Commit Graph

90 Commits

Author SHA1 Message Date
provos d15e0fa262 password hashing utility that allows des, md5 or bcrypt passwords to be
created in scripts;  tool originally from downsj@openbsd.org;
approved by perry.
2002-10-01 20:48:58 +00:00
grant be8ae688ae New sentence, new line. 2002-09-30 11:08:56 +00:00
itojun 3be26b82ef use arc4random 2002-05-28 11:19:17 +00:00
itojun c89c003ed2 support bcrypt password. can be chosen by "blowfish" keyword in passwd.conf.
from openbsd
2002-05-24 04:02:47 +00:00
thorpej 9c33b55e7c Split the notion of building Hesiod, Kerberos, S/key, and YP
infrastructure and using that infrastructure in programs.

	* MKHESIOD, MKKERBEROS, MKSKEY, and MKYP control building
	  of the infratsructure (libraries, support programs, etc.)

	* USE_HESIOD, USE_KERBEROS, USE_SKEY, and USE_YP control
	  building of support for using the corresponding API
	  in various libraries/programs that can use it.

As discussed on tech-toolchain.
2002-03-22 18:10:19 +00:00
wiz aded0d2cce Whitespace cleanup. 2001-12-01 16:43:07 +00:00
ad 28a9c7f8da Slight change to previous: rebuild the insecure password db if the expiry
time has changed, not just been set.
2001-08-18 19:42:40 +00:00
ad 1e8e78ed07 Update for pw_mkdb() change: restrict updates to one user's records and/or
the secure database where appropriate.
2001-08-18 19:35:32 +00:00
simonb a378517ea4 80 column police. 2001-03-28 03:17:41 +00:00
cgd a8ec668ddf convert to use getprogname() 2001-02-19 23:03:42 +00:00
cgd c52d4f59e8 __progname not used here, so don't extern it 2001-02-13 00:14:58 +00:00
fvdl 176686cd4f In krb5_end, don't try to free the krb5 context if it's not yet
been initialized. Fixes coredump when passwd is called as 'yppasswd'.
2000-11-18 19:29:20 +00:00
simonb 9b22175a26 Remove INSTALLFLAGS=-fschg, as per change to usr.bin/ssh/ssh/Makefile. 2000-10-18 00:24:18 +00:00
ad ec40993b05 Back out previous. 2000-10-09 11:14:59 +00:00
ad 6be1fe9169 Fix warning message. 2000-10-09 11:14:17 +00:00
ad 0db0171979 Back out previous. 2000-10-09 11:14:16 +00:00
ad 7f700a8518 Document new behaviour WRT password expiry, and Xr login.conf. 2000-09-21 11:13:06 +00:00
ad f03c136f00 When not running as the super-user: if the user's password has expired or is
due to expire within _PASSWORD_WARNDAYS (or the setting from login.conf),
force the user to set a different password than the one they are currently
using. (Yes, it's actually worthwhile doing this.)
2000-09-21 11:11:49 +00:00
ad 5ab843adef - sizeof(), not constants.
- snprintf() will always terminate the output string.
- Spacing.
2000-09-18 16:00:41 +00:00
assar 6d7f2da1a1 remove -lvers, it's not used 2000-08-03 22:56:29 +00:00
ad 6b38e4b314 __RCSID(). 2000-08-03 08:25:41 +00:00
assar 549a4d9cdc update build infrastructure for heimdal 0.3a 2000-08-03 04:02:29 +00:00
ad 82fb41b688 English. 2000-07-11 12:12:18 +00:00
ad 240f3596cb Use ':' as group prefix; suggested by hubertf. 2000-07-06 13:09:46 +00:00
ad 17ae5d7c69 Adapt to addition of passwd.conf. 2000-07-06 11:20:30 +00:00
ad 34e4fc5261 - Pull in pwd.h since `struct passwd' is now used in extern.h.
- Use pwd_gensalt().
2000-07-06 11:19:39 +00:00
ad 44f550958a Declare pwd_gensalt(). 2000-07-06 11:17:25 +00:00
ad a7d94ddf80 Add pwd_gensalt() - generates password salt/setting for crypt(), based upon
target user and information obtained from passwd.conf. From OpenBSD.
2000-07-06 11:16:50 +00:00
matt fcd0fb118f Make gcc 2.96 (and maybe earlier) happier. Include <stdlib.h>,<string.>,
etc. as appropriate to get exit,srncmp,abs,abort,etc.
Add -I${.CURDIR} to a few Makefiles
2000-07-03 02:51:12 +00:00
veego f3b06ab74b Add a MKKERBEROS check to enable/disable kerberos support during the build. 2000-06-24 06:52:10 +00:00
thorpej e7d6b96938 Merge a bunch of things from crypto-us and crypto-intl into basesrc,
adding support for Heimdal/KTH Kerberos where easy to do so.  Eliminate
bsd.crypto.mk.

There is still a bunch more work to do, but crypto is now more-or-less
fully merged into the base NetBSD distribution.
2000-06-20 06:00:24 +00:00
simonb d88dfea295 Don't declare 'extern opt*' getopt variables. 2000-04-14 06:11:07 +00:00
joda d8c128f4a5 use NULL 2000-03-01 12:46:36 +00:00
aidan 919f6272de Modularize password changing mechanisms, as proposed in
<20000130122641.A8134@xanadu.kublai.com>:
Subject: PROPOSAL: making passwd pluggable (sort of)
Date: Sun, 30 Jan 2000 12:26:41 -0500
2000-02-14 04:36:20 +00:00
aidan b817536785 Separate kerberos5 implementation from kerberos4. 2000-01-26 01:18:48 +00:00
mjl 4b9294447c Wrap login.conf database access in ifdef LOGIN_CAP. 2000-01-12 05:13:32 +00:00
mjl e8a1b04582 Changes to passwd(1) for login.conf. Supported capabilities are
minpasswordlen and passwordtime (expiry time).
2000-01-12 05:04:41 +00:00
mjl 4f10733450 Fix yppasswd part of passwd. This has never worked since the
password map was split and master.passwd.byname was introduced.

XXX This is a temporary fix until luke finds some time to add
the necessary support glue to libc for TRT.
1999-12-23 01:02:52 +00:00
marc 6458b2ce43 it doesn't make any sense to use -u with -r or -i, so don't permit it. 1999-08-26 07:33:16 +00:00
simonb 299578ebd5 Spell "privilege" correctly (correct spelling from Jonathan Stone). 1999-08-16 02:59:22 +00:00
mrg 51a96a002f optionally include CRYPTOPATH Makefile.frag files. 1999-07-20 09:35:18 +00:00
thorpej 9630ed475e Use bsd.crypto.mk. 1999-07-12 22:11:37 +00:00
garbled 9e44e9b578 More and more .Os cleanups. .Os is defined in the tmac.doc-common file,
so we shouldn't override it with versions in the manpages.  Many more to
come.
1999-03-22 18:16:34 +00:00
scottr 8481f548e2 Remove the crypto-related bits until such time as we have a fully-
integrated source tree.  Export-controlled versions of these are now
built during the domestic build process.
1999-02-18 21:22:51 +00:00
mycroft cc06efc9db const poisoning. 1998-07-26 22:15:38 +00:00
mrg 6f2f0bef2f avoid print extra : as noted by Benjamin Lorenz <lorenz@ps.uni-sb.de> in bin/5745 1998-07-12 15:18:55 +00:00
mrg 44b9c0ad6e KNF. ensure buffers are nul-terminated. 1998-07-11 15:55:48 +00:00
mrg 2beab49a06 - use an array MAXHOSTNAMELEN+1 size to hold hostnames
- ensure hostname from gethostname() is nul-terminated in all cases
- minor KNF
- use MAXHOSTNAMELEN over various other values/defines
- be safe will buffers that hold hostnames
1998-07-06 06:45:41 +00:00
kleink 9d79695d7e Need <time.h> for time() prototype. 1998-04-02 10:38:25 +00:00
tv d18b50bbf4 Added test to allow fallback to local password database if YP passwd map
is not found.  Fixes both PRs 4142 and 4557 (4558).  Still fails properly
if user is in YP and not in local database.  Man page fixed to reflect
current logic behind falling back, changed since YP was made default some
time ago.
1997-11-21 20:28:33 +00:00