Commit Graph

3130 Commits

Author SHA1 Message Date
Dima Dorfman
35fe8af95c crdup(9) is not a protocol.
PR:		34624
Submitted by:	John Nielsen <nielsenj@cs.byu.edu>,
		Hiten Pandya <hiten@uk.FreeBSD.org>
2002-02-10 08:19:58 +00:00
John Baldwin
bffd6ef83d Fix MAKEDEV for RocketPort (rp(4)) cuaR* and ttyR* to work with the
updated driver.  The newer driver in current outputs a version string
that contains a space, so we need to eat two words in between RocketPortX
and the number of ports on the board.
2002-02-09 21:16:54 +00:00
Dag-Erling Smørgrav
1f3030b053 Add missing "nullok" option to pam_unix. 2002-02-08 23:27:22 +00:00
Crist J. Clark
36a48df48e peter points out that we probably should not mess with the sysctl(8)
values at all if they are not purposefully set. What if the
administrator messed with them in /etc/sysctl.conf? We don't want to
overwrite them.

If 'log_in_vain' is zero, do not force the issue. If it is non-zero,
set it.
2002-02-08 13:25:33 +00:00
Mark Murray
adb79039fd Enable TCP_WRAPPERs for the NIS server. The protection afforded is
not massive, but usable.
2002-02-06 20:39:36 +00:00
Hajimu UMEMOTO
9785aaf1b3 Install PROTO.localhost-v6.rev. Umm, it seems namedb/Makefile
is not used.
2002-02-06 04:57:25 +00:00
Hajimu UMEMOTO
232b0e36b5 Install PROTO.localhost-v6.rev.
Reported by:	Scott Allendorf <scott-allendorf@uiowa.edu>
Forgot by:	me (ume)
2002-02-06 04:46:07 +00:00
Sheldon Hearn
4155ccefee Add the MTA users 'mailnull' and 'smmp'.
PR:		conf/34535
Submitted by:	Ceri <setantae@submonkey.net>
MFC after:	1 week
2002-02-04 15:12:06 +00:00
Yoshihiro Takahashi
f25125064b Use MACHINE_ARCH instead of MACHINE to check i386 arch.
MFC after:	3 days
2002-02-04 12:50:52 +00:00
Dag-Erling Smørgrav
34cab37003 Add pam_self(8) so users can login(1) as themselves without authentication,
pam_login_access(8) and pam_securetty(8) to enforce various checks
previously done by login(1) but now handled by PAM, and pam_lastlog(8) to
record login sessions in utmp / wtmp / lastlog.

Sponsored by:	DARPA, NAI Labs
2002-01-30 19:13:23 +00:00
Dag-Erling Smørgrav
86f01a8b27 Use pam_self(8) to allow users to su(1) to themselves without authentication.
Sponsored by:	DARPA, NAI Labs
2002-01-30 19:04:39 +00:00
Bruce Evans
f52150f696 Added this makefile. This is not attached to the build yet. I often
install parts of /etc manually and it helps to have a makefile for
each subdir even if the main makefile doesn't invoke it.
2002-01-30 09:27:03 +00:00
MIHIRA Sanpei Yoshiro
8aa32802b9 By commit of usr.sbin/pccard/pccardd/cardd.c at Nov 29 (Dec
10 in -STABLE), pccardd's string comparison between
pccard.conf's entry and PC card's CIS tupple became strict
matching.

As influences of this commit, some PC cards don't work since
some /etc/default/pccard.conf's card identifiers entries are
incorrectly described.

  - Lexar Media compact flash
  - IO DATA CBIDE2 in 16 bit mode
  - TOSHIBA Portable 24X Speed CD-ROM Drive PA2673UJ
  - Hewlett Packard M820e (CD-writer)

Update these card configs.

PR:		33815
Obtained from:	[bsd-nomads:16128]
2002-01-29 21:17:05 +00:00
Ruslan Ermilov
ec5e499155 Tidy up gecos field for `bin'. 2002-01-29 14:00:03 +00:00
Sheldon Hearn
1887ffe3ca Uncomment kserver-adm, which is IANA-sanctioned and has no apparent
conflicts.

PR:		conf/34316
Submitted by:	Sean Chittenden <sean@chittenden.org>
MFC after:	2 weeks
2002-01-29 12:28:51 +00:00
Warner Losh
9fecc8d840 Add Linksys Instant Wireless WPC11 v2.5
Submitted by: eliedtke@apogeetelecom.com
2002-01-29 05:15:56 +00:00
Crist J. Clark
7fc6e2f775 Put a complete set of pppd(8) sample configuration files in
/usr/share/examples/pppd.

Remove the out-of-place pppd(8) configuration files in etc/ppp,
ppp.shells.sample and ppp.deny.

Make the appropriate changes to the build process, etc/Makefile and
etc/mtree/BSD.usr.mtree, so it all works.
2002-01-29 01:10:47 +00:00
Crist J. Clark
76f10508d4 Put a complete set of pppd(8) sample configuration files in
/usr/share/examples/pppd.

Update pppd(8) documentation to reflect this, usr.sbin/pppd/pppd.8.

Remove the out-of-place pppd(8) configuration files in etc/ppp,
ppp.shells.sample and ppp.deny.

Make the appropriate changes to the build process, etc/Makefile and
etc/mtree/BSD.usr.mtree, so it all works.

The files from etc/ppp, ppp.shells.sample and ppp.deny, were moved
with a repo copy. Note it in the logs with a forced commit to these
two.

Submitted by:	Maxim Konovalov <maxim@macomnet.ru> provided the new samples.
2002-01-29 00:23:35 +00:00
Sheldon Hearn
3e38757beb Register amd's dependency on NFS.
This change was submitted to the freebsd-audit mailing list for review
but received no feedback.  Hindsight-enabled reviews are welcome.

PR:		conf/31358
Submitted:	Thomas Quinot <thomas@cuivre.fr.eu.org>
2002-01-28 11:05:01 +00:00
Warner Losh
a5959e20bf Add ADLINK340C wireless card mentioned in nomads.
# This card has the same PCMCIA and OEM id as ELSA XI300 wireless card, which
# appears to be listed elsewhere in this file.

Submitted by: Abe Toshiaki-san <ans@sun-tec.co.jp>
MFC After: 5 days
2002-01-28 04:46:20 +00:00
Crist J. Clark
f44609fe71 Make the rc.conf(5) 'log_in_vain' knob an integer.
Try this out in -CURRENT, MFC, and then consider dropping the
'log_in_vain' knob all together. It really is something for
sysctl.conf(5).

PR:		bin/32953
Reviewed by:	-bugs discussion
MFC after:	1 week
2002-01-26 09:05:13 +00:00
Dag-Erling Smørgrav
c84317d7ad Add local/share/java/classes, local/share/sgml, local/share/xml
Approved by:	ru, silence on -ports
MFC after:	1 week
2002-01-23 13:02:16 +00:00
Hajimu UMEMOTO
fc50a44458 Do not taint ::/124 for localhost reverse table. 2002-01-22 17:22:41 +00:00
Ruslan Ermilov
322628519e Reincarnate SETUID code in man(1), not compiled in by default.
The code will be fixed for all known security vulnerabilities,
and a make.conf(5) knob (ENABLE_SUID_MAN) will be provided for
those who still want it installed setuid for whatever reasons.
2002-01-22 15:15:38 +00:00
Dag-Erling Smørgrav
ae739ec469 Enable OPIE by default, using the no_fake_prompts option to hide it from
users who don't wish to use it.  If the admin is worried about leaking
information about which users exist and which have OPIE enabled, the
no_fake_prompts option can simply be removed.

Also insert the appropriate pam_opieaccess lines after pam_opie to break
the chain in case the user is logging in from an untrusted host, or has a
.opiealways file.  The entire opieaccess / opiealways concept is slightly
unpammish, but admins familiar with OPIE will expect it to work.

Reviewed by:	ache, markm
Sponsored by:	DARPA, NAI Labs
2002-01-21 18:51:24 +00:00
Dag-Erling Smørgrav
819a142080 Really back out ache's commits. These files are now precisely as they were
twentyfour hours ago, except for RCS ids.
2002-01-19 18:29:50 +00:00
Andrey A. Chernov
0b836dfaf1 Back out recent changes 2002-01-19 18:03:11 +00:00
Andrey A. Chernov
3bfbfd1770 Turn on pam_opie by default. It should not affect non-OPIE users. 2002-01-19 10:31:32 +00:00
Andrey A. Chernov
a0fc79c334 Turn on pam_opie by default. It not affect non-OPIE users 2002-01-19 09:06:45 +00:00
Andrey A. Chernov
e04359cdac Previous commit was incomplete, use
"[default=ignore success=done cred_err=die]"
options instead of "required"
2002-01-19 08:39:35 +00:00
Warner Losh
b5bbbc47b7 Add flags 0x10000 to IO Data WN-B11/PCM's entry. Evidentally, they
changed firmware and the new cards don't work without this.

Submitted by: ume
MFC after: 3 days
2002-01-19 08:11:39 +00:00
Andrey A. Chernov
2bda025221 Remove explaining comment and pam_unix commented out, now pam_unix can be
chained with pam_opie
2002-01-19 07:32:47 +00:00
Andrey A. Chernov
a3643aa542 Change comment since fallback provided now not by ftpd but by pam_opie 2002-01-19 03:35:39 +00:00
Warner Losh
69e4f572e4 Add:
Accton airDirect WN3301
	Melco WLI-CF-S11G
	GeoWave GW-NS11S

Submitted by: Shigeru Ishida-san on bsd-nomads (16142,16143,16144)
2002-01-18 03:49:03 +00:00
Joerg Wunsch
3d7abf4c86 Re-add a call to "camcontrol rescan" after insertion of an aic pccard.
We now do it as a "camcontrol rescan all" which is something ken
promised to implement; for the time being it's not worse than the old
"camcontrol rescan $device" which ended up in something like
"camcontrol rescan aic1".  Currently, camcontrol misinterprets the
third non-numeric arg as number 0, and rescans bus 0, which is about
the best we could get at this time.

Approved by:	imp
MFC after:	1 week
2002-01-17 20:38:04 +00:00
Robert Watson
012ccf288b o Improve the line-wrapping of additional comments, some of which appeared
to be wrapped around 60, others around 40 columns.
2002-01-17 00:10:28 +00:00
Robert Watson
4420bc6773 o Remove a somewhat less comprehensible comment about modifying /etc/rc.
o Improve line-wrapping of another comment for consistency.
2002-01-17 00:08:44 +00:00
Bruce Evans
e9f83ca347 Added this makefile. This is not attached to the build yet. I often
install parts of /etc manually and it helps to have a makefile for
each subdir even if the main makefile doesn't invoke it.
2002-01-16 12:18:22 +00:00
Ruslan Ermilov
30843b9337 Do not install man(1) setuid ``man''.
The catpaging and setuidness features of man(1) combined make
it vulnerable to a number of security attacks.  Specifically,
it was possible to overwrite system catpages with arbitrarily
contents by either setting up a symlink to a directory holding
system catpages, or by writing custom -mdoc or -man groff(1)
macro packages and setting up GROFF_TMAC_PATH in environment
to point to them.  (See PR below for details).

This means man(1) can no longer create system catpages on a
regular user's behalf.  (It is still able to if the user has
write permissions to the directory holding catpages, e.g.,
user's own manpages, or if the running user is ``root''.)

To create and install catpages during ``make world'', please
set MANBUILDCAT=YES in /etc/make.conf.  To rebuild catpages
on a weekly basis, please set weekly_catman_enable="YES" in
/etc/periodic.conf.

PR:		bin/32791
2002-01-15 14:11:05 +00:00
Dag-Erling Smørgrav
a5f5cfdaf2 Everybody (for suitable values of "everybody") seems to think pam.conf should
be removed outright.

Sponsored by:	DARPA, NAI Labs
2002-01-14 17:15:53 +00:00
Dag-Erling Smørgrav
56ad504867 Re-add pam.conf so it will get installed so people who don't know about
pam.d will find out about it by reading pam.conf.

Sponsored by:	DARPA, NAI Labs
2002-01-14 16:30:22 +00:00
Dag-Erling Smørgrav
ddee80ac95 Point people towards /etc/pam.d/README. 2002-01-14 15:08:02 +00:00
Dag-Erling Smørgrav
4e8b159f5e Unmunge the version preservation code and obfuscate it so CVS won't munge
it all over again.
2002-01-12 23:08:59 +00:00
Dag-Erling Smørgrav
f89a116468 Back out previous commit, which erroneously removed essential comments. I
definitely need coffee.

Apologies to:	ache
2002-01-12 14:22:22 +00:00
Dag-Erling Smørgrav
ca90ed6b1c Update copyright 2002-01-12 14:17:19 +00:00
Dag-Erling Smørgrav
0703287104 Switch over to /etc/pam.d/.
Sponsored by:	DARPA / NAI Labs
2002-01-12 14:03:12 +00:00
Dag-Erling Smørgrav
84437855b4 Sync with pam.conf revision 1.25. 2002-01-12 13:50:33 +00:00
Dag-Erling Smørgrav
1c6246992a Preserve FreeBSD version strings in target files. 2002-01-12 13:50:08 +00:00
Warner Losh
8128d1f555 Correct Corega KK Wireless entry 2002-01-12 07:01:51 +00:00
Alexey Zelkin
7f751a854f Sort entries and clarify comments 2002-01-11 15:51:56 +00:00