${PROG}: ${OBJS}
${CC} ${CFLAGS} $^ -o $@ ${LDFLAGS} ${LDLIBS}
-install: ${PROG} ${PAM_DOAS} ${MAN}
+install: ${PROG} ${MAN}
mkdir -p -m 0755 ${DESTDIR}${BINDIR}
- [ -n "${PAM_DOAS}" ] && mkdir -p -m 0755 ${DESTDIR}${PAMDIR} || true
mkdir -p -m 0755 ${DESTDIR}${MANDIR}/man1
mkdir -p -m 0755 ${DESTDIR}${MANDIR}/man5
cp -f ${PROG} ${DESTDIR}${BINDIR}
chown ${BINOWN}:${BINGRP} ${DESTDIR}${BINDIR}/${PROG}
chmod ${BINMODE} ${DESTDIR}${BINDIR}/${PROG}
- [ -n "${PAM_DOAS}" ] && cp ${PAM_DOAS} ${DESTDIR}${PAMDIR}/doas || true
- [ -n "${PAM_DOAS}" ] && chmod 0644 ${DESTDIR}${PAMDIR}/doas || true
cp -f doas.1 ${DESTDIR}${MANDIR}/man1
cp -f doas.conf.5 ${DESTDIR}${MANDIR}/man5
The PAM and shadow authentication code does not come from the OpenBSD project.
+### pam configuration
+
+I will not ship pam configuration files, they are distribution specific and
+its simply not safe or productive to ship and install those files.
+
+If you want to use opendoas on your system and there is no package that
+ships with a working pam configuration file, then you have to write and
+test it yourself.
+
+A good starting point is probably the distribution maintained `/etc/pam.d/sudo`
+file.
+
### Perist/Timestamp/Timeout
The persist feature is disabled by default and can be enabled with the configure
--datadir=DIR architecture-independent data files [PREFIX/share]
--mandir=DIR manual pages [DATADIR/man]
--sysconfdir=DIR directory for configuration files [/etc]
- --pamdir=DIR PAM directory [SYSCONFDIR/pam.d]
--build=build-alias a cpu-vendor-opsys for the system where the application will be built
--host=host-alias a cpu-vendor-opsys for the system where the application will run
--datadir) SHAREDIR=$var ;;
--mandir) MANDIR=$var ;;
--sysconfdir) SYSCONFDIR=$var ;;
- --pamdir) PAMDIR=$var ;;
--build) BUILD=$var ;;
--host) HOST=$var ;;
--target) TARGET=$var ;;
: ${SHAREDIR:=${PREFIX}/share}
: ${MANDIR:=${SHAREDIR}/man}
: ${SYSCONFDIR:=/etc}
-: ${PAMDIR:=${SYSCONFDIR}/pam.d}
: ${BINMODE:=4755}
: ${BINOWN:=root}
: ${BINGRP:=root}
SHAREDIR ?= ${SHAREDIR}
MANDIR ?= ${MANDIR}
SYSCONFDIR?= ${SYSCONFDIR}
-PAMDIR ?= ${PAMDIR}
BINMODE ?= ${BINMODE}
BINOWN ?= ${BINOWN}
BINGRP ?= ${BINGRP}
printf 'LDLIBS += -lpam\n' >>$CONFIG_MK
printf '#define USE_PAM\n' >>$CONFIG_H
printf 'pam\n'
-
- pam_file="pam.d__doas__${OS}"
- [ -e "$pam_file" ] && printf 'PAM_DOAS = %s\n' "$pam_file" >>$CONFIG_MK
return 0
}
+++ /dev/null
-# sudo: auth account password session
-auth required pam_opendirectory.so
-account required pam_permit.so
-password required pam_deny.so
-session required pam_permit.so
+++ /dev/null
-#%PAM-1.0
-auth include system-auth
-account include system-auth
-session include system-auth