=================================================================== RCS file: /cvsrepo/anoncvs/cvs/src/usr.bin/sudo/Attic/INSTALL,v retrieving revision 1.19 retrieving revision 1.20 diff -c -r1.19 -r1.20 *** src/usr.bin/sudo/Attic/INSTALL 2008/07/31 16:44:03 1.19 --- src/usr.bin/sudo/Attic/INSTALL 2008/11/14 11:53:05 1.20 *************** *** 1,5 **** ! Installation instructions for Sudo 1.6.9 ! ======================================== Sudo uses a `configure' script to probe the capabilities and type of the system in question. In this release, `configure' takes many --- 1,5 ---- ! Installation instructions for Sudo 1.7 ! ====================================== Sudo uses a `configure' script to probe the capabilities and type of the system in question. In this release, `configure' takes many *************** *** 189,194 **** --- 189,200 ---- this file instead of /etc/ldap.secret to read the secret password when rootbinddn is specified in the ldap config file. + --with-nsswitch[=filename] + Path to nsswitch.conf or "no" to disable nsswitch support. + If specified, sudo uses this file instead of /etc/nsswitch.conf. + If nsswitch is disabled but LDAP is enabled, sudo will check + LDAP first, then the sudoers file. + --with-aixauth Enable support for the AIX 4.x general authentication function. This will use the authentication scheme specified for the user *************** *** 200,206 **** Linux, Solaris and HP-UX (version 11 and higher). NOTE: on RedHat Linux and Fedora you *must* have an /etc/pam.d/sudo ! file installed. You may either use the sample.pam file included with sudo or use /etc/pam.d/su as a reference. The sample.pam file included with sudo may or may not work with other Linux distributions. On Solaris and HP-UX 11 systems you should check (and understand) --- 206,212 ---- Linux, Solaris and HP-UX (version 11 and higher). NOTE: on RedHat Linux and Fedora you *must* have an /etc/pam.d/sudo ! file install. You may either use the sample.pam file included with sudo or use /etc/pam.d/su as a reference. The sample.pam file included with sudo may or may not work with other Linux distributions. On Solaris and HP-UX 11 systems you should check (and understand) *************** *** 228,237 **** unless the 'use_loginclass' option is defined in sudoers or the user specifies a class on the command line. - --with-project - Enable support for Solaris project resource limits. - This option is only available on Solaris 9 and above. - --with-bsdauth Enable support for BSD authentication. This is the default for BSD/OS and OpenBSD systems that support it. --- 234,239 ---- *************** *** 241,246 **** --- 243,252 ---- is supported. If you don't have /usr/include/bsd_auth.h then you cannot use this. + --with-project + Enable support for Solaris project resource limits. + This option is only available on Solaris 9 and above. + --with-noexec[=PATH] Enable support for the "noexec" functionality which prevents a dynamically-linked program being run by sudo from executing *************** *** 522,527 **** --- 528,540 ---- option. visudo will then only use the VISUAL or EDITOR variables if they match a value specified via --with-editor. + --with-askpass=PATH + Set PATH as the "askpass" program to use when no tty is + available. Typically, this is a graphical password prompter, + similar to the one used by ssh. The program must take a + prompt as an argument and print the received password to + the standard output. + --disable-authentication By default, sudo requires the user to authenticate via a password or similar means. This options causes sudo to *************** *** 533,538 **** --- 546,558 ---- "chaining" sudo commands to get a root shell by doing something like "sudo sudo /bin/sh". + --enable-gss-krb5-ccache-name + Use the gss_krb5_ccache_name() function to set the Kerberos + V credential cache file name. By default, sudo will use + the KRB5CCNAME environment variable to set this. While + gss_krb5_ccache_name() provides a better API to do this it + is not supported by all Kerberos V and SASL combinations. + --enable-log-host Log the hostname in the log file. *************** *** 701,706 **** --- 721,731 ---- functionality. You must use either the HP ANSI C compiler or gcc for noexec to work. Binary packages of gcc are available from http://hpux.connect.org.uk/ and http://hpux.cs.utah.edu/. + + To prevent PAM from overriding the value of umask on HP-UX 11, + you will need to add a line like the following to /etc/pam.conf: + + sudo session required libpam_hpsec.so.1 bypass_umask SunOS 4.x: The /bin/sh shipped with SunOS blows up while running configure.