Commit Graph

16 Commits

Author SHA1 Message Date
Yaroslav Tykhiy
9cd40e64b4 Now pam_nologin(8) will provide an account management function
instead of an authentication function.  There are a design reason
and a practical reason for that.  First, the module belongs in
account management because it checks availability of the account
and does no authentication.  Second, there are existing and potential
PAM consumers that skip PAM authentication for good or for bad.
E.g., sshd(8) just prefers internal routines for public key auth;
OTOH, cron(8) and atrun(8) do implicit authentication when running
a job on behalf of its owner, so their inability to use PAM auth
is fundamental, but they can benefit from PAM account management.

Document this change in the manpage.

Modify /etc/pam.d files accordingly, so that pam_nologin.so is listed
under the "account" function class.

Bump __FreeBSD_version (mostly for ports, as this change should be
invisible to C code outside pam_nologin.)

PR:		bin/112574
Approved by:	des, re
2007-06-10 18:57:20 +00:00
Mark Murray
daf509c612 The PAM module pam_krb5 does not have "session" capabilities.
Don't give examples of such use, this is bogus.
2003-04-30 21:57:54 +00:00
Mark Murray
38b1858b1b Initiate KerberosIV de-orbit burn. Disconnect the /etc configs. 2003-03-08 09:50:11 +00:00
Dag-Erling Smørgrav
1995e9db8a Add the allow_local option to all pam_opieaccess entries. 2003-02-16 13:02:39 +00:00
Dag-Erling Smørgrav
75af7cb8a7 Major cleanup & homogenization. 2003-02-10 00:50:03 +00:00
Dag-Erling Smørgrav
487fffcbf2 Don't enable pam_krb5 by default - most people don't have it since most
people don't build with MAKE_KERBEROS5 defined.  Provide commented-out
usage examples instead, like we do everywhere else.

Pointy hat to:	des
2003-02-03 14:45:02 +00:00
Dag-Erling Smørgrav
f1c2c0a87e Enable pam_krb5 for sshd. I've had this in my tree for ages. 2003-02-02 18:41:26 +00:00
Dag-Erling Smørgrav
5d93b6af54 Since OpenSSH drops privileges before calling pam_open_session(3),
pam_lastlog(8) can't possibly work, so let OpenSSH handle lastlog.

Approved by:	re (rwatson)
2002-12-03 15:48:11 +00:00
Dag-Erling Smørgrav
cda86084ab Silence pam_lastlog for now. 2002-07-07 10:00:43 +00:00
Dag-Erling Smørgrav
bb151ea158 Enable OPIE for sshd and telnetd. I thought I'd done this a long time
ago...

Sponsored by:	DARPA, NAI Labs
2002-06-19 20:00:43 +00:00
Dag-Erling Smørgrav
a87cdc1598 Use pam_lastlog(8)'s new no_fail option.
Sponsored by:	DARPA, NAI Labs
2002-05-08 00:33:02 +00:00
Dag-Erling Smørgrav
214f3239c0 Don't list pam_unix in the session chain, since it does not provide any
session management services.

Sponsored by:	DARPA, NAI Labs
2002-04-18 17:40:27 +00:00
Dag-Erling Smørgrav
ce93a006f1 Add pam_lastlog(8) here since I removed lastlog support from sshd.
Sponsored by:	DARPA, NAI Labs
2002-04-15 02:46:24 +00:00
Ruslan Ermilov
2735cfee64 Switch over to using pam_login_access(8) module in sshd(8).
(Fixes static compilation.  Reduces diffs to OpenSSH.)

Reviewed by:	bde
2002-03-26 12:52:28 +00:00
Dag-Erling Smørgrav
426ae370f4 Awright, egg on my face. I should have taken more time with this. The
conversion script generated the wrong format, so the configuration files
didn't actually work.  Good thing I hadn't thrown the switch yet...

Sponsored by:	DARPA, NAI Labs (but the f***ups are all mine)
2001-12-05 21:26:00 +00:00
Dag-Erling Smørgrav
23c103b894 pam.d-style configuration, auto-generated from pam.conf.
Sponsored by:	DARPA, NAI Labs
2001-12-05 21:06:21 +00:00