the new slack12 package layout.

What I really want is to run slack setup, replacing slack's
shadow with DGL shadow + pam, cracklib, and usermode,
and have that work "out of the gate".

Thanks

[vivir]

Beyond that PAM for 12.0/2.18 should be working better than ever since I did a complete audit of how every single bloody piece of it goes together. This is not a task I would have wished on anyone, but it needed to be done.

Did you, b any chance, build the pam_passwdqc piece?
<http://www.openwall.com/passwdqc/>
<http://linux.die.net/man/8/pam_passwdqc>

Since I, so far, only grabbed the DLG pam package I don't have a
development environment for all the pam stuff set-up.
The pam_passwdqc part apparently won't build all by itself.
I'll compile it all myself if necessary, but I'm hoping you've already done it.
Is there a slackbuild script for pam and friends readily available

Thanks

[vivir]

Is there a slackbuild script for pam and friends readily available

ok, found it in the package: usr/src/dropline-build-system/SCRIPTS/pam/build