method of executing commands remotely. There are no rexec clients in
the FreeBSD tree, and the client function rexec(3) is present only in
libcompat. It has been documented as "obsolete" since 4.3BSD, and its
use has been discouraged in the man page for over 10 years.
than duplicate it. This requires OpenPAM Dianthus, which was committed two
weeks ago; installing these files on a system running a world older than
June 1st, 2003 will cause login(1) and su(1) to fail.
the wheel group has no explicit members listed in /etc/group. This adds
the "exempt_if_empty" flag to pam_wheel in the default configuration;
in some environments, it may be appropriate to remove this flag, however,
this default is the same as pre-pam_wheel.
Reviewed by: markm
Sponsored by: DARPA, Network Associates Laboratories
pam_lastlog, so add a dummy session chain to avoid using the one from
pam.d/other. I assume gdm does something similar, so give it a dummy
session chain as well.
Sponsored by: DARPA, NAI Labs.
Added NOOBJ if anyone even attempts to "make obj" here.
Revert to installing files with mode 644 except README.
Make this overall look like a BSD-style Makefile rather
than roll-your-own (this is not a bug).
For the record. Previous revision also fixed the breakage
introduced by the sys.mk,v 1.60 commit: bsd.own.mk is no
longer automatically included from sys.mk.
Reported by: jhay
pam_login_access(8) and pam_securetty(8) to enforce various checks
previously done by login(1) but now handled by PAM, and pam_lastlog(8) to
record login sessions in utmp / wtmp / lastlog.
Sponsored by: DARPA, NAI Labs
users who don't wish to use it. If the admin is worried about leaking
information about which users exist and which have OPIE enabled, the
no_fake_prompts option can simply be removed.
Also insert the appropriate pam_opieaccess lines after pam_opie to break
the chain in case the user is logging in from an untrusted host, or has a
.opiealways file. The entire opieaccess / opiealways concept is slightly
unpammish, but admins familiar with OPIE will expect it to work.
Reviewed by: ache, markm
Sponsored by: DARPA, NAI Labs
