Aren/NetBSD
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
228,865 Commits 606 Branches 0 Tags 3.1 GiB
6dedd04ff8
Commit Graph

186 Commits

Author SHA1 Message Date
christos
ba9fdf89e5 Add all the modules to the static pam. This is required, otherwise pam does 
not work on non pic builds because it does not find modules listed in
/etc/pam.d.
 2006-01-20 16:52:55 +00:00
christos
7768338003 Declare what we services provide, otherwise pam assumes that we provide 
everything and this breaks static linking.
 2006-01-20 16:51:15 +00:00
tsarna
9b412b7436 Implement PAM_REFRESH_CRED / PAM_REINITIALIZE_CRED 
support in pam_sm_setcred()

With this and a suitably pam-aware screen locker (eg xscreensaver built
with PAM), you now get the nice Windows-style behavior of having
your tickets refreshed (and tokens, with pam_afslog) when you unlock
your screen.
 2005-09-27 14:38:19 +00:00
wiz
d61c7b6e74 Remove trailing whitespace. Punctuation nits. Use .Nm more. 
Use .An. Sort SEE ALSO.
 2005-09-23 19:56:16 +00:00
tsarna
4019a4212f pam_afslog is used in conjunction with pam_krb5 to obtain AFS tokens and 
create a PAG if necessary.

Especially important for home directories on AFS.
 2005-09-21 14:19:08 +00:00
christos
98785bd85a Get rid of pam debugging. 
XXX: We should do this on the 3.0 branch too.
 2005-08-28 07:41:41 +00:00
matt
ae59c445be Remove CPPFLAGS 2005-04-25 17:21:31 +00:00
matt
51ba88ed0f Add ${DESTDIR}/usr/include/krb5 to CPPFLAGS so <parse_units.h> can be found. 2005-04-25 15:43:34 +00:00
matt
bb1ca526b7 Don't cast the lvalue; cast the rhs instead. 2005-04-25 15:42:46 +00:00
yamt
8c79aa408b s!/var/run/nologin!/etc/nologin!g to match with the code. 2005-04-25 10:24:06 +00:00
christos
b4073cddaf Fix getgrnam -> getgrnam_r 2005-04-19 13:04:38 +00:00
christos
e640241b82 fix getgrnam -> getgrnam_r and add a forgotten getpwnam -> gepwnam_r 
From john nemeth
 2005-04-19 13:04:19 +00:00
lukem
01cf9d0263 Safety boots: don't depend upon getpwnam_r() to set pwd to NULL on all 
failures, especially if we're going to ignore the return result.
 2005-04-19 03:40:16 +00:00
lukem
a767f5ec9c getpw*_r() may return 0 and set pwd==NULL 2005-04-19 03:38:08 +00:00
christos
2a62e4e1ad check for pwd != in getpw*_r functions. 2005-04-19 03:15:34 +00:00
christos
b4eda329f4 Don't print an error if we are doing authentication. 2005-04-05 18:24:17 +00:00
thorpej
59cbc9e205 Use getpwnam_r(). 2005-03-31 15:11:54 +00:00
christos
611fb1aa58 Make S/Key prompt compliant with RFC 2289. Patch supplied by Dave Huang 
in PR bin/23167.
 2005-03-20 16:48:47 +00:00
christos
dbf71d82fb remove debugging printf's 2005-03-17 01:14:40 +00:00
christos
99186ebfc8 Clear the authorization token at the entry of each loop, so that 
we get a chance to re-enter.
 2005-03-17 01:13:59 +00:00
christos
52ffc9e55d remove code to deal with authorized keys. it has no place here. 2005-03-14 23:39:26 +00:00
christos
041bcdce98 Go back to rev-1.5. This is better than what was there before, but I am 
still uncertain about the proper way to dealing what keys to accept.
 2005-03-14 05:45:48 +00:00
christos
56cc440468 Revert previous. This is not the right fix. 2005-03-14 05:40:35 +00:00
christos
adb433f9e5 Do not let keys that are not listed in authorized_keys participate 
in authentication. Problem reported by Maximum Entropy.
 2005-03-14 05:35:23 +00:00
christos
811c70b5c5 Free the prompt response. 2005-03-05 20:33:40 +00:00
christos
a3df4155fc PR/29566: Izumi Tsutsui: login(1) shows wrong last-login-from host 
Caused by improper initialization of struct lastlogx. Code has been
completely restructured, and we also now use pam_prompt() instead of
printf().
cvs: ----------------------------------------------------------------------
 2005-03-05 20:32:41 +00:00
christos
fde63d0ea8 If authentication failed because the user was not in wheel, say so like 
the old su did. From John Nemeth
 2005-03-05 15:39:43 +00:00
he
21b1464ae4 Build openpam_free_envlist as part of libpam, and install it's man 
page.  This is required for ports not yet supporting shared libraries.
 2005-03-03 22:40:49 +00:00
christos
3d37b7e762 Document the no_nested option. 2005-03-03 02:11:49 +00:00
christos
fa02801fbd - Fix the quiet option; use login_cap to determine if we should print or not. 
- Add nested user handling, including a no_nested option to control it.
 2005-03-03 02:11:40 +00:00
wiz
15a3d47d36 Improve wording of the BUGS section to make it easier to understand. 
Ok'd by christos.
 2005-02-28 15:21:25 +00:00
wiz
49d2a708c0 Bump date for previous. Remove trailing whitespace. Sort SEE ALSO. 
Remove superfluous .Pp.
 2005-02-28 10:34:17 +00:00
wiz
e368145667 Bump date for new SECURITY CONSIDERATIONS section. 2005-02-28 10:31:41 +00:00
christos
d747ae24a0 Document that this is broken and not used. 2005-02-28 01:25:01 +00:00
thorpej
a4e3f97482 Add a SECURITY CONSIDERATIONS section. 2005-02-27 21:33:02 +00:00
thorpej
80ea74d85d Add a SECURITY CONSIDRATIONS section. 2005-02-27 21:32:46 +00:00
thorpej
11b55133f0 Add an S/Key PAM module. 2005-02-27 21:01:59 +00:00
christos
901ebd51aa NetBSD does not allow setuid(user) when euid=user, and ruid=0. Change 
the logic for setting the uid/gid/groups for the agent around and also
add error checking. I.e. Don't exec the agent, if we could not set
the proper environment for it. Add a few more debugging lines. Now ssh
authentication works through xdm.
 2005-02-27 01:16:27 +00:00
christos
783ec0bc09 Remove local copy of openpam_free_envlist. 2005-02-26 22:45:52 +00:00
thorpej
55d1dd0979 Place some limits on the creds acquired for password change. Other 
minor cleanup inspired by passwd(1).
 2005-02-26 18:25:28 +00:00
thorpej
b41692728e Use the more familar princ@realm style of password prompt. 2005-02-26 18:10:35 +00:00
thorpej
a2d3bf486f Check for PAM_PRELIM_CHECK and simply do nothing. (Did this even work 
in FreeBSD?)
 2005-02-26 18:03:37 +00:00
wiz
03a04bd58b Add article. 2005-02-26 16:37:46 +00:00
wiz
b055ab330f Sort SEE ALSO. 2005-02-26 16:36:53 +00:00
thorpej
7331ee2083 Merge PAM20050226. 
XXX Hack here until we import OpenPAM Feterita.
 2005-02-26 16:03:58 +00:00
thorpej
4251f117ba Merge PAM20050226. 2005-02-26 15:57:57 +00:00
wiz
cbc550d45c Drop trailing whitespace. 2005-02-26 15:39:50 +00:00
wiz
9b82a3d7c1 Bump date for previous. 2005-02-26 15:39:23 +00:00
thorpej
28836513c3 Remove references to local_pass and nis_pass. Add description of 
passwd_db option of the password management module.
 2005-02-26 15:33:24 +00:00
thorpej
2f6bdc4a7b Minor wording consistency nit. 2005-02-26 15:11:26 +00:00
thorpej
610505c88f Fix a markup bug and a minor wording consistency nit. 2005-02-26 15:08:54 +00:00
thorpej
5a2161b24e Minor wording consistency nit. 2005-02-26 15:05:25 +00:00
thorpej
9503750ce5 Oops, one more nit. 2005-02-26 15:04:52 +00:00
thorpej
5f604055a2 Minor wording consistency nit. 2005-02-26 15:04:09 +00:00
thorpej
aa2b566306 Wording consistency nits. 2005-02-26 15:02:15 +00:00
thorpej
d7bb9fc4f2 Minor wording consistency nit. 2005-02-26 14:54:25 +00:00
thorpej
0a40f744b4 Make sure to set yppwd.oldpass. 2005-02-26 02:57:32 +00:00
christos
4274cae273 Don't try to build PIC stuff if we cannot do PIC. 2005-02-25 18:26:00 +00:00
wiz
9086769d81 Fix Xref. 2005-02-20 19:39:09 +00:00
wiz
1d07a19af1 <> -> \*[Lt]\*[Gt]. 2005-02-20 19:38:01 +00:00
wiz
b57f6d2615 Sort SEE ALSO. 2005-02-20 19:37:30 +00:00
christos
6683368b82 Add pam_radius. 2005-02-20 00:37:49 +00:00
he
dcdc758deb Introduce a few more temporary variables, in order to avoid an ugly 
double cast in the pam_get_item() invocations.  The double cast
triggered a "discards qualifier" warning/error from gcc 2.95.3, while
trying to fix that by adding "cost" to the "void *" cast produced
a similar warning from gcc 3.3.  This now compiles without warning
with both compilers.

Approved by christos
 2005-02-04 15:11:35 +00:00
wiz
303329913a We have 2005. 2005-02-02 14:34:25 +00:00
wiz
463db6dc4b Sort SEE ALSO, fix an xref, and s/FreeBSD/.Fx/. 2005-02-02 14:33:20 +00:00
christos
1d6e3b563a Add a new option "authenticate" that requires the user to enter his own 
password to login.
 2005-02-01 22:55:11 +00:00
christos
44d1e6097a Re-write to use both utmp and utmpx properly. 2005-02-01 17:54:48 +00:00
manu
08ad2c449b Set correct default for the nologin file: /etc/nologin 
Handle the ignorenologin capability
 2005-01-23 09:45:02 +00:00
christos
c9cb0c3bbd adapt to pw_gensalt() change. 2005-01-12 03:36:12 +00:00
christos
1a791fa81d eliminate the third copy of pwd_gensalt. 2005-01-11 23:23:33 +00:00
manu
d26d1599e6 Missing man page: login.access(5) 2005-01-08 22:56:21 +00:00
christos
a72527f7ce add -DDEBUG to the build for now 2005-01-08 08:39:48 +00:00
lukem
27313362b5 Build & install pam_ssh.so.0 now that libssh is available for use. 2005-01-03 06:15:42 +00:00
lukem
157353df26 Set NOxxx before including <bsd.own.mk>; we can't rely upon ../mod.mk 
in this situation.
 2005-01-03 06:15:02 +00:00
lukem
474dd6daf5 s/ifndef/ifdef/ for __FreeBSD__ 2005-01-03 03:08:40 +00:00
lukem
884b4146ae re-add inclusion of <bsd.lib.mk> for LIBDPLIBS optimization, with an 
empty libinstall rule so Things Work.
 2004-12-30 00:11:50 +00:00
simonb
54e42386be Remove the inclusion of <bsd.lib.mk>. There are no libraries in this 
directory, only its subdirectories.
 2004-12-29 22:35:35 +00:00
lukem
178fb7b023 Use LIBDPLIBS to provide the list of libraries for the modules to depend 
upon, because:
 * it's MUCH quicker; no need to calculate the OBJDIRS of every library
   we might require in every subdir.
   (make obj drops from 21s to 3s on my system.)
 * it's more robust when building to a fresh DESTDIR.
 2004-12-29 15:04:06 +00:00
christos
bfc0dd3a06 Link with libraries from the source build directory. 2004-12-29 04:16:17 +00:00
thorpej
0c386f944e Back out previous, now that make is fixed. 2004-12-29 00:47:56 +00:00
thorpej
62953ecba5 Install modules into /usr/lib/security 2004-12-29 00:08:14 +00:00
thorpej
4e24c365b9 Work around a suffix search problem with .MADE. Work-around suggested 
by Christos.
 2004-12-28 23:37:50 +00:00
christos
980de1e92d s/__function__/__func__/ 2004-12-12 08:29:56 +00:00
christos
e7d22a2e64 - NetBSD build glue 
- Warning fixes
- RCSID's
 2004-12-12 08:18:42 +00:00
christos
bb62ec41f1 - NetBSD specific fixes. 
- Changes from Jason to use our YP stuff.
 2004-12-12 08:17:56 +00:00
christos
6f11bdf15c - Import freebsd's version of libpam as of today (20041212). 
- Did not import opie, passwdqc, tacplus. We need to decide what to do
  with them.
- Imported radius and ssh, although they will not work until we
  import libradius and re-structure our tree to install libssh.
 2004-12-12 06:45:21 +00:00