version 1.1.1.1, 2012/02/21 16:23:01
|
version 1.1.1.3, 2012/10/09 09:29:52
|
Line 166 Special features/options:
|
Line 166 Special features/options:
|
|
|
--with-SecurID[=DIR] |
--with-SecurID[=DIR] |
Enable SecurID support. If specified, DIR is directory containing |
Enable SecurID support. If specified, DIR is directory containing |
sdiclient.a, sdi_athd.h, sdconf.h, and sdacmvls.h. | libaceclnt.a, acexport.h, and sdacmvls.h. |
|
|
--with-fwtk[=DIR] |
--with-fwtk[=DIR] |
Enable TIS Firewall Toolkit (FWTK) 'authsrv' support. If specified, |
Enable TIS Firewall Toolkit (FWTK) 'authsrv' support. If specified, |
DIR is the base directory containing the compiled FWTK package |
DIR is the base directory containing the compiled FWTK package |
(or at least the library and header files). |
(or at least the library and header files). |
|
|
--with-kerb4[=DIR] |
|
Enable Kerberos IV support. If specified, DIR is the base |
|
directory containing the Kerberos IV include and lib dirs. |
|
This uses Kerberos passphrases for authentication but does |
|
not use the Kerberos cookie scheme. |
|
|
|
--with-kerb5[=DIR] |
--with-kerb5[=DIR] |
Enable Kerberos V support. If specified, DIR is the base |
Enable Kerberos V support. If specified, DIR is the base |
directory containing the Kerberos V include and lib dirs. |
directory containing the Kerberos V include and lib dirs. |
Line 186 Special features/options:
|
Line 180 Special features/options:
|
does not use the Kerberos cookie scheme. Will not work for |
does not use the Kerberos cookie scheme. Will not work for |
Kerberos V older than version 1.1. |
Kerberos V older than version 1.1. |
|
|
|
--enable-kerb5-instance=string |
|
By default, the user name is used as the principal name |
|
when authenticating via Kerberos V. If this option is |
|
enabled, the specified instance string will be appended to |
|
the user name (separated by a slash) when creating the |
|
principal name. |
|
|
--with-ldap[=DIR] |
--with-ldap[=DIR] |
Enable LDAP support. If specified, DIR is the base directory |
Enable LDAP support. If specified, DIR is the base directory |
containing the LDAP include and lib directories. Please see |
containing the LDAP include and lib directories. Please see |
Line 200 Special features/options:
|
Line 201 Special features/options:
|
this file instead of /etc/ldap.secret to read the secret password |
this file instead of /etc/ldap.secret to read the secret password |
when rootbinddn is specified in the ldap config file. |
when rootbinddn is specified in the ldap config file. |
|
|
|
--with-sssd |
|
Enable support for using the System Security Services Daemon |
|
(SSSD) as a sudoers data source. For more informaton on |
|
SSD, see http://fedorahosted.org/sssd/ |
|
|
|
--with-sssd-lib=PATH |
|
Specify the path to the SSSD shared library, which is loaded |
|
at run-time. |
|
|
--with-nsswitch[=PATH] |
--with-nsswitch[=PATH] |
Path to nsswitch.conf or "no" to disable nsswitch support. |
Path to nsswitch.conf or "no" to disable nsswitch support. |
If specified, sudo uses this file instead of /etc/nsswitch.conf. |
If specified, sudo uses this file instead of /etc/nsswitch.conf. |
Line 285 Special features/options:
|
Line 295 Special features/options:
|
older PAM implementations or on operating systems where |
older PAM implementations or on operating systems where |
opening a PAM session changes the utmp or wtmp files. If |
opening a PAM session changes the utmp or wtmp files. If |
PAM session support is disabled, resource limits may not |
PAM session support is disabled, resource limits may not |
be updatedin for command being run. | be updated for the command being run. |
|
|
--disable-root-mailer |
--disable-root-mailer |
By default sudo will run the mailer as root when tattling |
By default sudo will run the mailer as root when tattling |
Line 343 Special features/options:
|
Line 353 Special features/options:
|
--with-otp-only |
--with-otp-only |
This option is now just an alias for --without-passwd. |
This option is now just an alias for --without-passwd. |
|
|
--with-stow |
|
Properly handle GNU stow packaging. The sudoers file will |
|
physically live in ${prefix}/etc and /etc/sudoers will be |
|
a symbolic link. |
|
|
|
--with-selinux |
--with-selinux |
Enable support for role based access control (RBAC) on |
Enable support for role based access control (RBAC) on |
systems that support SELinux. |
systems that support SELinux. |
|
|
|
--with-man |
|
Use the "man" macros for manual pages. By default, mdoc |
|
versions of the manuals are installed. This can be used |
|
to override configure's test for "nroff -mdoc" support. |
|
|
|
--with-mdoc |
|
Use the "mdoc" macros for manual pages. By default, mdoc |
|
versions of the manuals are installed. This can be used |
|
to override configure's test for "nroff -mdoc" support. |
|
|
The following options are also configurable at runtime: |
The following options are also configurable at runtime: |
|
|
--with-long-otp-prompt |
--with-long-otp-prompt |
Line 630 The following options are also configurable at runtime
|
Line 645 The following options are also configurable at runtime
|
--enable-werror |
--enable-werror |
Enable the -Werror compiler option when building sudo with gcc. |
Enable the -Werror compiler option when building sudo with gcc. |
|
|
|
--disable-hardening |
|
Disable the use of compiler/linker exploit mitigation options |
|
which are enabled by default. This includes compiling with |
|
_FORTIFY_SOURCE defined to 2, building with -fstack-protector |
|
and linking with -zrelro, where supported. |
|
|
|
--disable-pie |
|
Disable the creation of position independent executables (PIE) |
|
even when the compiler and linker support them. |
|
By default, sudo will be built as a PIE where possible. |
|
|
--enable-admin-flag |
--enable-admin-flag |
Enable the creation of an Ubuntu-style admin flag file |
Enable the creation of an Ubuntu-style admin flag file |
the first time sudo is run. |
the first time sudo is run. |
Line 743 HP-UX:
|
Line 769 HP-UX:
|
you will need to add a line like the following to /etc/pam.conf: |
you will need to add a line like the following to /etc/pam.conf: |
|
|
sudo session required libpam_hpsec.so.1 bypass_umask |
sudo session required libpam_hpsec.so.1 bypass_umask |
|
|
|
If every command run via sudo displays information about the last |
|
successful login and the last authentication failure you should |
|
make use an /etc/pam.conf line like: |
|
|
|
sudo session required libpam_hpsec.so.1 bypass_umask bypass_last_login |
|
|
Digital UNIX: |
Digital UNIX: |
By default, sudo will use SIA (Security Integration Architecture) |
By default, sudo will use SIA (Security Integration Architecture) |