isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

PAM, AIX auth, BSD auth and login_cap are now on by default if the OS

Browse Source 
supports them.
This commit is contained in:
Todd C. Miller
2005-01-21 15:32:20 +00:00
parent 2dc559bf3e
commit f751d934dd
1 changed files with 132 additions and 131 deletions
Download Patch File Download Diff File Expand all files Collapse all files

35
INSTALL
View File

@@ -184,16 +184,16 @@ Special features/options:
Path to LDAP configuration file. If specified, sudo reads Path to LDAP configuration file. If specified, sudo reads
this file instead of /etc/ldap.conf to locate the LDAP server. this file instead of /etc/ldap.conf to locate the LDAP server.
--with-authenticate --with-aixauth
Enable support for the AIX 4.x general authentication function. Enable support for the AIX 4.x general authentication function.
This will use the authentication scheme specified for the user This will use the authentication scheme specified for the user
on the machine. on the machine. It is on by default for AIX systems that
support it.
--with-pam --with-pam
Enable PAM support. Tested on: Enable PAM support. This is on by default for Darwin, FreeBSD,
Redhat Linux >= 5.x Linux, Solaris and HP-UX (version 11 and higher).
Solaris >= 2.6
HP-UX >= 11.0
NOTE: on RedHat Linux and Fedora you *must* have an /etc/pam.d/sudo NOTE: on RedHat Linux and Fedora you *must* have an /etc/pam.d/sudo
file install. You may either use the sample.pam file included with file install. You may either use the sample.pam file included with
sudo or use /etc/pam.d/su as a reference. The sample.pam file sudo or use /etc/pam.d/su as a reference. The sample.pam file
@@ -217,19 +217,20 @@ Special features/options:
DCE PAM module (usually libpam_dce) should be used instead. DCE PAM module (usually libpam_dce) should be used instead.
--with-logincap --with-logincap
Enable support for BSD login classes where available (OS-dependent). This adds support for login classes specified in /etc/login.conf.
This adds support for the login classes specified in /etc/login.conf. It is enabled by default on BSD/OS, Darwin, FreeBSD, OpenBSD and
By default, a login class is not applied unless the 'use_loginclass' NetBSD (where available). By default, a login class is not applied
option is defined in sudoers or the user specifies a class on the unless the 'use_loginclass' option is defined in sudoers or the user
command line. specifies a class on the command line.
--with-bsdauth --with-bsdauth
Enable support for BSD authentication on BSD/OS and OpenBSD. Enable support for BSD authentication. This is the default
This option implies --with-logincap. It is not possible for BSD/OS and OpenBSD systems that support it.
to mix BSD authentication with other authentication methods It is not possible to mix BSD authentication with other
(and there really should be no need to do so). Note that authentication methods (and there really should be no need
only the newer BSD authentication API is supported. If you to do so). Note that only the newer BSD authentication API
don't have /usr/include/bsd_auth.h then you cannot use this. is supported. If you don't have /usr/include/bsd_auth.h
then you cannot use this.
--with-noexec[=PATH] --with-noexec[=PATH]
Enable support for the "noexec" functionality which prevents Enable support for the "noexec" functionality which prevents