Commit Graph

112 Commits

Author SHA1 Message Date
Mark Murray
46efbac2ed Add the "nullok" option that causes this module to succeed if the Unix
password is empty/null.
2001-06-04 19:16:57 +00:00
Mark Murray
397fa72521 Add some new utility authenticators.
pam_securetty silently succeeds if the user is on a secure tty
as defined by /etc/ttys.

pam_ftp does "anonymous ftp" style authentication with options for
specifying the anonymous user(s).
2001-06-04 18:44:47 +00:00
Mark Murray
4448b21cc6 Add the "auth_as_self" option to the pam_unix module (there is no
reason not to add it to others later). This causes the pam_unix
module to check the user's _own_ password, not the password of the
account that the user is authenticating into. This will allow eg:
WHEELSU type behaviour from su(1).
2001-05-24 18:35:52 +00:00
Mark Murray
84d6cd8ea1 Bring in a few useful PAM modules.
pam_krb5 is a Kerberos 5 (Heimdal) authentication module.

pam_nologin checks for /etc/nologin and does the "usual stuff"
	if it is found, otherwise it silently succeeds.

pam_rootok silently succeeds if the user is root, otherwise
	it fails.

pam_wheel silently succeeds if the user is a member of group
	"wheel" (or another nominated group), and fails
	otherwise.

There is an issue with kerberosIV and kerberos5 - if both are
being built, then static linking fails with duplicate symbols.
This will take a bit of work to sort out in the kerberii.
2001-05-14 11:23:58 +00:00
Brian Feldman
253fb6ea3a I've been meaning to take pam_ssh out of the base system for a while now.
Finally do it.
2001-05-04 03:53:48 +00:00
Ruslan Ermilov
5f95f24bf4 mdoc(7) police: uppercase document title. 2001-04-18 08:25:26 +00:00
Ruslan Ermilov
4a558355e5 MAN[1-9] -> MAN. 2001-03-27 17:27:19 +00:00
John Baldwin
12e275aaee Use a unified libgcc rather than a seperate one for threaded and
non-threaded programs.  This provides threaded programs with the
needed exception frame symbols.

parts submitted by:	Max Khon <fjoe@iclub.nsu.ru>
PR:	23252
2001-01-06 18:59:46 +00:00
David E. O'Brien
3f6014e672 Use a unified libgcc rather than a seperate one for threaded and
non-threaded programs.  This provides threaded programs with the
needed exception frame symbols.

parts submitted by:	Max Khon <fjoe@iclub.nsu.ru>
PR:	23252
2001-01-06 06:16:31 +00:00
Ruslan Ermilov
4263595653 Prepare for mdoc(7)NG. 2000-12-29 14:08:20 +00:00
Ruslan Ermilov
ed40311694 mdoc(7) police: removed history info from the .Os FreeBSD call. 2000-12-14 11:52:05 +00:00
Brian Feldman
386879a128 Forgot to remove the old line in the last commit. 2000-12-05 02:41:01 +00:00
Brian Feldman
ee510eab3f In env_destroy(), it is a bad idea to env_swap(self, 0) to switch
back to the original environ unconditionally.  The setting of the
variable to save the previous environ is conditional; it happens when
ENV.e_committed is set.  Therefore, don't try to swap the env back
unless the previous env has been initialized.

PR:		bin/22670
Submitted by:	Takanori Saneto <sanewo@ba2.so-net.ne.jp>
2000-11-25 02:00:35 +00:00
Bill Fumerola
2a644691bc Correct an arguement to ssh_add_identity, this matches what is currently
in ports/security/openssh/files/pam_ssh.c

PR:		22164
Submitted by:	Takanori Saneto <sanewo@ba2.so-net.ne.jp>
Reviewed by:	green
Approved by:	green
2000-11-25 01:55:42 +00:00
Ruslan Ermilov
725ab6287f log 2000-11-22 09:23:54 +00:00
Kris Kennaway
4f00f8562d Update to the version of pam_ssh corresponding to OpenSSH 2.1 (taken
from the openssh port)

Submitted by:	Hajimu UMEMOTO <ume@mahoroba.org>
2000-05-30 09:03:15 +00:00
Jake Burkholder
e39756439c Back out the previous change to the queue(3) interface.
It was not discussed and should probably not happen.

Requested by:		msmith and others
2000-05-26 02:09:24 +00:00
Jake Burkholder
740a1973a6 Change the way that the queue(3) structures are declared; don't assume that
the type argument to *_HEAD and *_ENTRY is a struct.

Suggested by:	phk
Reviewed by:	phk
Approved by:	mdodd
2000-05-23 20:41:01 +00:00
Kris Kennaway
acf3af98c9 Connect pam_opie to the build. 2000-04-17 00:19:30 +00:00
Kris Kennaway
01331fc70c Add pam_opie, a PAM module using the OPIE one-time-password scheme.
Submitted by:	Jim Bloom <bloom@acm.org>
2000-04-17 00:14:42 +00:00
Kris Kennaway
e31adaffd9 Fix a memory leak.
PR:		17360
Submitted by:	Andrew J. Korty <ajk@iu.edu>
2000-03-29 08:24:37 +00:00
Bruce Evans
e915afdee4 Fixed missing libraries in DPADD.
Fixed some style bugs (some usual ones for DPADD and LDADD, and
misformatting of $FreeBSD$).
2000-03-27 15:24:45 +00:00
Kris Kennaway
bb49f794f5 Buildworld fixes for NO_OPENSSH and NO_OPENSSL
Approved by:	jkh
2000-03-09 06:29:05 +00:00
Peter Wemm
330bc838ab Make pam_ssh work. It had an undefined symbol when it was dlopen()ed.
I'm not quite sure about this, I think it should be using -lssh_pic since
it's being linked into a .so, but nothing seems to complain ahd it does
work.  (well, it works for using the authorized_keys file, but I have not
figured out how to get it to start a ssh-agent and cache the key for me)

PR:		17191
Submitted by:	Adrian Pavlykevych <pam@polynet.lviv.ua>
2000-03-06 15:28:30 +00:00
Sheldon Hearn
c6ff3a1bf7 Remove single-space hard sentence breaks. These degrade the quality
of the typeset output, tend to make diffs harder to read and provide
bad examples for new-comers to mdoc.
2000-03-02 09:14:21 +00:00
Sheldon Hearn
87faa07bec Remove single-space hard sentence breaks. These degrade the quality
of the typeset output, tend to make diffs harder to read and provide
bad examples for new-comers to mdoc.
2000-03-01 12:20:22 +00:00
Mark Murray
dc9650a4a8 Don't try to build k5 PAM; it ain't ready yet. 2000-02-28 21:00:50 +00:00
Peter Wemm
49838bb95b Argh, I can't win today. Spell ${.CURDIR} correctly. 2000-02-26 11:16:08 +00:00
Peter Wemm
b753aec26f Don't build pam_ssh if the crypto code is missing.
Found by:	sos
2000-02-26 11:14:17 +00:00
Peter Wemm
2307080405 Redo this with a repo copy from the original file and reset the
__PREFIX__ markers.
2000-02-26 09:59:14 +00:00
Mark Murray
d3e3752170 Use libcrypto instead of libdes.
Also - OpenSSH blesses us with a module for PAM.
2000-02-24 22:24:37 +00:00
Chris Costello
111b70aa08 Remove the version information from `.Os FreeBSD' here. Not only
might it confuse people, but it causes a warning message with
nroff, and no version history mentions a 1.2 version of FreeBSD.

If anything, a ``HISTORY'' section should show which version this
appeared in.
2000-02-14 01:47:54 +00:00
Brian Feldman
0e17bca17c Upgrade to the pam_ssh module, version 1.1..
(From the author:)
Primarily, I have added built-in functions for manipulating the
environment, so putenv() is no longer used.  XDM and its variants
should now work without modification.  Note that the new code uses
the macros in <sys/queue.h>.

Submitted by:	Andrew J. Korty <ajk@iu.edu>
1999-12-28 05:32:54 +00:00
Brian Feldman
b71e3dafa5 Add the PAM SSH RSA key authentication module. For example, you can add,
"login  auth    sufficient      pam_ssh.so" to your /etc/pam.conf, and
users with a ~/.ssh/identity can login(1) with their SSH key :)

PR:		15158
Submitted by:	Andrew J. Korty <ajk@waterspout.com>
Reviewed by:	obrien
1999-11-29 07:09:44 +00:00
Marcel Moolenaar
ee98eb8e13 Don't include Kerberos if NOCRYPT is defined, because it isn't build
if NOCRYPT is defined. Likewise, don't include DES if NOSECURE is
defined.
1999-11-14 15:48:29 +00:00
Mark Murray
394b3be19e Add libcrypt. This previously/coincidentally worked for login,
because login was already linked against it, but others have a
problem.
1999-09-30 18:53:34 +00:00
Mark Murray
33f891d293 Common Error libraries are needed here. 1999-09-20 06:23:16 +00:00
Peter Wemm
c3aac50f28 $Id$ -> $FreeBSD$ 1999-08-28 01:08:13 +00:00
Peter Wemm
7f3dea244c $Id$ -> $FreeBSD$ 1999-08-28 00:22:10 +00:00
Andrzej Bialecki
da33d9001c Restore INTERNALLIB.
Noticed by:	bde,jdp
1999-08-20 18:32:45 +00:00
Andrzej Bialecki
c747c0c757 Add pam_radius.so manual page.
Reviewed by:	jdp
1999-08-18 19:04:24 +00:00
Nik Clayton
3be5f1f5ce Add $Id$, to make it simpler for members of the translation teams to
track.

The $Id$ line is normally at the bottom of the main comment block in the
man page, separated from the rest of the manpage by an empty comment,
like so;

     .\"    $Id$
     .\"

If the immediately preceding comment is a @(#) format ID marker than the
the $Id$ will line up underneath it with no intervening blank lines.
Otherwise, an additional blank line is inserted.

Approved by:            bde
1999-07-12 20:24:20 +00:00
John Polstra
d65b34db7d Revive the pam_deny and pam_permit modules from Linux-PAM. They are
simple enough to be trusted.

Add account management functionality to the pam_unix module.

These changes should make it possible to use PAM in some ports.

Submitted by:	Max Khon <fjoe@iclub.nsu.ru>
1999-05-08 01:59:27 +00:00
John Polstra
ce9f8663f9 Fix bug that prevented accounts with empty passwords from logging
in.

Submitted by:	Paul Traina <pst@juniper.net>
1999-04-06 19:48:53 +00:00
John Polstra
a397d09e64 Revert my last change, "Rename some globals to reduce namespace
pollution."  Unfortunately, some of these globals are used by ftpd,
and I broke make world.  Pointy hat, please.
1999-01-21 22:02:31 +00:00
John Polstra
4479239b60 Rename some globals to reduce namespace pollution. 1999-01-20 22:50:37 +00:00
John Polstra
9294327d4a Make it possible to use PAM in statically-linked applications. 1999-01-20 21:55:30 +00:00
Matthew Dillon
4bc34f94d6 Obtained from: "Jan B. Koum " <jkb@best.com>
Add a reference to pam(8) in the login(1) and login.access(5) manual
    pages.
1998-12-01 17:05:08 +00:00
John Polstra
c273f24b99 Install PAM modules into ${SHLIBDIR}, not ${LIBDIR}.
Noticed by:	bde
1998-11-22 19:33:27 +00:00
John Polstra
9a10bb17e1 Build structure for contribified Linux-PAM, plus some home-grown
modules for FreeBSD's standard authentication methods.  Although
the Linux-PAM modules are present in the contrib tree, we don't
use any of them.

The main library "libpam" is composed of sources taken from three
places.  First are the standard Linux-PAM libpam sources from the
contrib tree.  Second are the Linux-PAM "libpam_misc" sources, also
from the contrib tree.  In Linux these form a separate library.
But as Mike Smith pointed out to me, that seems pointless, so I
have combined them into the libpam library.  Third are some additional
sources from the "src/lib/libpam" tree with some common functions
that make it easier to write modules.  Those I wrote myself.

This work has been donated to FreeBSD by Juniper Networks, Inc.
1998-11-18 01:44:37 +00:00
Philippe Charnier
306005e78c .Sh AUTHOR -> .Sh AUTHORS. Use .An/.Aq. 1998-03-23 07:48:45 +00:00
Mark Murray
7f80a02080 Changes for KTH KerberosIV.
Also quieten -Wall a bit.
1997-09-28 08:57:24 +00:00
Philippe Charnier
9c9cb2bffe = -> ==, strcpy -> strncpy from OpenBSD.
update man page. Add usage().
Obtained from: OpenBSD
1997-07-22 07:39:43 +00:00
Masafumi Max NAKANE
d778c2c01b Fix the man page's title (.Dt).
(It has been ``SKEY.ACCESS''.)
1997-06-02 17:24:36 +00:00
Paul Traina
2ed98aa017 Cruft cleanup to eliminate useless warnings 1997-02-02 21:33:37 +00:00
Paul Traina
39ea627d62 Fix some compilation warnings. 1996-09-21 18:01:23 +00:00
Mark Murray
bbff7ca556 #include <kerberosIV/des.h> -> #include <des.h> 1996-02-11 09:18:18 +00:00
Rodney W. Grimes
7799f52a32 Remove trailing whitespace. 1995-05-30 06:41:30 +00:00
Garrett Wollman
2ade60ce3c In the non-PARANOID case, make sure to set `notickets' to 0 sothat login.c
doesn't complain.
1995-01-20 23:07:10 +00:00
Garrett Wollman
758f3a64bd Modify klogin to:
1) Don't spit out an error message if Kerberos is installed but not yet
   set up.

2) Don't attempt to verify the ticket you got back, as workstations
   are not intended to have srvtab files of their own.

Both behaviors can be re-enabled with KLOGIN_PARANOID.
1995-01-14 22:57:41 +00:00
Guido van Rooij
7c4c6e58ba Add skey supprot
Reviewed by:
Submitted by:	guido
1994-08-21 19:26:22 +00:00
Rodney W. Grimes
efd31c5952 Initial revision 1994-05-27 12:32:03 +00:00