d/freebsd-skq
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
187,650 Commits 4 Branches 49 Tags 2 GiB
d68a3343d3
Commit Graph

18 Commits

Author SHA1 Message Date
des
d887ae0610 tabify 
MFC after:	3 weeks
 2009-10-05 09:28:54 +00:00
des
9df826fb18 Change the pam_ssh examples: if you use it, you probably want want_agent. 
MFC after:	3 weeks
 2009-10-05 09:26:22 +00:00
yar
dac62e7ff2 Now pam_nologin(8) will provide an account management function 
instead of an authentication function.  There are a design reason
and a practical reason for that.  First, the module belongs in
account management because it checks availability of the account
and does no authentication.  Second, there are existing and potential
PAM consumers that skip PAM authentication for good or for bad.
E.g., sshd(8) just prefers internal routines for public key auth;
OTOH, cron(8) and atrun(8) do implicit authentication when running
a job on behalf of its owner, so their inability to use PAM auth
is fundamental, but they can benefit from PAM account management.

Document this change in the manpage.

Modify /etc/pam.d files accordingly, so that pam_nologin.so is listed
under the "account" function class.

Bump __FreeBSD_version (mostly for ports, as this change should be
invisible to C code outside pam_nologin.)

PR:		bin/112574
Approved by:	des, re
 2007-06-10 18:57:20 +00:00
markm
a2678ea957 The PAM module pam_krb5 does not have "session" capabilities. 
Don't give examples of such use, this is bogus.
 2003-04-30 21:57:54 +00:00
markm
ecc5f917a3 Initiate KerberosIV de-orbit burn. Disconnect the /etc configs. 2003-03-08 09:50:11 +00:00
des
a9b8975387 Add the allow_local option to all pam_opieaccess entries. 2003-02-16 13:02:39 +00:00
des
d4d4a833ae Major cleanup & homogenization. 2003-02-10 00:50:03 +00:00
des
1b6009d788 Don't enable pam_krb5 by default - most people don't have it since most 
people don't build with MAKE_KERBEROS5 defined.  Provide commented-out
usage examples instead, like we do everywhere else.

Pointy hat to:	des
 2003-02-03 14:45:02 +00:00
des
13a23e2886 Enable pam_krb5 for sshd. I've had this in my tree for ages. 2003-02-02 18:41:26 +00:00
des
81fe169630 Since OpenSSH drops privileges before calling pam_open_session(3), 
pam_lastlog(8) can't possibly work, so let OpenSSH handle lastlog.

Approved by:	re (rwatson)
 2002-12-03 15:48:11 +00:00
des
5c93810aed Silence pam_lastlog for now. 2002-07-07 10:00:43 +00:00
des
2645a88fb1 Enable OPIE for sshd and telnetd. I thought I'd done this a long time 
ago...

Sponsored by:	DARPA, NAI Labs
 2002-06-19 20:00:43 +00:00
des
0be56e68fc Use pam_lastlog(8)'s new no_fail option. 
Sponsored by:	DARPA, NAI Labs
 2002-05-08 00:33:02 +00:00
des
3e36ee6341 Don't list pam_unix in the session chain, since it does not provide any 
session management services.

Sponsored by:	DARPA, NAI Labs
 2002-04-18 17:40:27 +00:00
des
7b3eec9c1b Add pam_lastlog(8) here since I removed lastlog support from sshd. 
Sponsored by:	DARPA, NAI Labs
 2002-04-15 02:46:24 +00:00
ru
065ea04bd8 Switch over to using pam_login_access(8) module in sshd(8). 
(Fixes static compilation.  Reduces diffs to OpenSSH.)

Reviewed by:	bde
 2002-03-26 12:52:28 +00:00
des
341beea7b9 Awright, egg on my face. I should have taken more time with this. The 
conversion script generated the wrong format, so the configuration files
didn't actually work.  Good thing I hadn't thrown the switch yet...

Sponsored by:	DARPA, NAI Labs (but the f***ups are all mine)
 2001-12-05 21:26:00 +00:00
des
9fc2ed638e pam.d-style configuration, auto-generated from pam.conf. 
Sponsored by:	DARPA, NAI Labs
 2001-12-05 21:06:21 +00:00