freebsd-skq

Author	SHA1	Message	Date
des	050649d640	Correct documentation of ~/.opiealways PR: 117512 Submitted by: Jeremy C. Reed <reed@reedmedia.net> MFC after: 1 week	2007-10-26 07:50:11 +00:00
ru	01548ace15	Mechanically kill hard sentence breaks.	2004-07-02 23:52:20 +00:00
cperciva	81f9b2b83a	style cleanup: Remove duplicate $FreeBSD$ tags. These files had tags after the copyright notice, inside the comment block (incorrect, removed), and outside the comment block (correct). Approved by: rwatson (mentor)	2004-02-10 20:42:33 +00:00
des	9c38a55797	Fix strict aliasing breakage in PAM modules (except pam_krb5, which needs more work than the others). This should make most modules build with -O2.	2003-12-11 13:55:16 +00:00
des	4f251ebb97	Treat an empty PAM_RHOST the same as a NULL one. PR: bin/51508	2003-04-30 00:44:05 +00:00
des	f30606f0ce	Somewhat better wording.	2003-03-10 09:15:26 +00:00
des	3e06ef8dee	Silence warning caused by OPIE brokenness.	2003-03-10 09:15:08 +00:00
obrien	e70feef239	style.Makefile(5) police (I've tried to keep to the spirit of the original formatting) Reviewed by: des	2003-03-09 20:06:38 +00:00
ru	8b5b8ec6a7	mdoc(7) police: markup laundry.	2003-02-23 01:47:49 +00:00
des	d1e778062c	Add an "allow_local" option which forces historical behaviour.	2003-02-16 13:01:03 +00:00
des	af39bbe733	Assume "localhost" if no remote host was specified. This is safe from a POLA point of view since the stock /etc/opieaccess now allows localhost.	2003-02-15 23:26:49 +00:00
des	ade0386724	Use PAM_SUCCESS instead of PAM_IGNORE.	2002-04-15 06:26:32 +00:00
des	a8ed917937	Major cleanup: - add __unused where appropriate - PAM_RETURN -> return since OpenPAM already logs the return value. - make PAM_LOG use openpam_log() - make PAM_VERBOSE_ERROR use openpam_get_option() and check flags for PAM_SILENT - remove dummy functions since OpenPAM handles missing service functions - fix various warnings Sponsored by: DARPA, NAI Labs	2002-04-12 22:27:25 +00:00
ru	aab0c4649e	Moved SHLIB_NAME definition into one place. Approved by: des	2002-04-10 18:07:05 +00:00
markm	962bcb4df1	Fix for OPIE 2.4.	2002-03-22 09:20:05 +00:00
ru	750b21097f	mdoc(7) police: fix SYNOPSIS, sort xrefs, kill extra whitespace.	2002-03-18 15:59:53 +00:00
des	7f7038bdcf	NAI DBA update.	2002-03-14 23:27:59 +00:00
des	c0bbe50538	Switch to OpenPAM. Bump library version. Modules are now versioned, so applications linked with Linux-PAM will still work. Remove pam_get_pass(); OpenPAM has pam_get_authtok(). Remove pam_prompt(); OpenPAM has pam_{,v}{error,info,prompt}(). Remove pam_set_item(3) man page as OpenPAM has its own. Sponsored by: DARPA, NAI Labs	2002-03-05 21:56:25 +00:00
des	4bbf527773	#include cleanup. Sponsored by: DARPA, NAI Labs	2002-02-05 06:08:26 +00:00
markm	b63d9c7a6d	WARNS=4 fixes. Protect with NO_WERROR for the modules that have warnings that are hard to fix or that I've been asked to leave alone.	2002-01-24 18:37:17 +00:00
des	37b85e4ec4	Correctly interpret PAM_RHOST being unset as an indicator of a local login. Sponsored by: DARPA, NAI Labs	2002-01-24 16:18:43 +00:00
des	b917ad33e0	Add an AUTHORS section crediting ThinkSec, DARPA and NAI Labs. Sponsored by: DARPA, NAI Labs	2002-01-23 17:16:00 +00:00
des	ac843e8b75	On second thought, getpwnam() failure should be treated just as if the user existed, but had no OPIE key, i.e. PAM_IGNORE. Pointed out by: ache Sponsored by: DARPA, NAI Labs	2002-01-21 19:05:45 +00:00
des	aeaf48654b	Return PAM_SERVICE_ERR rather than PAM_USER_UNKNOWN if getpwnam() fails, as PAM_USER_UNKNOWN will break the chain, revealing to an attacker that the user does not exist. Sponsored by: DARPA, NAI Labs	2002-01-21 18:53:03 +00:00
des	14be282b68	Add a new module, pam_opieaccess(8), which is responsible for checking /etc/opieaccess and ~/.opiealways so we can decide what to do after pam_opie(8) fails. Sponsored by: DARPA, NAI Labs Reviewed by: ache, markm	2002-01-21 13:43:53 +00:00

25 Commits