to a hostname. This will help those who keep a cluster of machines all with
the same hostname but different domain names.
PR: bin/9091
Submitted By: Heikki Suonsivu <hsu@clinet.fi>
No Response From: -current mailing list
man(1) will utilize manpath(1) if MANPATH is unset in the environment,
and with our existing manpath.config it is enough to find the X11
pages among others.
PR: 8587
Submitted by: Marc Slemko <marcs@znep.com>
mechanisms ('bind' user and group) in place so the feature can be easily
turned on. There were too many complaints. The security(1) man
page will be created/updated to include the appropriate info.
Delete rc.local from CVS tree, its remaining functionality has been
moved to /etc/rc. /etc/rc still supports an rc.local but it is now
a 100% user-controlled file.
Commit changes to rc and rc.local, removing the remaining minimal
functionality of rc.local into rc and commenting it out of rc.local
prior to the deletion of rc.local from the CVS tree.
(3?) people will make an effort to help those who would have benefitted from
this change. And just telling them that they should read and understand
the significance of each message posted to -current is not really good
enough IMHO.
${DESTDIR}/etc and an install target to install the missing ones. This
allows new files like pam.conf to be installed by the first installworld
after the file is added, but avoid clobbering files that might be
customized. This should save some support questions.
to the comments in named.conf to describe to the user how to create it.
(named.conf does not use /etc/namedb/s by default anyway so us not
pre-created it in the mtree does not hurt us terribly).
Replace non-existent directory for operator with /
Supply by default operator with non-existent but can be created directory
and /bin/csh is kinda security risk
Adjust rc.conf to run named in sandbox, adjust mtree to add /etc/namedb/s
subdirectory (user bind, group bind) to hold secondaries, adjust
comments in named.conf to reflect new secondary scheme. (Note that
core read-only zone files are left owned by root, increasing security even
more).
adjustd inetd.conf to run comsat and ntalk from tty sandbox, and
the (commented out) ident from the kmem sandbox.
Note that it is necessary to give each group access it's own uid to
prevent programs running under a single uid from being able to gdb
or otherwise mess with other programs (with different group perms) running
under the same uid.
methods used by login. Changes to "/usr/bin/login" to use it will
be committed later today. The format of the file is described in
pam(8).
This sample file makes login behave in the traditional way. To
wit, it enables authentication via S/Key and passwd/NIS lookups.
KerberosIV authentication is present in the sample file but commented
out.
As a safety net and a transition aid, login will fall back on
built-in passwd/NIS authentication if this configuration file is
missing or if some other fatal PAM error occurs.
This file will eventually replace "/etc/auth.conf", but not until
I've finished converting the other utilities, such as passwd and su.
header files go. I am not too happy about the name. But if we are
to have any hope of being able to use 3rd party PAM modules, we'll
have to live with it.
Disable building tickadj(8) by removing util from SUBDIR in the xntpd
Makefile. Note that the sources are still there and tickadj can still
be built and installed by doing:
# cd /usr/src/usr.sbin/xntpd/util
# make all install
There are enough references to tickadj in e.g. the xntpd documentation
(not to mention the sysctl variables it uses etc.) that I don't feel
up to implementing the final solution right now.
Kinda-approved-by: phk
rwho iff /var/rwho is empty. Call `uptime' instead. This doesn't
belong under `network' right away, but at least reports the same
informaton about the local system. rwhod is not turned on by default
(for good reason), and i've already seen too many of the above
messages...
original contents of the file preserved as examples for administrators
that need to enable them.
Also add a comment to the examples pointing out that the authentication
functionality is largely unused and requires rebuilding libutil.
Reviewed by: jkh
file formats. I have added a new rc.conf variable ${ldconfig_paths_aout}
which is like ${ldconfig_paths}, but only for a.out shared libraries.
On a "standard" ELF system, the ELF ldconfig path is taken from
${ldconfig_paths}, while the a.out ldconfig path is taken from
${ldconfig_paths_aout}.
On a not-yet-converted a.out system, only the a.out ldconfig path
is set, and it is taken from ${ldconfig_paths_aout}. If that
variable is unset, /etc/rc defaults it to the value of ${ldconfig_paths},
on the assumption that the system's "/etc/rc.conf" file hasn't been
updated.
committed a fix for in 2 days and 3 different people have forgotten
to update this file. GRRR! What's it going to take, electrodes to
the sensitive bits, people?? :-)
