d/freebsd-skq
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
157,607 Commits 4 Branches 49 Tags
Commit Graph

440 Commits

Author SHA1 Message Date
des
ccae73b84e Remove all instances of pam_std_option() 2003-05-31 16:55:07 +00:00
des
153e03600b Introduce pam_guest(8) which will replace pam_ftp(8). 2003-05-31 16:52:58 +00:00
ru
8bc4d4bba7 mdoc(7) fixes. 
Approved by:	re (blanket)
 2003-05-24 19:53:08 +00:00
des
e5d2d778eb Retire the useless NOSECURE knob. 
Approved by:	re (scottl)
 2003-05-19 15:52:01 +00:00
des
af2766553d OpenPAM is WANRS6-clean. 2003-05-05 21:15:35 +00:00
markm
ee63e7dc15 Turn MAKE_KERBEROS5 into NO_KERBEROS by negating the logic. Some extra 
cleanups were necessary in release/Makefile, and the tinderbox code
was syntax checked, not run checked.
 2003-05-05 07:58:44 +00:00
markm
fad590ab7e Trasmute moer "krb5" distibutions into "crypto". 2003-05-01 21:21:15 +00:00
des
46c06a0c42 Use C99-style varadic macros instead of the non-standard gcc syntax. 2003-05-01 15:08:55 +00:00
des
3beb053fc3 Mark libpam as c99- and WARNS5-clean. 2003-05-01 14:55:06 +00:00
des
31f8a355e2 Make sure rhostip is always initialized. 
PR:		bin/51508
Submitted by:	Peter Grimshaw <peter@tesseract.demon.co.uk>
 2003-04-30 00:49:42 +00:00
des
4f251ebb97 Treat an empty PAM_RHOST the same as a NULL one. 
PR:		bin/51508
 2003-04-30 00:44:05 +00:00
des
c3c465c42c Set $HOME to the correct directory (within the chroot tree). 2003-04-30 00:40:24 +00:00
des
9bee0a595d Remove a bogus null password check which assumed that a user with an empty 
password must necessarily have an empty pwd->pw_passwd.  Also add a check
that prevents users from setting a blank password unless the nullok option
was specified.  Root is still allowed to give anyone a blank password.
 2003-04-24 12:26:25 +00:00
des
0275c44b31 Connect the pam_chroot(8) module to the build. 2003-04-08 16:52:34 +00:00
des
633999b852 Add a cwd option which specifies where to chdir(2) after the chroot(2). 
When using the /home/./foo scheme, this defaults to the rhs (/foo);
otherwise it defaults to /.
 2003-04-08 16:52:18 +00:00
des
5a582e1e30 Experimental pam_chroot module (not connected to the build) 2003-03-30 22:58:23 +00:00
des
ccfd2047be This module is not WARNS-clean, due to brokenness in OpenSSL headers. 2003-03-10 09:19:08 +00:00
des
f30606f0ce Somewhat better wording. 2003-03-10 09:15:26 +00:00
des
3e06ef8dee Silence warning caused by OPIE brokenness. 2003-03-10 09:15:08 +00:00
obrien
e70feef239 style.Makefile(5) police 
(I've tried to keep to the spirit of the original formatting)

Reviewed by:	des
 2003-03-09 20:06:38 +00:00
markm
9981c003b1 KerberosIV de-orbit burn continues. Remove the KerberosIV PAM module. 2003-03-08 10:33:20 +00:00
markm
171598b312 Comment-only assistance to lint to kill warnings. 2003-03-08 10:30:49 +00:00
ru
779559752b mdoc(7) police: Nits. 2003-03-03 11:45:18 +00:00
ru
8b5b8ec6a7 mdoc(7) police: markup laundry. 2003-02-23 01:47:49 +00:00
des
d1e778062c Add an "allow_local" option which forces historical behaviour. 2003-02-16 13:01:03 +00:00
des
af39bbe733 Assume "localhost" if no remote host was specified. This is safe from a 
POLA point of view since the stock /etc/opieaccess now allows localhost.
 2003-02-15 23:26:49 +00:00
des
f91e91de52 Use pam_get_user(3) instead of pam_get_item(3) where appropriate. 2003-02-10 18:59:20 +00:00
des
3dcafca132 Complete rewrite of pam_ssh(8). The previous version was becoming hard 
to maintain, and had security issues which would have required a major
rewrite to address anyway.

This implementation currently starts a separate agent for each session
instead of connecting each new session to the agent started by the first
one.  While this would be a Good Thing (and the old pam_ssh(8) tried to
do it), it's hard to get right.  I'll revisit this issue when I've had a
chance to test some modifications to ssh-agent(1).
 2003-02-09 21:20:44 +00:00
des
1f26428646 Maybe I was a little too fast? Remove debugging code, and commit the 
Makefile and man page which I'd forgotten to 'cvs add'.

Sponsored by:	DARPA, NAI Labs
 2003-02-06 14:27:48 +00:00
des
adcc3ecbe9 Replace pam_wheel(8) with pam_group(8) which has a cleaner interface. The 
pam_wheel(8) module was written to work in spite of a broken libpam, and
has grown organically since its inception, which is reflected in both its
functionality and implementation.  Rather than clean up pam_wheel(8) and
break backward compatibility, I've chosen to reimplement it under a new,
more generic name.

Sponsored by:	DARPA, NAI Labs
 2003-02-06 14:24:14 +00:00
des
3e6b9e7efc Make sure the message is only printed once. 2003-02-06 14:19:50 +00:00
des
ea5370a075 Don't blame markm for what he didn't do - writing these man pages, for 
instance.  Also bump the date since I made substantial modifications
earlier today.
 2003-02-06 13:47:21 +00:00
des
8e490a4ac5 Update copyright. 2003-02-06 12:56:51 +00:00
des
1859534a54 Add support for escape sequences in the arguments (e.g. %u for user name) 
Sponsored by:	DARPA, NAI Labs
 2003-02-06 12:56:39 +00:00
des
18387ab2eb Export the PAM environment to the child process instead of the "normal" 
environment list, which may be unsafe and / or sensitive.

Sponsored by:	DARPA, NAI Labs
 2003-02-06 12:40:58 +00:00
des
7587cbe3ba Minimal manual page for pam_kerberosIV(8). 
Sponsored by:	DARPA, NAI Labs
 2003-02-06 10:55:11 +00:00
des
2f3f171cbe In pam_sm_acct_mgmt(), retrieve the cached credentials before trying to 
initialize the context.  This way, a failure to initialize the context is
not fatal unless we actually have work to do - because if we don't, we
return PAM_SUCCESS without even trying to initialize the context.
 2003-02-03 09:45:41 +00:00
des
4e2d7720df Whitespace cleanup 2003-02-03 09:43:28 +00:00
des
43d52f88dc OpenPAMify. 2003-02-02 18:43:58 +00:00
nectar
7ecaf1e74b Do not return inappropriate error codes in pam_sm_setcred. 2003-01-29 21:20:38 +00:00
nectar
44a92fbc06 About September 2001, I consulted with all the previous authors of 
pam_krb5 to consolidate the copyright texts.  The semi-official
pam_krb5 module has been distributed with this new license text ever
since, but I'm just now getting around to updating the text here.
 2003-01-10 13:38:44 +00:00
schweikh
fec6546e12 english(4) police. 2002-12-27 12:15:40 +00:00
ru
30f31561da mdoc(7) police: removed gratuitous .Pp call. 2002-12-23 15:21:57 +00:00
des
7966ff24b5 Merge in most non-style differences from Andrew Korty's pam_ssh 1.7. 2002-12-16 14:33:18 +00:00
ru
ea54687b0d mdoc(7) police: .Dt is ALL UPPERCASE. 
Approved by:	re
 2002-12-12 08:19:47 +00:00
ru
3f859aa2ab mdoc(7) police: formatting nits. 
Approved by:	re
 2002-11-29 15:57:50 +00:00
des
c88eb4583e Whitespace nits. 
Approved by:	re (bmah)
 2002-11-28 20:11:31 +00:00
des
29b2e3446c Add a PAM_MODULE_ENTRY to this module so it'll actually do something. 
Approved by:	re (bmah)
 2002-11-28 20:05:42 +00:00
peter
97526c738c utmp.ut_time and lastlog.ll_time are explicitly int32_t rather than 
time_t.  Deal with the possibility that time_t != int32_t.  This boils
down to this sort of thing:
 -   time(&ut.ut_time);
 +   ut.ut_time = time(NULL);
and similar for ctime(3) etc.  I've kept it minimal for the stuff
that may need to be portable (or 3rd party code), but used Matt's time32
stuff for cases where that isn't as much of a concern.

Approved by: re (jhb)
 2002-11-15 22:42:00 +00:00
ru
6db7cbc3e1 Make dynamic PAM modules depend on dynamic PAM library. 
Requested by:	des, markm
 2002-11-14 19:24:51 +00:00