9b412b7436
Implement PAM_REFRESH_CRED / PAM_REINITIALIZE_CRED
...
support in pam_sm_setcred()
With this and a suitably pam-aware screen locker (eg xscreensaver built
with PAM), you now get the nice Windows-style behavior of having
your tickets refreshed (and tokens, with pam_afslog) when you unlock
your screen.
2005-09-27 14:38:19 +00:00
d61c7b6e74
Remove trailing whitespace. Punctuation nits. Use .Nm more.
...
Use .An. Sort SEE ALSO.
2005-09-23 19:56:16 +00:00
4019a4212f
pam_afslog is used in conjunction with pam_krb5 to obtain AFS tokens and
...
create a PAG if necessary.
Especially important for home directories on AFS.
2005-09-21 14:19:08 +00:00
98785bd85a
Get rid of pam debugging.
...
XXX: We should do this on the 3.0 branch too.
2005-08-28 07:41:41 +00:00
ae59c445be
Remove CPPFLAGS
2005-04-25 17:21:31 +00:00
51ba88ed0f
Add ${DESTDIR}/usr/include/krb5 to CPPFLAGS so <parse_units.h> can be found.
2005-04-25 15:43:34 +00:00
bb1ca526b7
Don't cast the lvalue; cast the rhs instead.
2005-04-25 15:42:46 +00:00
8c79aa408b
s!/var/run/nologin!/etc/nologin!g to match with the code.
2005-04-25 10:24:06 +00:00
b4073cddaf
Fix getgrnam -> getgrnam_r
2005-04-19 13:04:38 +00:00
e640241b82
fix getgrnam -> getgrnam_r and add a forgotten getpwnam -> gepwnam_r
...
From john nemeth
2005-04-19 13:04:19 +00:00
01cf9d0263
Safety boots: don't depend upon getpwnam_r() to set pwd to NULL on all
...
failures, especially if we're going to ignore the return result.
2005-04-19 03:40:16 +00:00
a767f5ec9c
getpw*_r() may return 0 and set pwd==NULL
2005-04-19 03:38:08 +00:00
2a62e4e1ad
check for pwd != in getpw*_r functions.
2005-04-19 03:15:34 +00:00
b4eda329f4
Don't print an error if we are doing authentication.
2005-04-05 18:24:17 +00:00
59cbc9e205
Use getpwnam_r().
2005-03-31 15:11:54 +00:00
611fb1aa58
Make S/Key prompt compliant with RFC 2289. Patch supplied by Dave Huang
...
in PR bin/23167.
2005-03-20 16:48:47 +00:00
dbf71d82fb
remove debugging printf's
2005-03-17 01:14:40 +00:00
99186ebfc8
Clear the authorization token at the entry of each loop, so that
...
we get a chance to re-enter.
2005-03-17 01:13:59 +00:00
52ffc9e55d
remove code to deal with authorized keys. it has no place here.
2005-03-14 23:39:26 +00:00
041bcdce98
Go back to rev-1.5. This is better than what was there before, but I am
...
still uncertain about the proper way to dealing what keys to accept.
2005-03-14 05:45:48 +00:00
56cc440468
Revert previous. This is not the right fix.
2005-03-14 05:40:35 +00:00
adb433f9e5
Do not let keys that are not listed in authorized_keys participate
...
in authentication. Problem reported by Maximum Entropy.
2005-03-14 05:35:23 +00:00
811c70b5c5
Free the prompt response.
2005-03-05 20:33:40 +00:00
a3df4155fc
PR/29566: Izumi Tsutsui: login(1) shows wrong last-login-from host
...
Caused by improper initialization of struct lastlogx. Code has been
completely restructured, and we also now use pam_prompt() instead of
printf().
cvs: ----------------------------------------------------------------------
2005-03-05 20:32:41 +00:00
fde63d0ea8
If authentication failed because the user was not in wheel, say so like
...
the old su did. From John Nemeth
2005-03-05 15:39:43 +00:00
21b1464ae4
Build openpam_free_envlist as part of libpam, and install it's man
...
page. This is required for ports not yet supporting shared libraries.
2005-03-03 22:40:49 +00:00
3d37b7e762
Document the no_nested option.
2005-03-03 02:11:49 +00:00
fa02801fbd
- Fix the quiet option; use login_cap to determine if we should print or not.
...
- Add nested user handling, including a no_nested option to control it.
2005-03-03 02:11:40 +00:00
15a3d47d36
Improve wording of the BUGS section to make it easier to understand.
...
Ok'd by christos.
2005-02-28 15:21:25 +00:00
49d2a708c0
Bump date for previous. Remove trailing whitespace. Sort SEE ALSO.
...
Remove superfluous .Pp.
2005-02-28 10:34:17 +00:00
e368145667
Bump date for new SECURITY CONSIDERATIONS section.
2005-02-28 10:31:41 +00:00
d747ae24a0
Document that this is broken and not used.
2005-02-28 01:25:01 +00:00
a4e3f97482
Add a SECURITY CONSIDERATIONS section.
2005-02-27 21:33:02 +00:00
80ea74d85d
Add a SECURITY CONSIDRATIONS section.
2005-02-27 21:32:46 +00:00
11b55133f0
Add an S/Key PAM module.
2005-02-27 21:01:59 +00:00
901ebd51aa
NetBSD does not allow setuid(user) when euid=user, and ruid=0. Change
...
the logic for setting the uid/gid/groups for the agent around and also
add error checking. I.e. Don't exec the agent, if we could not set
the proper environment for it. Add a few more debugging lines. Now ssh
authentication works through xdm.
2005-02-27 01:16:27 +00:00
783ec0bc09
Remove local copy of openpam_free_envlist.
2005-02-26 22:45:52 +00:00
55d1dd0979
Place some limits on the creds acquired for password change. Other
...
minor cleanup inspired by passwd(1).
2005-02-26 18:25:28 +00:00
b41692728e
Use the more familar princ@realm style of password prompt.
2005-02-26 18:10:35 +00:00
a2d3bf486f
Check for PAM_PRELIM_CHECK and simply do nothing. (Did this even work
...
in FreeBSD?)
2005-02-26 18:03:37 +00:00
03a04bd58b
Add article.
2005-02-26 16:37:46 +00:00
b055ab330f
Sort SEE ALSO.
2005-02-26 16:36:53 +00:00
7331ee2083
Merge PAM20050226.
...
XXX Hack here until we import OpenPAM Feterita.
2005-02-26 16:03:58 +00:00
4251f117ba
Merge PAM20050226.
2005-02-26 15:57:57 +00:00
cbc550d45c
Drop trailing whitespace.
2005-02-26 15:39:50 +00:00
9b82a3d7c1
Bump date for previous.
2005-02-26 15:39:23 +00:00
28836513c3
Remove references to local_pass and nis_pass. Add description of
...
passwd_db option of the password management module.
2005-02-26 15:33:24 +00:00
2f6bdc4a7b
Minor wording consistency nit.
2005-02-26 15:11:26 +00:00
610505c88f
Fix a markup bug and a minor wording consistency nit.
2005-02-26 15:08:54 +00:00
5a2161b24e
Minor wording consistency nit.
2005-02-26 15:05:25 +00:00
tsarna