Commit Graph

14 Commits

Author SHA1 Message Date
Ken Smith
2672e71736 This is sort of an MFS. Peter made these changes to the RELENG_*
branches but missed HEAD.  This patch extends his a little bit,
setting it up via the Makefiles so that adding _FREEFALL_CONFIG
to /etc/make.conf is the only thing needed to cluster-ize things
(current setup also requires overriding CFLAGS).

From Peter's commit to the RELENG_* branches:
> Add the freebsd.org custer's source modifications under #ifdefs to aid
> keeping things in sync.  For ksu:
> * install suid-root by default
> * don't fall back to asking for a unix password (ie: be pure kerberos)
> * allow custom user instances for things like www and not just root

The Makefile tweaks will be MFC-ed, the rest is already done.

MFC after:      3 days
Approved by:    re (dwhite)
2005-07-07 14:16:38 +00:00
Colin Percival
d37df47d31 Join the 21st century: Cryptography is no longer an optional component
of releases.  The -DNOCRYPT build option still exists for anyone who
really wants to build non-cryptographic binaries, but the "crypto"
release distribution is now part of "base", and anyone installing from a
release will get cryptographic binaries.

Approved by:	re (scottl), markm
Discussed on:	freebsd-current, in late April 2004
2004-08-06 07:27:08 +00:00
Ruslan Ermilov
1e73d261f5 This module doesn't use libgssapi (and it looks never did). 2004-02-04 09:41:47 +00:00
Ruslan Ermilov
bb96dfc53a Deal better with the crypto version of the PAM library that goes
on the release media -- only put what is different in the crypto
version compared to the base version.  This reduces PAM entries
in /usr/lib in the "crypto" distribution to:

	libpam.a
	libpam.so@
	libpam.so.2
	pam_krb5.so@
	pam_krb5.so.2
	pam_ksu.so@
	pam_ksu.so.2
	pam_ssh.so@
	pam_ssh.so.2

The libpam.so* is still redundant (it is identical to the "base"
version), but we can't set DISTRIBUTION differently for libpam.a
and libpam.so.

(The removal of libpam.so* from the crypto distribution could be
addressed by the release/scripts/crypto-make.sh script, but then
we'd also need to remove redundant PAM headers, and I'm not sure
this is worth a hassle.)
2004-01-18 14:58:07 +00:00
David E. O'Brien
7f03a257ac style.Makefile(5) police
(I've tried to keep to the spirit of the original formatting)

Reviewed by:	des
2003-03-09 20:06:38 +00:00
Ruslan Ermilov
90a9863e16 Moved SHLIB_NAME definition into one place.
Approved by:	des
2002-04-10 18:07:05 +00:00
Ruslan Ermilov
e348eb5318 Fix broken `checkdpadd'.
-lroken is an installable library, there's no need to give an
explicit path to it.  In any case, -L paths should be specified
in LDFLAGS if needed.

Approved by:	des
2002-04-10 17:53:43 +00:00
Dag-Erling Smørgrav
92c07aa880 Turn on NO_WERROR due to namespace pollution in krb5 headers. 2002-04-07 04:44:16 +00:00
Dag-Erling Smørgrav
519b6a4c8f Switch to OpenPAM. Bump library version. Modules are now versioned, so
applications linked with Linux-PAM will still work.
Remove pam_get_pass(); OpenPAM has pam_get_authtok().
Remove pam_prompt(); OpenPAM has pam_{,v}{error,info,prompt}().
Remove pam_set_item(3) man page as OpenPAM has its own.

Sponsored by:	DARPA, NAI Labs
2002-03-05 21:56:25 +00:00
Mark Murray
30577d19fa Remove NO_WERROR, now that WARNS=n is gone. 2002-02-06 18:46:48 +00:00
Mark Murray
c2065008b5 WARNS=4 fixes. Protect with NO_WERROR for the modules that have
warnings that are hard to fix or that I've been asked to leave alone.
2002-01-24 18:37:17 +00:00
Mark Murray
3938427761 Clean up this module very extensively. Fix the logging, the coding
standards and the option handling. This module is now much more easy
to maintain as a part of the FreeBSD tree.
2001-08-10 19:24:34 +00:00
Mark Murray
084a46829b Big module cleanup.
Move common stuff into Makefile.inc, and tidy up all the Makefiles
as a result.

Build new modules.

Put a commented-out dependancy on libpam for the (shared) modules.
I can't bring this in just yet, as the dependancy (modules->libpam)
is reversed for the static case (libpam->modules).
2001-06-04 19:47:56 +00:00
Mark Murray
84d6cd8ea1 Bring in a few useful PAM modules.
pam_krb5 is a Kerberos 5 (Heimdal) authentication module.

pam_nologin checks for /etc/nologin and does the "usual stuff"
	if it is found, otherwise it silently succeeds.

pam_rootok silently succeeds if the user is root, otherwise
	it fails.

pam_wheel silently succeeds if the user is a member of group
	"wheel" (or another nominated group), and fails
	otherwise.

There is an issue with kerberosIV and kerberos5 - if both are
being built, then static linking fails with duplicate symbols.
This will take a bit of work to sort out in the kerberii.
2001-05-14 11:23:58 +00:00