Commit Graph

7 Commits

Author SHA1 Message Date
Dag-Erling Smørgrav
86f01a8b27 Use pam_self(8) to allow users to su(1) to themselves without authentication.
Sponsored by:	DARPA, NAI Labs
2002-01-30 19:04:39 +00:00
Dag-Erling Smørgrav
ae739ec469 Enable OPIE by default, using the no_fake_prompts option to hide it from
users who don't wish to use it.  If the admin is worried about leaking
information about which users exist and which have OPIE enabled, the
no_fake_prompts option can simply be removed.

Also insert the appropriate pam_opieaccess lines after pam_opie to break
the chain in case the user is logging in from an untrusted host, or has a
.opiealways file.  The entire opieaccess / opiealways concept is slightly
unpammish, but admins familiar with OPIE will expect it to work.

Reviewed by:	ache, markm
Sponsored by:	DARPA, NAI Labs
2002-01-21 18:51:24 +00:00
Dag-Erling Smørgrav
819a142080 Really back out ache's commits. These files are now precisely as they were
twentyfour hours ago, except for RCS ids.
2002-01-19 18:29:50 +00:00
Andrey A. Chernov
0b836dfaf1 Back out recent changes 2002-01-19 18:03:11 +00:00
Andrey A. Chernov
3bfbfd1770 Turn on pam_opie by default. It should not affect non-OPIE users. 2002-01-19 10:31:32 +00:00
Dag-Erling Smørgrav
426ae370f4 Awright, egg on my face. I should have taken more time with this. The
conversion script generated the wrong format, so the configuration files
didn't actually work.  Good thing I hadn't thrown the switch yet...

Sponsored by:	DARPA, NAI Labs (but the f***ups are all mine)
2001-12-05 21:26:00 +00:00
Dag-Erling Smørgrav
23c103b894 pam.d-style configuration, auto-generated from pam.conf.
Sponsored by:	DARPA, NAI Labs
2001-12-05 21:06:21 +00:00