should be used from now on for anything security but not auth-related.
Included are updates for all relevant manpages and also to /etc files,
creating a new /var/log/security. Nothing in the system logs to
/var/log/security yet as of the time of this commit.
Reviewed by: rgrimes, imp, chris
Originally submitted by: Wayne Self <wself@cdrom.com>
Allow a ppp startup option in rc.conf.
Adjust sysinstall so that it appends to the end of ppp.conf
and uses the generated profile to start ppp in auto mode on
boot.
Submitted by: Josef L. Karthauser <joe@uk.FreeBSD.org>
he moved rc.conf. Then he deleted rc.diskless when it ( of course ) didn't
work. Now I'm putting the originally accidently removed rc.diskless{1,2}
back in.
(3?) people will make an effort to help those who would have benefitted from
this change. And just telling them that they should read and understand
the significance of each message posted to -current is not really good
enough IMHO.
${DESTDIR}/etc and an install target to install the missing ones. This
allows new files like pam.conf to be installed by the first installworld
after the file is added, but avoid clobbering files that might be
customized. This should save some support questions.
methods used by login. Changes to "/usr/bin/login" to use it will
be committed later today. The format of the file is described in
pam(8).
This sample file makes login behave in the traditional way. To
wit, it enables authentication via S/Key and passwd/NIS lookups.
KerberosIV authentication is present in the sample file but commented
out.
As a safety net and a transition aid, login will fall back on
built-in passwd/NIS authentication if this configuration file is
missing or if some other fatal PAM error occurs.
This file will eventually replace "/etc/auth.conf", but not until
I've finished converting the other utilities, such as passwd and su.
This will make a number of things easier in the future, as well as (finally!)
avoiding the Id-smashing problem which has plagued developers for so long.
Boy, I'm glad we're not using sup anymore. This update would have been
insane otherwise.
"make distrib-dirs" target.
Neither of Andrey's two attempts have worked for me with the [ -h ..]
test both with && and ||.
I've changed it to a full
if [ -h ...]; then \
rm ... ; \
fi ; \
construct. It's much clearer what's meant to happen, and it works! :-)
patches to merge the two IPX packages to work with each other and to
not break make-world :)
IPXrouted should be working now, (or at least compiling) :)
specified in the top level Makefiles.
Previously I missed dozens of Makefiles that skip the install after
using `cmp -s' to decide that the install isn't necessary.
changes to it based upon other outstanding bug reports and commits made
after his work.
Comments:
(a) sysconfig is still used to do all configuration. I was not going to
change that out from under you.... a user never need edit netstart
or rc* unless they're being very weird.
(b) rc.maint has been folded back into rc. It is just unworkable as
a separate chunk because of ordering bogosities
(c) netstart does what it says... it starts up enough of the network to
get up, it doesn't start every bloody daemon that might talk to a
socket... netstart ifconfig's the devices and sets up routing if
configured to do so.
(d) nfs disks are mounted immediately after netstart completes
(e) syslog is started as early as possible (right after nfs) so that error
messages can get logged to remote syslog servers properly
(f) named is started (there is an argument that says that named should be
started before syslogd because if you are the dns server for your domain,
you'd like named to resolve remote hosts in syslog.conf, but this is
a minority case and the trivial workarround is to put the syslog host
in /etc/hosts or use an /etc/resolv.conf -- why? because you want syslog
to catch named errors, which is a MUCH more important and likely occurance)
(g) NOW all of the rest of the network daemons such as the time stuff, RPC,
NIS, NFS, Kerberos and inetd are started
(h) the rest of the generic stuff is done (cron/printer/sendmail)
(i) shared libraries are set
(j) /etc/rc.i386 is run (this does FreeBSD/386 specific stuff like ibcs2,
xtend, and all of the syscons stuff
(this is actually started as /etc/rc.`uname -m`
(k) the syscons stuff has gotten a serious cleaning to make it consistent
with rc conventions
(l) rc.local has had the comments about syscons removed (they are not relevant
to this file now) and the full name of the kernel has been restored to
/etc/motd
Submitted by: pts
