group membership requirement if the group has no explicit members listed
in /etc/group. By default, this group is the wheel group; setting this
flag restores the default BSD behavior from 4.x.
Reviewed by: markm
Requested by: various
Sponsored by: DARPA, Network Associates Laboratories
- add __unused where appropriate
- PAM_RETURN -> return since OpenPAM already logs the return value.
- make PAM_LOG use openpam_log()
- make PAM_VERBOSE_ERROR use openpam_get_option() and check flags
for PAM_SILENT
- remove dummy functions since OpenPAM handles missing service
functions
- fix various warnings
Sponsored by: DARPA, NAI Labs
applications linked with Linux-PAM will still work.
Remove pam_get_pass(); OpenPAM has pam_get_authtok().
Remove pam_prompt(); OpenPAM has pam_{,v}{error,info,prompt}().
Remove pam_set_item(3) man page as OpenPAM has its own.
Sponsored by: DARPA, NAI Labs
o The new options-processing API
o The new DEBUG-logging API
Add man(1) pages for ALL modules. MDOC-Police welcome
to check this.
Audit, clean up while I'm here.
Move common stuff into Makefile.inc, and tidy up all the Makefiles
as a result.
Build new modules.
Put a commented-out dependancy on libpam for the (shared) modules.
I can't bring this in just yet, as the dependancy (modules->libpam)
is reversed for the static case (libpam->modules).
pam_krb5 is a Kerberos 5 (Heimdal) authentication module.
pam_nologin checks for /etc/nologin and does the "usual stuff"
if it is found, otherwise it silently succeeds.
pam_rootok silently succeeds if the user is root, otherwise
it fails.
pam_wheel silently succeeds if the user is a member of group
"wheel" (or another nominated group), and fails
otherwise.
There is an issue with kerberosIV and kerberos5 - if both are
being built, then static linking fails with duplicate symbols.
This will take a bit of work to sort out in the kerberii.
