Commit Graph

555 Commits

Author SHA1 Message Date
des
e50a38ba7d MFV (r255364): move the code around in preparation for Nummularia. 2013-09-07 18:46:35 +00:00
des
338d7c2adb Vendor import of OpenPAM Nummularia.. 2013-09-07 16:15:30 +00:00
des
e86dd36ab2 Prepare for OpenPAM Nummularia by reorganizing to match its new directory
structure.
2013-09-07 16:10:15 +00:00
sjg
62bb106222 Merge from head 2013-09-05 20:18:59 +00:00
will
7c6cb741cf Make the PAM password strength checking module WARNS=2 safe.
lib/libpam/modules/pam_passwdqc/Makefile:
	Bump WARNS to 2.

contrib/pam_modules/pam_passwdqc/pam_passwdqc.c:
	Bump  _XOPEN_SOURCE and _XOPEN_VERSION from 500 to 600
	so that vsnprint() is declared.

	Use the two new union types (pam_conv_item_t and
	pam_text_item_t) to resolve strict aliasing violations
	caused by casts to comply with the pam_get_item() API taking
	a "const void **" for all item types.  Warnings are
	generated for casts that create "type puns" (pointers of
	conflicting sized types that are set to access the same
	memory location) since these pointers may be used in ways
	that violate C's strict aliasing rules.  Casts to a new
	type must be performed through a union in order to be
	compliant, and access must be performed through only one
	of the union's data types during the lifetime of the union
	instance.  Handle strict-aliasing warnings through pointer
	assignments, which drastically simplifies this change.

	Correct a CLANG "printf-like function with more arguments
	than format" error.

Submitted by:	gibbs
Sponsored by:	Spectra Logic
2013-08-27 15:50:26 +00:00
des
5e5b39c47e GC unused source file. 2013-08-16 10:53:36 +00:00
des
4faf138873 Backport upstream r684 (OPENPAM_DEBUG enables debugging macros but does
not turn debugging on by default) and add OPENPAM_DEBUG to CFLAGS.
2013-04-14 16:49:27 +00:00
sjg
97d8b94956 sync from head 2013-04-12 20:48:55 +00:00
jkim
5f9930d09f Fix declaration vs. definition inconsistency. No functional change. 2013-04-05 23:41:34 +00:00
sjg
6d37b86f2b Updated dependencies 2013-03-11 17:21:52 +00:00
sjg
0ee5295509 Updated dependencies 2013-02-16 01:23:54 +00:00
sjg
f78049adbd Move build of openpam_static_modules.o to its own subdir
to avoid circular dependency b/w libpam and modules.

Reviewed by:	obrien
2013-01-24 19:09:38 +00:00
sjg
9f7bd28e77 Updated/new Makefile.depend 2012-11-08 21:24:17 +00:00
sjg
778e93c51a Sync from head 2012-11-04 02:52:03 +00:00
eadler
3f7a414911 remove duplicate semicolons where possible.
Approved by:	cperciva
MFC after:	1 week
2012-10-22 03:00:37 +00:00
des
26f1bc7822 Remove unnecessary #include. 2012-09-28 12:29:25 +00:00
eadler
e08a8123c5 Bump date missed in r202756
PR:		docs/171624
Submitted by:	bdrewery
Approved by:	gabor
MFC after:	3 days
2012-09-14 17:50:42 +00:00
marcel
9dd41e3647 Sync FreeBSD's bmake branch with Juniper's internal bmake branch.
Requested by: Simon Gerraty <sjg@juniper.net>
2012-08-22 19:25:57 +00:00
dim
e55724fcb2 Fix an instance in pam_krb5(8), where the variable 'user' could be used
uninitialized.

Found by:	clang 3.2
Reviewed by:	des
MFC after:	1 week
2012-08-06 18:44:59 +00:00
dim
74a518dd3c Fix two instances in pam_krb5(8), where the variable 'princ_name' could
be used uninitialized.

Found by:	clang 3.2
Reviewed by:	des
MFC after:	1 week
2012-08-06 18:40:14 +00:00
dfr
6bdab82e0a Add an option for pam_krb5 to allow it to authenticate users which don't have
a local account.

PR:		76678
Submitted by:	daved at tamu.edu
MFC after:	2 weeks
2012-08-05 13:40:35 +00:00
des
e591108b4f Update to OpenPAM Micrampelis. 2012-05-26 17:10:16 +00:00
des
14a6c41ca7 Passing NULL as a key casues a segfault when loading SSH 1 keys. Use
an empty string instead.
2012-05-26 17:03:45 +00:00
wblock
9fa9a2acad Fixes to man8 groff mandoc style, usage mistakes, or typos.
PR:		168016
Submitted by:	Nobuyuki Koganemaru
Approved by:	gjb
MFC after:	3 days
2012-05-24 02:24:03 +00:00
dumbbell
d6a537d930 Fix error messages containing the executed command name
Before, we took the first argument to pam_exec(8). With the addition of
options in front of the command, this could be wrong.

Now, options are parsed before calling _pam_exec() and messages contain
the proper command name.

While here, fix a warning.

Sponsored by:	Yakaz (http://www.yakaz.com)
2012-04-12 14:02:59 +00:00
eadler
1ef5fe44d3 Remove trailing whitespace per mdoc lint warning
Disussed with:	gavin
No objection from:	doc
Approved by:	joel
MFC after:	3 days
2012-03-29 05:02:12 +00:00
dumbbell
43dc3df2a8 Use program exit status as pam_exec return code (optional)
pam_exec(8) now accepts a new option "return_prog_exit_status". When
set, the program exit status is used as the pam_exec return code. It
allows the program to tell why the step failed (eg. user unknown).
However, if it exits with a code not allowed by the calling PAM service
module function (see $PAM_SM_FUNC below), a warning is logged and
PAM_SERVICE_ERR is returned.

The following changes are related to this new feature but they apply no
matter if the "return_prog_exit_status" option is set or not.

The environment passed to the program is extended:
    o  $PAM_SM_FUNC contains the name of the PAM service module function
       (eg. pam_sm_authenticate).
    o  All valid PAM return codes' numerical values are available
       through variables named after the return code name. For instance,
       $PAM_SUCCESS, $PAM_USER_UNKNOWN or $PAM_PERM_DENIED.

pam_exec return code better reflects what went on:
    o  If the program exits with !0, the return code is now
       PAM_PERM_DENIED, not PAM_SYSTEM_ERR.
    o  If the program fails because of a signal (WIFSIGNALED) or doesn't
       terminate normally (!WIFEXITED), the return code is now
       PAM_SERVICE_ERR, not PAM_SYSTEM_ERR.
    o  If a syscall in pam_exec fails, the return code remains
       PAM_SYSTEM_ERR.

waitpid(2) is called in a loop. If it returns because of EINTR, do it
again. Before, it would return PAM_SYSTEM_ERR without waiting for the
child to exit.

Several log messages now include the PAM service module function name.

The man page is updated accordingly.

Reviewed by:	gleb@, des@
Sponsored by:	Yakaz (http://www.yakaz.com)
MFC after:	2 weeks
2012-03-26 12:18:15 +00:00
stas
f53c9505e0 - Avoid using deprecated heimdal functions in pam_krb5. 2012-03-24 01:02:03 +00:00
stas
2d133d4c85 - Avoid use of deprecated KRB5 functions. 2012-03-22 11:18:14 +00:00
stas
e7e0b34988 - Update FreeBSD Heimdal distribution to version 1.5.1. This also brings
several new kerberos related libraries and applications to FreeBSD:
  o kgetcred(1) allows one to manually get a ticket for a particular service.
  o kf(1) securily forwards ticket to another host through an authenticated
    and encrypted stream.
  o kcc(1) is an umbrella program around klist(1), kswitch(1), kgetcred(1)
    and other user kerberos operations. klist and kswitch are just symlinks
    to kcc(1) now.
  o kswitch(1) allows you to easily switch between kerberos credentials if
    you're running KCM.
  o hxtool(1) is a certificate management tool to use with PKINIT.
  o string2key(1) maps a password into key.
  o kdigest(8) is a userland tool to access the KDC's digest interface.
  o kimpersonate(8) creates a "fake" ticket for a service.

  We also now install manpages for some lirbaries that were not installed
  before, libheimntlm and libhx509.

- The new HEIMDAL version no longer supports Kerberos 4.  All users are
  recommended to switch to Kerberos 5.

- Weak ciphers are now disabled by default.  To enable DES support (used
  by telnet(8)), use "allow_weak_crypto" option in krb5.conf.

- libtelnet, pam_ksu and pam_krb5 are now compiled with error on warnings
  disabled due to the function they use (krb5_get_err_text(3)) being
  deprecated.  I plan to work on this next.

- Heimdal's KDC now require sqlite to operate.  We use the bundled version
  and install it as libheimsqlite.  If some other FreeBSD components will
  require it in the future we can rename it to libbsdsqlite and use for these
  components as well.

- This is not a latest Heimdal version, the new one was released while I was
  working on the update.  I will update it to 1.5.2 soon, as it fixes some
  important bugs and security issues.
2012-03-22 08:48:42 +00:00
peter
e5fa065e08 Rev 228065 (change bsd.own.mk -> bsd.init.mk) broke pam_unix.so by causing
the LDADD/DPADD to lose the -lpam, and causing openpam_dynamic() to fail
due to "openpam_get_options" being undefined.

This would cause obscure console log messages like:
  openpam_dynamic(): No error: 0
  openpam_load_module(): no pam_unix.so found
and other helpful messages which are no help in diagnosing the problem.

Fortunately this change was not mfc'ed to 9.x, it isn't broken there.
2012-01-18 18:26:56 +00:00
des
50a0ec7697 Upgrade to OpenPAM Lycopsida. 2011-12-18 17:22:45 +00:00
fjoe
85c13d37e1 .include <bsd.init.mk> instead of <bsd.own.mk>
The former allows common settings from ../Makefile.inc to be used.
2011-11-28 14:01:17 +00:00
des
b93ba3b0f1 Revert r227841 and part of r227798. We still build libpam in two passes,
but we use STATIC_CFLAGS instead of our own private .c.o rule.

MFC after:	3 weeks
2011-11-24 13:18:58 +00:00
des
a2866d9e62 Simplify the libpam build by removing the shared modules' dependency
on the shared library.  The modules are loaded by the library, so we
know it'll be there when we need it.

MFC after:	3 weeks
2011-11-21 16:40:39 +00:00
des
bf5f03ca46 key_load_private() ignores the passphrase argument if the private key
is unencrypted.  This defeats the nullok check, because it means a
non-null passphrase will successfully unlock the key.

To address this, try at first to load the key without a passphrase.
If this succeeds and the user provided a non-empty passphrase *or*
nullok is false, reject the key.

MFC after:	1 week
Noticed by:	Guy Helmer <guy.helmer@palisadesystems.com>
2011-11-20 15:18:49 +00:00
ed
518d5f5152 Ensure pam_lastlog removes the /dev/ component of the TTY name.
Some consumers of PAM remove the /dev/ component (i.e. login), while
others don't (i.e. su). We must ensure that the /dev/ component is
removed to ensure that the utmpx entries properly work with tools such
as w(1).

Discussed with:	des
MFC after:	1 week
2011-11-07 19:57:42 +00:00
ed
e59eeb86a4 Remove an unused variable from pam_unix.
This variable was added in r82352 back in 2001, but even then it didn't
have any use. Because it's not marked static, the C compiler won't
complain about it.

Discussed with:	des
2011-11-05 10:00:29 +00:00
des
53ee6626a3 Note that pam_unix(8) does not respect PAM_CHANGE_EXPIRED_AUTHTOK. 2011-11-02 23:40:21 +00:00
des
b0b57d16dd Revert the previous commit and add a comment explaining why it was wrong. 2011-10-22 14:08:21 +00:00
des
bf25cd5b36 openpam_static.c isn't auto-generated. 2011-10-22 04:39:12 +00:00
des
c5fa84a478 Load the ECDSA key if there is one.
MFC after:	1 week
2011-10-07 12:58:33 +00:00
des
6470f47d70 Mention the name of the module in warning messages. 2011-03-12 11:26:37 +00:00
des
f2482661e2 Add "ruser" and "luser" options. The former corresponds to the current
behavior, where the module checks that the supplicant is a member of the
required group.  The latter checks the target user instead.  If neither
option was specified, pam_group(8) assumes "ruser" and issues a warning.
I intend to eventually change the default to "luser" to match the
behavior of similarly-named service modules in other operating systems.

MFC after:	1 month
2011-03-12 11:12:30 +00:00
des
e6c1faea49 No newline required.
MFC after:	2 weeks
2011-03-09 14:38:00 +00:00
des
ed5fc363f9 Add <time.h> for ctime(), which we accidentally picked up through
<sys/time.h>.

Submitted by:	Garrett Cooper <yanegomi@gmail.com>
MFC after:	3 days
2010-11-22 14:45:16 +00:00
delphij
cc08eec05b Bump .Dd date.
Forgotten by:	delphij
2010-05-03 09:49:42 +00:00
mm
c3022adc56 Code indent according to style(9).
PR:		bin/146186
Submitted by:	myself
Approved by:	delphij (mentor)
MFC after:	2 weeks
2010-05-03 07:39:51 +00:00
mm
305cdfaf86 Implement the no_user_check option to pam_krb5.
This option is available in the Linux implementation of pam_krb5
and allows to authorize a user not known to the local system.

Ccache is not used as we don't have a secure uid/gid for the cache file.

Usable for authentication of external kerberos users (e.g Active Directory)
via PAM from applications like Cyrus saslauthd, PHP or perl.

PR:		bin/146186
Submitted by:	myself
Approved by:	deplhij (mentor)
MFC after:	2 weeks
2010-05-03 07:32:24 +00:00
des
c3510f9e73 Upgrade to OpenSSH 5.4p1.
MFC after:	1 month
2010-03-09 19:16:43 +00:00
uqs
4a10ff6f04 Remove redundant WARNS?=6 overrides and inherit the WARNS setting from
the toplevel directory.

This does not change any WARNS level and survives a make universe.

Approved by:        ed (co-mentor)
2010-03-02 18:44:08 +00:00
uqs
f8d1dd7a4e Always assign WARNS using ?=
- fix some nearby style bugs
- include Makefile.inc where it makes sense and reduces duplication

Approved by:	ed (co-mentor)
2010-03-02 16:58:04 +00:00
ru
35a8cfd727 %U was macroized in mdoc(7), escape. 2010-02-16 12:29:02 +00:00
des
154cd7f251 Respect passwordtime from login.conf if set.
PR:		bin/93473
Submitted by:	Björn König <bkoenig@cs.tu-berlin.de>
MFC after:	1 week
2010-02-02 13:47:18 +00:00
ed
b28da9a61e Remove stale references to utmp(5) and its corresponding filenames.
I removed utmp and its manpage, but not other manpages referring to it.
2010-01-21 17:25:12 +00:00
ed
c41b2252cc Let pam_lastlog use random ut_id's.
By using random values for ut_id, not based on the TTY name, it is
possible to run for example login(1) multiple times on the same TTY,
without overwriting any previous records.

The output of w(1) will then be as follows:

| 12:26PM  up 2 days,  2:31, 5 users, load averages: 0.01, 0.03, 0.03
| USER       TTY      FROM                      LOGIN@  IDLE WHAT
| ed         pts/2    mekker.80386.nl          12:26PM     - w
| root       pts/2    -                        12:26PM     - w
| root       pts/2    -                        12:26PM     - w
| root       pts/2    -                        12:26PM     - w

Approved by:	des
2010-01-18 11:29:51 +00:00
marcel
8ec113acf7 Unbreak builds with _FREEFALL_CONFIG=yes, by forcing a lower WARNS
level in that case.
2010-01-17 19:47:42 +00:00
ed
e846918be8 Let pam_lastlog use utmpx instead of libulog's utmpx interface.
It will still use ulog_login(3) and ulog_logout(3), which will remain
present.
2010-01-13 18:32:31 +00:00
ed
09818ac28e Build lib/ with WARNS=6 by default.
Similar to libexec/, do the same with lib/. Make WARNS=6 the norm and
lower it when needed.

I'm setting WARNS?=0 for secure/. It seems secure/ includes the
Makefile.inc provided by lib/. I'm not going to touch that directory.
Most of the code there is contributed anyway.
2010-01-02 09:58:07 +00:00
ed
2062dc2dbf Several refinements to libulog's API.
- Only set the fields in the ulog_utmpx structure that are valid for the
  command in question. This means that strings like "shutdown" or "~"
  are not visible to the user anymore.
- Rename UTXF_* to UTXI_*, indicating the indexation, instead of using
  the `antique' filename. If we ever get rid of utmp, it makes little
  sense calling it by its old name.
2009-12-26 22:36:05 +00:00
ed
caa83cf255 Convert pam_lastlog(8) to libulog.
The information used by the "Last login:"-line is obtained by using
ulog_setutxfile(3) to switch to the lastlog database. Login and logout
are performed using the utility functions ulog_login(3) and
ulog_logout(3).

This also means we must build libulog during bootstrap.

Approved by:	des
2009-12-11 14:15:55 +00:00
des
e00b284b20 Note that nullok should not be used by processes that can't access the
password database.

PR:		bin/126650, misc/140514
MFC after:	1 week
2009-11-13 11:19:26 +00:00
des
ca197bb5b5 pam_ssh needs roaming_dummy to link correctly against libssh. 2009-10-05 18:56:18 +00:00
jon
33cb329cc2 Prevents pam_lastlog from segfaulting on session close when tty is null.
MFC after:	1 month
2009-08-30 05:12:37 +00:00
kensmith
9c2c634ee9 Bump the version of all non-symbol-versioned shared libraries in
preparation for 8.0-RELEASE.  Add the previous version of those
libraries to ObsoleteFiles.inc and bump __FreeBSD_Version.

Reviewed by:    kib
Approved by:    re (rwatson)
2009-07-19 17:25:24 +00:00
des
65fed99c3c Rewrap; this was getting painful. Translators can ignore this.
MFC after:	1 week
2009-06-20 10:09:59 +00:00
des
c336f71c8f Reword.
MFC after:	1 week
2009-06-20 10:06:10 +00:00
ed
6cb47f8ff6 Include <stdio.h> for asprintf().
Submitted by:	Pawel Worach
2009-06-14 12:45:48 +00:00
des
123e930ac3 Don't try to auto-detect dynamic linking; it fails on mips. The Makefile
part of the patch is an ugly (and hopefully temporary) hack.

Discussed with:	imp@
2009-02-17 16:35:19 +00:00
dfr
fa73dbbb79 Add new heimdal-1.1 library. 2008-05-15 15:28:18 +00:00
dfr
be0348cb75 Fix conflicts after heimdal-1.1 import and add build infrastructure. Import
all non-style changes made by heimdal to our own libgssapi.
2008-05-07 13:53:12 +00:00
des
6f627a80ed Adjust for OpenPAM Hydrangea. 2007-12-21 12:00:16 +00:00
des
050649d640 Correct documentation of ~/.opiealways
PR:		117512
Submitted by:	Jeremy C. Reed <reed@reedmedia.net>
MFC after:	1 week
2007-10-26 07:50:11 +00:00
ru
db64b4a4bc - Convert NO_INSTALLLIB option to a new syntax: makefiles should
test MK_INSTALLLIB, users can set WITHOUT_INSTALLLIB.  The old
  NO_INSTALLLIB is still supported as several makefiles set it.

- While here, fix an install when instructed not to install libs
  (usr.bin/lex/lib/Makefile).

PR:		bin/114200
Submitted by:	Henrik Brix Andersen
2007-10-20 19:01:50 +00:00
des
c81c3fef7a Apply the same error checks to PAM_TTY in pam_sm_close_session() as in
pam_sm_open_session(), avoiding false negatives when no tty is present.

Submitted by:	Todd C. Miller <millert@courtesan.com>
Approved by:	re (rwatson)
MFC after:	2 weeks
2007-07-22 15:17:29 +00:00
des
54314403b7 Whitespace cleanup
Approved by:	re (rwatson)
2007-07-22 15:14:40 +00:00
rafan
5fd49d94d5 - Bump share library version which were missed in last bump
Reported by: 	     jhb
Discussed with:	     deischen, des, doubg, harti
Approved by:	     re (kensmith)
2007-06-18 18:47:54 +00:00
yar
25b7a16e23 Use the current user's login class for the decisions about where
the nologin(5) file is located and whether the user may bypass its
restriction.

Add some error checks.

Approved by:	des
PR:		bin/107612
2007-06-14 13:07:06 +00:00
yar
dac62e7ff2 Now pam_nologin(8) will provide an account management function
instead of an authentication function.  There are a design reason
and a practical reason for that.  First, the module belongs in
account management because it checks availability of the account
and does no authentication.  Second, there are existing and potential
PAM consumers that skip PAM authentication for good or for bad.
E.g., sshd(8) just prefers internal routines for public key auth;
OTOH, cron(8) and atrun(8) do implicit authentication when running
a job on behalf of its owner, so their inability to use PAM auth
is fundamental, but they can benefit from PAM account management.

Document this change in the manpage.

Modify /etc/pam.d files accordingly, so that pam_nologin.so is listed
under the "account" function class.

Bump __FreeBSD_version (mostly for ports, as this change should be
invisible to C code outside pam_nologin.)

PR:		bin/112574
Approved by:	des, re
2007-06-10 18:57:20 +00:00
des
678d09f0cf Re-add support for NIS netgroups (heavily modified from patch in PR)
PR:		bin/112955
Submitted by:	A. Blake Cooper <blake@cluebie.net>
MFC after:	3 weeks
2007-05-25 07:50:18 +00:00
yar
e8ee34e142 In account management, verify whether the account has been locked
with `pw lock', so that it's impossible to log into a locked account
using an alternative authentication mechanism, such as an ssh key.
This change affects only accounts locked with pw(8), i.e., having a
`*LOCKED*' prefix in their password hash field, so people still can
use a different pattern to disable password authentication only.

Mention all account management criteria in the manpage.

Approved by:	maintainer (timeout)
PR:		bin/71147
MFC after:	1 month
2007-03-27 09:59:15 +00:00
pjd
14e97fe311 Send not only Access Request, but also Access Challenge with defined
NAS-Identifier and NAS-IP-Address.

Reviewed by:	bz
MFC after:	1 month
2007-01-20 08:52:04 +00:00
des
cd277df0bb childerr needs to be volatile so gcc won't optimize it away.
PR:		bin/85830
MFC after:	1 week
2006-11-10 23:33:25 +00:00
ru
f2378ce746 The pam_unix module also provides password management.
PR:		docs/93491
Submitted by:	Lior Kadosh
MFC after:	3 days
2006-10-12 15:00:17 +00:00
ru
b6d284e093 Fix build. 2006-09-30 20:33:42 +00:00
des
22cf0fa876 Reject user with names that are longer than OPIE is willing to deal with;
otherwise OPIE will happily truncate it.

Spotted by:	ghelmer
MFC after:	2 weeks
2006-09-15 13:42:38 +00:00
joel
e751eb9832 Bump .Dd.
Noticed by:	danger
2006-09-13 18:34:32 +00:00
joel
e532d7ce17 Remove references to the pam(8) manual page. It does not exist.
Requested by:	novel
Discussed with:	brueffer, simon
2006-09-13 17:46:20 +00:00
des
55b6d867ea Additional debugging stuff I had in my tree. 2006-08-11 17:03:33 +00:00
stefanf
6cdb8f6653 Change the GCC specific __FUNCTION__ to C99's __func__.
OK'ed by:	des
2006-07-17 11:48:52 +00:00
des
456f2593a5 Add a manual dependency on ssh_namespace.h.
Discussed with:	ru
2006-05-13 21:38:16 +00:00
des
148092431d Introduce a namespace munging hack inspired by NetBSD to avoid polluting
the namespace of applications which inadvertantly link in libssh (usually
through pam_ssh)

Suggested by:	lukem@netbsd.org
MFC after:	6 weeks
2006-05-13 13:47:45 +00:00
wkoszek
a9e9a228bd There is no need to pass NULL to the pam_error() as the last argument.
Remove it.

Reviewed by:	des
Approved by:	cognet (mentor)
2006-03-20 16:56:08 +00:00
ru
81f8a2cff8 Fix build until I find a way to handle this case properly. 2006-03-19 08:52:49 +00:00
ru
90b657b795 Revert last delta. 2006-03-19 06:14:30 +00:00
phk
5a9bbe93ee Comment out MK_PROFILE until ru@ can fix this properly 2006-03-19 04:49:11 +00:00
ru
5f8b6d3c5a Convert NO_PROFILE and NO_LIB32 to new style. 2006-03-18 21:37:05 +00:00
ru
388e590f95 Reimplementation of world/kernel build options. For details, see:
http://lists.freebsd.org/pipermail/freebsd-current/2006-March/061725.html

The src.conf(5) manpage is to follow in a few days.

Brought to you by:	imp, jhb, kris, phk, ru (all bugs are mine)
2006-03-17 18:54:44 +00:00
yar
7ba58b694e Add appropriate xrefs.
MFC after:	3 days
2006-03-06 13:15:12 +00:00
yar
f4b4b54f2b Since the whole login.access feature has moved to PAM,
login.access.5 will be installed from the respective PAM
module's src directory.

MFC after:	3 days
2006-03-06 12:31:25 +00:00