Commit Graph

76 Commits

Author SHA1 Message Date
Ruslan Ermilov
2735cfee64 Switch over to using pam_login_access(8) module in sshd(8).
(Fixes static compilation.  Reduces diffs to OpenSSH.)

Reviewed by:	bde
2002-03-26 12:52:28 +00:00
Dag-Erling Smørgrav
1f3030b053 Add missing "nullok" option to pam_unix. 2002-02-08 23:27:22 +00:00
Dag-Erling Smørgrav
34cab37003 Add pam_self(8) so users can login(1) as themselves without authentication,
pam_login_access(8) and pam_securetty(8) to enforce various checks
previously done by login(1) but now handled by PAM, and pam_lastlog(8) to
record login sessions in utmp / wtmp / lastlog.

Sponsored by:	DARPA, NAI Labs
2002-01-30 19:13:23 +00:00
Dag-Erling Smørgrav
86f01a8b27 Use pam_self(8) to allow users to su(1) to themselves without authentication.
Sponsored by:	DARPA, NAI Labs
2002-01-30 19:04:39 +00:00
Dag-Erling Smørgrav
ae739ec469 Enable OPIE by default, using the no_fake_prompts option to hide it from
users who don't wish to use it.  If the admin is worried about leaking
information about which users exist and which have OPIE enabled, the
no_fake_prompts option can simply be removed.

Also insert the appropriate pam_opieaccess lines after pam_opie to break
the chain in case the user is logging in from an untrusted host, or has a
.opiealways file.  The entire opieaccess / opiealways concept is slightly
unpammish, but admins familiar with OPIE will expect it to work.

Reviewed by:	ache, markm
Sponsored by:	DARPA, NAI Labs
2002-01-21 18:51:24 +00:00
Dag-Erling Smørgrav
819a142080 Really back out ache's commits. These files are now precisely as they were
twentyfour hours ago, except for RCS ids.
2002-01-19 18:29:50 +00:00
Andrey A. Chernov
0b836dfaf1 Back out recent changes 2002-01-19 18:03:11 +00:00
Andrey A. Chernov
3bfbfd1770 Turn on pam_opie by default. It should not affect non-OPIE users. 2002-01-19 10:31:32 +00:00
Andrey A. Chernov
a0fc79c334 Turn on pam_opie by default. It not affect non-OPIE users 2002-01-19 09:06:45 +00:00
Andrey A. Chernov
e04359cdac Previous commit was incomplete, use
"[default=ignore success=done cred_err=die]"
options instead of "required"
2002-01-19 08:39:35 +00:00
Andrey A. Chernov
2bda025221 Remove explaining comment and pam_unix commented out, now pam_unix can be
chained with pam_opie
2002-01-19 07:32:47 +00:00
Andrey A. Chernov
a3643aa542 Change comment since fallback provided now not by ftpd but by pam_opie 2002-01-19 03:35:39 +00:00
Dag-Erling Smørgrav
4e8b159f5e Unmunge the version preservation code and obfuscate it so CVS won't munge
it all over again.
2002-01-12 23:08:59 +00:00
Dag-Erling Smørgrav
f89a116468 Back out previous commit, which erroneously removed essential comments. I
definitely need coffee.

Apologies to:	ache
2002-01-12 14:22:22 +00:00
Dag-Erling Smørgrav
ca90ed6b1c Update copyright 2002-01-12 14:17:19 +00:00
Dag-Erling Smørgrav
84437855b4 Sync with pam.conf revision 1.25. 2002-01-12 13:50:33 +00:00
Dag-Erling Smørgrav
1c6246992a Preserve FreeBSD version strings in target files. 2002-01-12 13:50:08 +00:00
Andrey A. Chernov
283004853b Improve pam_unix/opie related ftpd comment even more 2002-01-02 09:51:33 +00:00
Andrey A. Chernov
2ac0b4865e Clarify comment about pam_unix fallback for ftpd 2002-01-01 13:38:01 +00:00
Andrey A. Chernov
e0d2c39d84 Turn on pam_opie.so for ftpd by default
It not affect non-OPIE users
2002-01-01 13:27:11 +00:00
Dag-Erling Smørgrav
9446518a9a Install pam.d files with mode 0644, not 0755. 2001-12-06 23:28:12 +00:00
Dag-Erling Smørgrav
c5a332f021 Makefile for pam.d configuration files.
Sponsored by:	DARPA, NAI Labs
2001-12-06 13:16:47 +00:00
Dag-Erling Smørgrav
426ae370f4 Awright, egg on my face. I should have taken more time with this. The
conversion script generated the wrong format, so the configuration files
didn't actually work.  Good thing I hadn't thrown the switch yet...

Sponsored by:	DARPA, NAI Labs (but the f***ups are all mine)
2001-12-05 21:26:00 +00:00
Dag-Erling Smørgrav
23c103b894 pam.d-style configuration, auto-generated from pam.conf.
Sponsored by:	DARPA, NAI Labs
2001-12-05 21:06:21 +00:00
Dag-Erling Smørgrav
2191f95faf Short README for /etc/pam.d, mostly extracted from the comments in pam.conf. 2001-12-05 20:59:38 +00:00
Dag-Erling Smørgrav
179281f9bf Perl script that splits pam.conf into separate files suitable for pam.d.
Sponsored by:	DARPA, NAI Labs
2001-12-05 20:58:39 +00:00