-Installation instructions for Sudo 1.8
-======================================
+Sudo installation instructions
+==============================
Sudo uses a `configure' script to probe the capabilities and type
of the system in question. In this release, `configure' takes many
Find the sources in DIR [configure dir or ..]
Special features/options:
- --with-CC=PATH
- Specifies path to C compiler you wish to use.
-
--with-incpath=DIR
Adds the specified directory (or directories) to CPPFLAGS
so configure and the compiler will look there for include
--with-SecurID[=DIR]
Enable SecurID support. If specified, DIR is directory containing
- sdiclient.a, sdi_athd.h, sdconf.h, and sdacmvls.h.
+ libaceclnt.a, acexport.h, and sdacmvls.h.
--with-fwtk[=DIR]
Enable TIS Firewall Toolkit (FWTK) 'authsrv' support. If specified,
DIR is the base directory containing the compiled FWTK package
(or at least the library and header files).
- --with-kerb4[=DIR]
- Enable Kerberos IV support. If specified, DIR is the base
- directory containing the Kerberos IV include and lib dirs.
- This uses Kerberos passphrases for authentication but does
- not use the Kerberos cookie scheme.
-
--with-kerb5[=DIR]
Enable Kerberos V support. If specified, DIR is the base
directory containing the Kerberos V include and lib dirs.
does not use the Kerberos cookie scheme. Will not work for
Kerberos V older than version 1.1.
+ --enable-kerb5-instance=string
+ By default, the user name is used as the principal name
+ when authenticating via Kerberos V. If this option is
+ enabled, the specified instance string will be appended to
+ the user name (separated by a slash) when creating the
+ principal name.
+
--with-ldap[=DIR]
Enable LDAP support. If specified, DIR is the base directory
containing the LDAP include and lib directories. Please see
older PAM implementations or on operating systems where
opening a PAM session changes the utmp or wtmp files. If
PAM session support is disabled, resource limits may not
- be updatedin for command being run.
+ be updated for the command being run.
--disable-root-mailer
By default sudo will run the mailer as root when tattling
--enable-warnings
Enable compiler warnings when building sudo with gcc.
+ --enable-werror
+ Enable the -Werror compiler option when building sudo with gcc.
+
--enable-admin-flag
Enable the creation of an Ubuntu-style admin flag file
the first time sudo is run.
Disable environment resetting. This sets the default value
of the "env_reset" Defaults option in sudoers to false.
+ --enable-nls[=location]
+ Enable natural language support using the gettext() family
+ of functions. If specified, location is the base directory
+ containing the libintl include and lib directories. If
+ this option is not specified, configure will look for the
+ gettext() family of functions in the standard C library
+ first, then check for a standalone libintl (linking with
+ libiconv as needed).
+
+ --disable-nls
+ Disable natural language support. By default, sudo will
+ use the gettext() family of functions, if available, to
+ implement messages in the invoking user's native language.
+ Note that translations do not exist for all languages.
+
Shadow password and C2 support
==============================
CD. You can also get them from various places on the net,
including http://www.sunfreeware.com/
NOTE: sudo will *not* build with the sun C compiler in BSD
- compatibility mode (/usr/ucb/cc). Sudo is designed to
- compile with the standard C compiler (or gcc) and will
- not build correctly with /usr/ucb/cc. You can use the
- `--with-CC' option to point `configure' to the non-ucb
- compiler if it is not the first cc in your path. Some
- sites link /usr/ucb/cc to gcc; configure will not notice
- this and still refuse to use /usr/ucb/cc, so make sure gcc
- is also in your path if your site is setup this way.
+ compatibility mode (/usr/ucb/cc). Sudo is designed to
+ compile with the standard C compiler (or gcc) and will
+ not build correctly with /usr/ucb/cc. You can set the
+ CC environment variable to the non-ucb compiler when
+ running `configure' if it is not the first cc in your
+ path. Some sites link /usr/ucb/cc to gcc; configure will
+ not notice this and still refuse to use /usr/ucb/cc, so
+ make sure gcc is also in your path if your site is setup
+ this way.
Also: Older versions of Solaris come with a broken syslogd.
If you have having problems with sudo logging you should
make sure you have the latest syslogd patch installed.
sudo session required libpam_hpsec.so.1 bypass_umask
+ If every command run via sudo displays information about the last
+ successful login and the last authentication failure you should
+ make use an /etc/pam.conf line like:
+
+ sudo session required libpam_hpsec.so.1 bypass_umask bypass_last_login
+
Digital UNIX:
By default, sudo will use SIA (Security Integration Architecture)
to validate a user. If you want to use an alternative authentication
projects / debian / sudo / blobdiff