-
Notifications
You must be signed in to change notification settings - Fork 12
Turning a Raspberry Pi into a PAM Using Raspberry OS Lite
This is an initial attempt to document how we have set up our Raspberry Pis to act as PAM appliances.
Note the instructions below should be valid for Raspberry OS Lite based on Buster
- Raspberry Pi 4
- HifiBerry digi i/o or HifiBerry DAC+ ADC
- Official Raspberry Pi Touchscreen
- SmartiPi Touch case
- Raspberry Pi PSU
- SDHD Card
- Latest version of Raspberry OS Lite
Install Raspberry OS Lite as instructed.
Boot the Pi and login
Run raspi-config
sudo raspi-config
- Select "System Options"-"Boot/Auto Login" and choose "Console Autologin"
- Select "Interface"-"SSH" and enable
- Change the hostname, password and wireless LAN settings if required
Add user to group netdev
sudo adduser pi netdev
Make sure file /etc/dhcpcd/dhcpcd.conf is in group netdev
sudo visudo -f /etc/sudoers
Add the following lines:
pi ALL=NOPASSWD:/usr/sbin/ntpd
pi ALL=NOPASSWD:/bin/mount
pi ALL=NOPASSWD:/bin/umount
pi ALL=NOPASSWD:/sbin/service
Edit /lib/dhcpcd/dhcpcd-hooks/40-route
Add line
ip route add 224.0.0.0/4 dev eth0
Create a mount point
sudo mkdir /mnt/share
sudo chown pi /mnt/share
Install the libraries and build Pam as described in readme.md Don’t install it though
- Make a directory /home/pi/pam
- Make a directory /home/pi/pam/bin and copy executables to it
- Make a directory /home/pi/pam/lib and copy all libs to it keeping their directory structure
- Copy the files contained in the document directory to /home/pi/pam
Create soft links
ln –s /home/pi/pam/bin/pam.s /usr/local/bin/pam.sh
ln –s /home/pi/pam/bin/InitialSetup /usr/local/bin/InitialSetup
ln –s /home/pi/pam/bin/dosetup /usr/local/bin/dosetup
ln –s /home/pi/pam/lib /usr/local/lib/pam2
Edit /etc/ld.so.conf.d/pam2.conf
Add line
/usr/local/lib/pam2
Save and then type
sudo ldconfig
sudo nano /boot/cmdline.txt
Make sure the line contains the following
logo.nologo quiet console=tty3 splash vt.global_cursor_default=0 loglevel=0 silent init=/usr/lib/raspi-config/init_resize.sh
sudo nano /etc/systemd/system/[email protected]/autologin.conf
change
ExecStart=-/sbin/agetty --autologin pi --noclear %I $TERM
to
ExecStart=-/sbin/agetty --skip-login --noclear --noissue --login-options "-f pi" %I $TERM
Get rid of message of the day text on login `touch $HOME/.hushlogin
Download partition expansion if wanted (if not then don't include init=/usr/lib/raspi-config/init_resize.sh in cmdline.txt)
sudo wget -O /etc/init.d/resize2fs_once https://raw.githubusercontent.com/RPi-Distro/pi-gen/master/stage2/01-sys-tweaks/files/resize2fs_once
sudo chmod +x /etc/init.d/resize2fs_once
sudo systemctl enable resize2fs_once
sudo apt install --no-install-recommends xserver-xorg x11-xserver-utils xinit openbox xterm
edit /etc/xdg/openbox/autostart to be the following
xset s off
xset s noblank
xset -dpms
# Allow quitting the X server with CTRL-ATL-Backspace
setxkbmap -option terminate:ctrl_alt_bksp
pam.sh &
Edit .bash_profile in pi home directory so content is
[[ -z $DISPLAY && $XDG_VTNR -eq 1 ]] && startx > /dev/null 2>&1
sudo apt install git
git clone --depth=1 https://gitlab.com/DarkElvenAngel/initramfs-splash.git
Follow the instructions in the ReadMe.md file. The PAM splash image lives in the documents directory.
In order to enable PTP support you need to set the system capabilities to allow binding to privileged ports and setting of the system clock
sudo setcap cap_sys_time,cap_net_bind_service+ep /home/pi/pam/bin/pam2
You also need to stop the default time service and install chrony
sudo systemctl disable systemd-timesyncd
sudo apt install chrony
REBOOT