summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMartin Schlemmer <azarah@gentoo.org>2005-02-25 20:31:28 +0000
committerMartin Schlemmer <azarah@gentoo.org>2005-02-25 20:31:28 +0000
commit5725e4888aca90ed48f105359aa07fa00ea755f1 (patch)
treef294cd0bc8adf2a6abbc4ad51e14b8fa2233ed3f /sys-libs/pam
parentversion bump (diff)
downloadhistorical-5725e4888aca90ed48f105359aa07fa00ea755f1.tar.gz
historical-5725e4888aca90ed48f105359aa07fa00ea755f1.tar.bz2
historical-5725e4888aca90ed48f105359aa07fa00ea755f1.zip
Add patch from bug #80566 (by Mark Loeser <halcyon@whiterapid.com>). Added
workaround from bug #80604 (by Roland Bar <roland@pinguin.tv>). Force locales to default, bug #70471 (by Alessandro Guido <devnull@box.it>). Fix sound perms on pam_console_reset, bug #55305. Add patch for bug #62059 (by Jason Fritcher <jkf@wolfnet.org>). Add pam_chroot, pam_console and pam_timestamp USE flags for these optional modules Package-Manager: portage-2.0.51-r15
Diffstat (limited to 'sys-libs/pam')
-rw-r--r--sys-libs/pam/ChangeLog14
-rw-r--r--sys-libs/pam/Manifest10
-rw-r--r--sys-libs/pam/files/README.pam_console2
-rw-r--r--sys-libs/pam/files/digest-pam-0.783
-rw-r--r--sys-libs/pam/files/pam.d/other9
-rw-r--r--sys-libs/pam/files/pam.d/system-auth14
-rw-r--r--sys-libs/pam/files/pam_env.conf12
-rw-r--r--sys-libs/pam/pam-0.78.ebuild343
8 files changed, 395 insertions, 12 deletions
diff --git a/sys-libs/pam/ChangeLog b/sys-libs/pam/ChangeLog
index dba2aacc6b0c..38d7c7b199d8 100644
--- a/sys-libs/pam/ChangeLog
+++ b/sys-libs/pam/ChangeLog
@@ -1,6 +1,18 @@
# ChangeLog for sys-libs/pam
# Copyright 2002-2005 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/sys-libs/pam/ChangeLog,v 1.62 2005/02/04 00:22:15 azarah Exp $
+# $Header: /var/cvsroot/gentoo-x86/sys-libs/pam/ChangeLog,v 1.63 2005/02/25 20:31:28 azarah Exp $
+
+*pam-0.78 (25 Feb 2005)
+
+ 25 Feb 2005; Martin Schlemmer <azarah@gentoo.org>
+ files/README.pam_console, +files/pam.d/other, +files/pam.d/system-auth,
+ +pam-0.78.ebuild:
+ Add patch from bug #80566 (by Mark Loeser <halcyon@whiterapid.com>). Added
+ workaround from bug #80604 (by Roland Bar <roland@pinguin.tv>). Force
+ locales to default, bug #70471 (by Alessandro Guido <devnull@box.it>). Fix
+ sound perms on pam_console_reset, bug #55305. Add patch for bug #62059 (by
+ Jason Fritcher <jkf@wolfnet.org>). Add pam_chroot, pam_console and
+ pam_timestamp USE flags for these optional modules
*pam-0.77-r7 (04 Feb 2005)
diff --git a/sys-libs/pam/Manifest b/sys-libs/pam/Manifest
index 1a5fe5d9353e..8bf1d97defd5 100644
--- a/sys-libs/pam/Manifest
+++ b/sys-libs/pam/Manifest
@@ -1,6 +1,6 @@
MD5 98613a823c89c1040860b92880332f9d pam-0.77-r3.ebuild 7813
MD5 737b1d219c8d599538c7d61dc396b94d pam-0.77-r1.ebuild 7480
-MD5 5462f6b2e49ddb6a0e9083bf75aba000 ChangeLog 9373
+MD5 d97609f2057921fd750bfafd1385b7f8 ChangeLog 9970
MD5 ac45aab13da90aae9947ed2a112ad9a4 pam-0.77.ebuild 7429
MD5 4f5534ef7373dae1e7e4174e1b015542 pam-0.77-r4.ebuild 7814
MD5 ea250586717aadc59bd7058d24741bf0 pam-0.77-r7.ebuild 8051
@@ -8,7 +8,8 @@ MD5 5236b3cdb8926f86382225b63b23d391 pam-0.77-r6.ebuild 7844
MD5 1d05f0436f1c273d7862099f309afe4d metadata.xml 156
MD5 9c0c3cf85b94ae623375fb05294b924a pam-0.77-r8.ebuild 8212
MD5 cb547fcc1f1893c82cbf6edcd41a2258 pam-0.77-r2.ebuild 7764
-MD5 d3bdcb58b9fe268620b2c37b9b07d756 files/pam_env.conf 3062
+MD5 058d55a26590c93cf1ceec86a27eda74 pam-0.78.ebuild 9623
+MD5 652f6b0ebdc63b0aa9ca6e1783c468a1 files/pam_env.conf 2980
MD5 7abfe66b5996b628696d244d462e47b0 files/digest-pam-0.77-r3 201
MD5 028c285db4076f549774c258d0eddcfc files/digest-pam-0.77-r1 201
MD5 c0fd7f7bf69f4f0effdfc66eed6d6ed2 files/digest-pam-0.77-r4 201
@@ -16,9 +17,12 @@ MD5 028c285db4076f549774c258d0eddcfc files/digest-pam-0.77 201
MD5 41e8f5fddbc8e00ebfdc3aeadbf7c50e files/digest-pam-0.77-r7 201
MD5 693d0527279f95e01ad9a5ba6ef45389 files/digest-pam-0.77-r8 201
MD5 b38aa656e6c205427dd4c4ba7d6d3f97 files/digest-pam-0.77-r6 201
-MD5 0044f2b0098d7a94664bd8ae7776029d files/README.pam_console 2102
+MD5 c3f9e8ddddd908bd83aa6859d279dd7d files/README.pam_console 2096
+MD5 92aced5acf4c59db3039da332ca1c47e files/digest-pam-0.78 200
MD5 69f8cfad7f241eb669085eaa753cd9dd files/pam-0.77-console-reset.patch 1826
MD5 7abfe66b5996b628696d244d462e47b0 files/digest-pam-0.77-r2 201
+MD5 344d17a865edc40adebe07797853c839 files/pam.d/other 198
MD5 849aa086002eda305d4d6d59a94fadd8 files/pam.d/rexec 457
MD5 ec3d6de902670c90897507f4a098f668 files/pam.d/rlogin 580
MD5 7b9d8d0930734500608538c166d0179a files/pam.d/rsh 445
+MD5 1baa646400c4a596290e9d4b9e1c09b2 files/pam.d/system-auth 491
diff --git a/sys-libs/pam/files/README.pam_console b/sys-libs/pam/files/README.pam_console
index 27442c8997de..129f9aef9a3b 100644
--- a/sys-libs/pam/files/README.pam_console
+++ b/sys-libs/pam/files/README.pam_console
@@ -25,7 +25,7 @@ have to be members of the audio group to access audio devices).
However, Gentoo gives you the possibility to enable pam_console, you just have
to follow these advices:
-1) In /etc/pam.d/system-auth, add the following line:
+1) In /etc/pam.d/login, add the following line:
session optional /lib/security/pam_console.so
diff --git a/sys-libs/pam/files/digest-pam-0.78 b/sys-libs/pam/files/digest-pam-0.78
new file mode 100644
index 000000000000..0b473ad66ccf
--- /dev/null
+++ b/sys-libs/pam/files/digest-pam-0.78
@@ -0,0 +1,3 @@
+MD5 58cd055892e97648651d5a318888f3a0 Linux-PAM-0.78.tar.gz 488936
+MD5 6a411d2cd9438cef9bb0a1ec621ccb9a pam-0.78-patches-1.0.tar.bz2 88766
+MD5 fcc481d52c3b80e20a328f8c0cb042bd db-4.3.27.tar.gz 5921872
diff --git a/sys-libs/pam/files/pam.d/other b/sys-libs/pam/files/pam.d/other
new file mode 100644
index 000000000000..a6a5605332dd
--- /dev/null
+++ b/sys-libs/pam/files/pam.d/other
@@ -0,0 +1,9 @@
+#%PAM-1.0
+
+auth required /lib/security/pam_deny.so
+
+account required /lib/security/pam_deny.so
+
+password required /lib/security/pam_deny.so
+
+session required /lib/security/pam_deny.so
diff --git a/sys-libs/pam/files/pam.d/system-auth b/sys-libs/pam/files/pam.d/system-auth
new file mode 100644
index 000000000000..795f0fe723f0
--- /dev/null
+++ b/sys-libs/pam/files/pam.d/system-auth
@@ -0,0 +1,14 @@
+#%PAM-1.0
+
+auth required /lib/security/pam_env.so
+auth sufficient /lib/security/pam_unix.so likeauth nullok
+auth required /lib/security/pam_deny.so
+
+account required /lib/security/pam_unix.so
+
+password required /lib/security/pam_cracklib.so retry=3
+password sufficient /lib/security/pam_unix.so nullok md5 shadow use_authtok
+password required /lib/security/pam_deny.so
+
+session required /lib/security/pam_limits.so
+session required /lib/security/pam_unix.so
diff --git a/sys-libs/pam/files/pam_env.conf b/sys-libs/pam/files/pam_env.conf
index 3bb79fde5f44..b1e7840baadd 100644
--- a/sys-libs/pam/files/pam_env.conf
+++ b/sys-libs/pam/files/pam_env.conf
@@ -1,6 +1,6 @@
-# $Date: 2004/12/13 19:04:06 $
+# $Date: 2005/02/25 20:31:28 $
# $Author: azarah $
-# $Id: pam_env.conf,v 1.2 2004/12/13 19:04:06 azarah Exp $
+# $Id: pam_env.conf,v 1.3 2005/02/25 20:31:28 azarah Exp $
#
# This is the configuration file for pam_env, a PAM module to load in
# a configurable list of environment variables for a
@@ -49,16 +49,14 @@
#
# Set the REMOTEHOST variable for any hosts that are remote, default
# to "localhost" rather than not being set at all
-# Note: Rather set default to "", as DISPLAY=localhost:0.0 do not work
-# here at least.
-REMOTEHOST DEFAULT= OVERRIDE=@{PAM_RHOST}
+#REMOTEHOST DEFAULT=localhost OVERRIDE=@{PAM_RHOST}
#
# Set the DISPLAY variable if it seems reasonable
#DISPLAY DEFAULT=${REMOTEHOST}:0.0 OVERRIDE=${DISPLAY}
-DISPLAY DEFAULT= OVERRIDE=@{DISPLAY}
+#DISPLAY DEFAULT= OVERRIDE=@{DISPLAY}
#
# Set the XAUTHORITY variable if pam_xauth is used
-XAUTHORITY DEFAULT= OVERRIDE=@{XAUTHORITY}
+#XAUTHORITY DEFAULT= OVERRIDE=@{XAUTHORITY}
#
#
# Now some simple variables
diff --git a/sys-libs/pam/pam-0.78.ebuild b/sys-libs/pam/pam-0.78.ebuild
new file mode 100644
index 000000000000..7d3a4c85233f
--- /dev/null
+++ b/sys-libs/pam/pam-0.78.ebuild
@@ -0,0 +1,343 @@
+# Copyright 1999-2005 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/sys-libs/pam/pam-0.78.ebuild,v 1.1 2005/02/25 20:31:28 azarah Exp $
+
+FORCE_SYSTEMAUTH_UPDATE="no"
+
+# BDB is internalized to get a non-threaded lib for pam_userdb.so to
+# be built with. The runtime-only dependency on BDB suggests the user
+# will use the system-installed db_load to create pam_userdb databases.
+# PWDB is internalized because it is specifically designed to work
+# with Linux-PAM. I'm not really certain how pervasive the Radius
+# and NIS services of PWDB are at this point.
+
+PATCH_LEVEL="1.0"
+BDB_VER="4.3.27"
+BDB_VER2="4.1.25"
+PAM_REDHAT_VER="0.78-3"
+
+HOMEPAGE="http://www.kernel.org/pub/linux/libs/pam/"
+DESCRIPTION="Pluggable Authentication Modules"
+
+S="${WORKDIR}/Linux-PAM-${PV}"
+S2="${WORKDIR}/pam-${PV}-patches"
+SRC_URI="http://www.kernel.org/pub/linux/libs/pam/pre/library/Linux-PAM-${PV}.tar.gz
+ mirror://gentoo/${P}-patches-${PATCH_LEVEL}.tar.bz2
+ http://dev.gentoo.org/~seemant/distfiles/${P}-patches-${PATCH_LEVEL}.tar.bz2
+ berkdb? ( http://downloads.sleepycat.com/db-${BDB_VER}.tar.gz )"
+
+LICENSE="PAM"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~mips ~ppc ~ppc64 ~s390 ~sparc ~x86"
+IUSE="berkdb pwdb selinux pam_chroot pam_console pam_timestamp"
+
+RDEPEND=">=sys-libs/cracklib-2.7-r8
+ selinux? ( sys-libs/libselinux )
+ berkdb? ( >=sys-libs/db-${BDB_VER2} )"
+
+# Note that we link to static versions of glib (pam_console.so)
+# and pwdb (pam_pwdb.so), so we need glib-2.6.2-r1 or later ...
+DEPEND="${RDEPEND}
+ dev-lang/perl
+ pam_console? ( >=dev-libs/glib-2.6.2-r1 )
+ >=sys-devel/autoconf-2.59
+ >=sys-devel/automake-1.6
+ >=sys-devel/flex-2.5.4a-r5
+ pwdb? ( >=sys-libs/pwdb-0.62 )"
+
+# Have python sandbox issues currently ...
+# doc? ( app-text/sgmltools-lite )
+
+#inherit needs to be after DEPEND definition to protect RDEPEND
+inherit gcc eutils flag-o-matic gnuconfig
+
+apply_pam_patches() {
+ local x=
+ local y=
+ local patches="${T}/patches.$$"
+
+ for x in redhat gentoo
+ do
+ rm -f "${patches}"
+
+ # Need to be a '| while read x', as some lines may have spaces ...
+ grep -v '^#' "${S2}/list.${x}-patches" | grep -v '^$' | while read y
+ do
+ # Remove the 'Patch[0-9]*: ' from the redhat list
+ echo "${y}" | sed -e 's|^Patch.*: \(.*\)|\1|' >> "${patches}"
+ done
+ for y in $(cat "${patches}")
+ do
+ epatch "${S2}/${x}-patches/${y}"
+ done
+ done
+}
+
+pkg_setup() {
+ local x=
+
+ if use pwdb; then
+ for x in libpwdb.a libcrack.a; do
+ if [ ! -f "${ROOT}/usr/$(get_libdir)/${x}" ]; then
+ eerror "Could not find /usr/$(get_libdir)/${x} needed to build Linux-PAM!"
+ die "Could not find /usr/$(get_libdir)/${x} needed to build Linux-PAM!"
+ fi
+ done
+ fi
+ if use pam_console; then
+ x="libglib-2.0.a"
+ if [ ! -f "${ROOT}/usr/$(get_libdir)/${x}" ]; then
+ eerror "Could not find /usr/$(get_libdir)/${x} needed to build Linux-PAM!"
+ eerror "Please remerge glib-2.6.* to make sure you have static changes."
+ die "Could not find /usr/$(get_libdir)/${x} needed to build Linux-PAM!"
+ fi
+ fi
+
+ return 0
+}
+
+src_unpack() {
+ local x=
+
+ unpack ${A} || die "Couldn't unpack ${A}"
+
+ cd ${S} || die
+ tar -zxf ${S2}/pam-redhat-${PAM_REDHAT_VER}.tar.gz \
+ || die "Couldn't unpack pam-redhat-${PAM_REDHAT_VER}.tar.gz"
+ # These ones we do not want, or do not work with non RH
+ rm -rf ${S}/modules/{pam_rps,pam_postgresok}
+
+ apply_pam_patches
+
+ # Check which extra modules should be built
+ # (Do this after apply_pam_patches(), else some may fail)
+ for x in pam_chroot pam_console pam_timestamp; do
+ use "${x}" || rm -rf "${S}/modules/${x}"
+ done
+ use berkdb || rm -rf "${S}/modules/pam_userdb"
+ use pwdb || rm -rf "${S}/modules/pam_pwdb"
+ use pwdb || rm -rf "${S}/modules/pam_radius"
+
+ # Fixup libdir for 64bit arches
+ sed -ie "s:@get_libdir:$(get_libdir):" ${S}/configure.in
+
+ if use selinux; then
+ epatch ${S2}/gentoo-patches/pam-078-selinux.patch
+ use pwdb && epatch ${S2}/gentoo-patches/pam-pwdbselinux.patch
+ fi
+
+ for readme in modules/pam_*/README ; do
+ cp -f "${readme}" doc/txts/README.$(dirname "${readme}" | \
+ sed -e 's|^modules/||')
+ done
+
+ # Bug #80604 (If install-sh do not exist, touch it)
+ cp /usr/share/automake/install-sh ${S}/ 2>/dev/null || touch install-sh
+ export WANT_AUTOCONF=2.5
+ autoconf || die
+}
+
+src_compile() {
+ # Bug #70471 (Compile issues with other locales)
+ export LANG=C LC_ALL=C
+
+ if use berkdb
+ then
+ einfo "Building Berkley DB ${BDB_VER}..."
+ cd ${WORKDIR}/db-${BDB_VER}/build_unix || die
+
+ # Pam uses berkdb, which db-4.1.x series can't detect mips64, so we fix it
+ if use mips; then
+ einfo "Updating berkdb config.{guess,sub} for mips"
+ S="${WORKDIR}/db-${BDB_VER}/dist" \
+ gnuconfig_update
+ fi
+
+ #echo db_cv_mutex=UNIX/fcntl > config.cache
+ #./s_config
+ ../dist/configure \
+ --cache-file=config.cache \
+ --disable-compat185 \
+ --disable-cxx \
+ --disable-diagnostic \
+ --disable-dump185 \
+ --disable-java \
+ --disable-rpc \
+ --disable-tcl \
+ --disable-shared \
+ --disable-o_direct \
+ --with-pic \
+ --with-uniquename=_pam \
+ --with-mutex="UNIX/fcntl" \
+ --prefix="${S}" \
+ --includedir="${S}/include" \
+ --libdir="${S}/lib" || die "Bad BDB ./configure"
+
+ # XXX: hack out O_DIRECT support in db4 for now.
+ # (Done above now with --disable-o_direct now)
+
+ make || die "BDB build failed"
+ make install || die
+
+ export CPPFLAGS="-I${S}/include"
+ export LDFLAGS="-L${S}/lib"
+ export LIBNAME="lib"
+ fi
+
+ if [ "${ARCH}" = "alpha" ]
+ then
+ if [ ! -z "$(strings -a /usr/lib/libglib.a | grep -i 'Compaq Computer Corp.')" ]
+ then
+ # should be LDFLAGS, but this configure is screwy.
+ echo
+ einfo "It looks like you compiled glib with ccc, this is okay, but"
+ einfo "I'll need to force gcc to link with libots...."
+ echo
+ append-flags -lots
+ sed -i -e 's/$(CC) -o/$(CC) -lots -o/g' ${S}/modules/pam_pwdb/Makefile
+ fi
+ fi
+
+ einfo "Building Linux-PAM ${PV}..."
+ cd ${S}
+ ./configure \
+ --libdir="/$(get_libdir)" \
+ --enable-static-libpam \
+ --enable-fakeroot="${D}" \
+ --enable-isadir="/$(get_libdir)/security" \
+ --host="${CHOST}" || die
+
+ # Python stuff in docs gives sandbox problems
+ sed -i -e 's|modules doc examples|modules|' Makefile
+
+ # Fix warnings for gcc-2.95.3
+ if [ "$(gcc-version)" = "2.95" ]
+ then
+ sed -i -e "s:-Wpointer-arith::" Make.Rules
+ fi
+
+ if ! use berkdb
+ then
+ # Do not build pam_userdb.so ...
+ sed -i -e "s:^HAVE_NDBM_H=yes:HAVE_NDBM_H=no:" \
+ -e "s:^HAVE_LIBNDBM=yes:HAVE_LIBNDBM=no:" \
+ -e "s:^HAVE_LIBDB=yes:HAVE_LIBDB=no:" \
+ Make.Rules
+
+ # Also edit the configuration file else the wrong include files
+ # get used
+ sed -i -e "s:^#define HAVE_NDBM_H.*$:/* #undef HAVE_NDBM_H */:" \
+ -e "s:^#define HAVE_DB_H.*$:/* #undef HAVE_DB_H */:" \
+ _pam_aconf.h
+
+ else
+ # Do not link pam_userdb.so to db-1.85 ...
+ sed -i -e "s:^HAVE_NDBM_H=yes:HAVE_NDBM_H=no:" \
+ -e "s:^HAVE_LIBNDBM=yes:HAVE_LIBNDBM=no:" \
+ Make.Rules
+
+ # Also edit the configuration file else the wrong include files
+ # get used
+ sed -i -e "s:^#define HAVE_NDBM_H.*$:/* #undef HAVE_NDBM_H */:" \
+ _pam_aconf.h
+ fi
+
+ make || die "PAM build failed"
+}
+
+src_install() {
+ local x=
+
+ einfo "Installing Linux-PAM ${PV}..."
+ make FAKEROOT=${D} \
+ LDCONFIG="" \
+ install || die
+
+ # Make sure every module built.
+ # Do not remove this, as some module can fail to build
+ # and effectively lock the user out of his system.
+ einfo "Checking if all modules were built..."
+ for x in ${S}/modules/pam_*
+ do
+ if [ -d ${x} ]
+ then
+ local mod_name=$(basename "${x}")
+ local sec_dir="${D}/$(get_libdir)/security"
+
+ # Its OK if the module failed when we didnt ask for it anyway
+ if ! ls -1 "${sec_dir}/${mod_name}"*.so &> /dev/null
+ then
+ echo
+ eerror "ERROR: ${mod_name} module did not build."
+ echo
+ die "${mod_name} module did not build."
+ fi
+ fi
+ done
+
+ dodir /usr/$(get_libdir)
+ cd ${D}/$(get_libdir)
+ for x in pam pamc pam_misc
+ do
+ rm lib${x}.so
+ ln -s lib${x}.so.${PV} lib${x}.so
+ ln -s lib${x}.so.${PV} lib${x}.so.0
+ mv lib${x}.a ${D}/usr/$(get_libdir)
+ # See bug #4411
+ gen_usr_ldscript lib${x}.so
+ done
+
+ cd ${S}
+
+ # need this for pam_console
+ keepdir /var/run/console
+
+ for x in ${FILESDIR}/pam.d/*
+ do
+ [[ -f ${x} ]] && dopamd ${x}
+ done
+
+ # Only add this one if needed.
+ if [ "${FORCE_SYSTEMAUTH_UPDATE}" = "yes" ]; then
+ newpamd ${FILESDIR}/pam.d/system-auth system-auth.new || \
+ die "Failed to install system-auth.new!"
+ fi
+
+ insinto /etc/security
+ doins ${FILESDIR}/pam_env.conf
+ doman doc/man/*.[0-9]
+
+ dodoc CHANGELOG Copyright README
+ docinto modules ; dodoc modules/README ; dodoc doc/txts/README.*
+ # Install our own README.pam_console
+ docinto ; dodoc ${FILESDIR}/README.pam_console
+ docinto txt ; dodoc doc/specs/*.txt #doc/txts/*.txt
+# docinto print ; dodoc doc/ps/*.ps
+
+# docinto html
+# dohtml -r doc/html/
+}
+
+pkg_postinst() {
+ if [ "${FORCE_SYSTEMAUTH_UPDATE}" = "yes" ]; then
+ local CHECK1="$(md5sum ${ROOT}/etc/pam.d/system-auth | cut -d ' ' -f 1)"
+ local CHECK2="$(md5sum ${ROOT}/etc/pam.d/system-auth.new | cut -d ' ' -f 1)"
+
+ if [ "${CHECK1}" != "${CHECK2}" ]; then
+ ewarn "Due to a security issue, ${ROOT}etc/pam.d/system-auth "
+ ewarn "is being updated automatically. Your old "
+ ewarn "system-auth will be backed up as:"
+ ewarn
+ ewarn " ${ROOT}etc/pam.d/system-auth.bak"
+ echo
+
+ cp -a ${ROOT}/etc/pam.d/system-auth \
+ ${ROOT}/etc/pam.d/system-auth.bak;
+ mv -f ${ROOT}/etc/pam.d/system-auth.new \
+ ${ROOT}/etc/pam.d/system-auth
+ rm -f ${ROOT}/etc/pam.d/._cfg????_system-auth
+ else
+ rm -f ${ROOT}/etc/pam.d/system-auth.new
+ fi
+ fi
+}