[BACK]Return to INSTALL CVS log [TXT] [DIR] Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / sudo

Diff for /embedaddon/sudo/INSTALL between versions 1.1.1.1 and 1.1.1.3

version 1.1.1.1, 2012/02/21 16:23:01 version 1.1.1.3, 2012/10/09 09:29:52
Line 166  Special features/options: Line 166  Special features/options:
   
   --with-SecurID[=DIR]    --with-SecurID[=DIR]
         Enable SecurID support.  If specified, DIR is directory containing          Enable SecurID support.  If specified, DIR is directory containing
        sdiclient.a, sdi_athd.h, sdconf.h, and sdacmvls.h.        libaceclnt.a, acexport.h, and sdacmvls.h.
   
   --with-fwtk[=DIR]    --with-fwtk[=DIR]
         Enable TIS Firewall Toolkit (FWTK) 'authsrv' support. If specified,          Enable TIS Firewall Toolkit (FWTK) 'authsrv' support. If specified,
         DIR is the base directory containing the compiled FWTK package          DIR is the base directory containing the compiled FWTK package
         (or at least the library and header files).          (or at least the library and header files).
   
   --with-kerb4[=DIR]  
         Enable Kerberos IV support.  If specified, DIR is the base  
         directory containing the Kerberos IV include and lib dirs.  
         This uses Kerberos passphrases for authentication but does  
         not use the Kerberos cookie scheme.  
   
   --with-kerb5[=DIR]    --with-kerb5[=DIR]
         Enable Kerberos V support.  If specified, DIR is the base          Enable Kerberos V support.  If specified, DIR is the base
         directory containing the Kerberos V include and lib dirs.          directory containing the Kerberos V include and lib dirs.
Line 186  Special features/options: Line 180  Special features/options:
         does not use the Kerberos cookie scheme.  Will not work for          does not use the Kerberos cookie scheme.  Will not work for
         Kerberos V older than version 1.1.          Kerberos V older than version 1.1.
   
     --enable-kerb5-instance=string
           By default, the user name is used as the principal name
           when authenticating via Kerberos V.  If this option is
           enabled, the specified instance string will be appended to
           the user name (separated by a slash) when creating the
           principal name.
   
   --with-ldap[=DIR]    --with-ldap[=DIR]
         Enable LDAP support.  If specified, DIR is the base directory          Enable LDAP support.  If specified, DIR is the base directory
         containing the LDAP include and lib directories.  Please see          containing the LDAP include and lib directories.  Please see
Line 200  Special features/options: Line 201  Special features/options:
         this file instead of /etc/ldap.secret to read the secret password          this file instead of /etc/ldap.secret to read the secret password
         when rootbinddn is specified in the ldap config file.          when rootbinddn is specified in the ldap config file.
   
     --with-sssd
           Enable support for using the System Security Services Daemon
           (SSSD) as a sudoers data source.  For more informaton on
           SSD, see http://fedorahosted.org/sssd/
   
     --with-sssd-lib=PATH
           Specify the path to the SSSD shared library, which is loaded
           at run-time.
   
   --with-nsswitch[=PATH]    --with-nsswitch[=PATH]
         Path to nsswitch.conf or "no" to disable nsswitch support.          Path to nsswitch.conf or "no" to disable nsswitch support.
         If specified, sudo uses this file instead of /etc/nsswitch.conf.          If specified, sudo uses this file instead of /etc/nsswitch.conf.
Line 285  Special features/options: Line 295  Special features/options:
         older PAM implementations or on operating systems where          older PAM implementations or on operating systems where
         opening a PAM session changes the utmp or wtmp files.  If          opening a PAM session changes the utmp or wtmp files.  If
         PAM session support is disabled, resource limits may not          PAM session support is disabled, resource limits may not
        be updatedin for command being run.        be updated for the command being run.
   
   --disable-root-mailer    --disable-root-mailer
         By default sudo will run the mailer as root when tattling          By default sudo will run the mailer as root when tattling
Line 343  Special features/options: Line 353  Special features/options:
   --with-otp-only    --with-otp-only
         This option is now just an alias for --without-passwd.          This option is now just an alias for --without-passwd.
   
   --with-stow  
         Properly handle GNU stow packaging.  The sudoers file will  
         physically live in ${prefix}/etc and /etc/sudoers will be  
         a symbolic link.  
   
   --with-selinux     --with-selinux 
         Enable support for role based access control (RBAC) on          Enable support for role based access control (RBAC) on
         systems that support SELinux.          systems that support SELinux.
   
     --with-man
           Use the "man" macros for manual pages.  By default, mdoc
           versions of the manuals are installed.  This can be used
           to override configure's test for "nroff -mdoc" support.
   
     --with-mdoc
           Use the "mdoc" macros for manual pages.  By default, mdoc
           versions of the manuals are installed.  This can be used
           to override configure's test for "nroff -mdoc" support.
   
 The following options are also configurable at runtime:  The following options are also configurable at runtime:
   
   --with-long-otp-prompt    --with-long-otp-prompt
Line 630  The following options are also configurable at runtime Line 645  The following options are also configurable at runtime
   --enable-werror    --enable-werror
         Enable the -Werror compiler option when building sudo with gcc.          Enable the -Werror compiler option when building sudo with gcc.
   
     --disable-hardening
           Disable the use of compiler/linker exploit mitigation options
           which are enabled by default.  This includes compiling with
           _FORTIFY_SOURCE defined to 2, building with -fstack-protector
           and linking with -zrelro, where supported.
   
     --disable-pie
           Disable the creation of position independent executables (PIE)
           even when the compiler and linker support them.
           By default, sudo will be built as a PIE where possible.
   
   --enable-admin-flag    --enable-admin-flag
         Enable the creation of an Ubuntu-style admin flag file          Enable the creation of an Ubuntu-style admin flag file
         the first time sudo is run.          the first time sudo is run.
Line 743  HP-UX: Line 769  HP-UX:
     you will need to add a line like the following to /etc/pam.conf:      you will need to add a line like the following to /etc/pam.conf:
   
     sudo        session required        libpam_hpsec.so.1 bypass_umask      sudo        session required        libpam_hpsec.so.1 bypass_umask
   
       If every command run via sudo displays information about the last
       successful login and the last authentication failure you should
       make use an /etc/pam.conf line like:
   
       sudo        session required        libpam_hpsec.so.1 bypass_umask bypass_last_login
   
 Digital UNIX:  Digital UNIX:
     By default, sudo will use SIA (Security Integration Architecture)      By default, sudo will use SIA (Security Integration Architecture)
Removed from v.1.1.1.1  
changed lines
  Added in v.1.1.1.3

FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>