diff options
author | des <des@FreeBSD.org> | 2003-02-16 13:01:03 +0000 |
---|---|---|
committer | des <des@FreeBSD.org> | 2003-02-16 13:01:03 +0000 |
commit | d1e778062c616537c4ddb01163b8412dcf0e48b8 (patch) | |
tree | cb4b814068236098d54f576347aa5109c12c3369 | |
parent | 4afefd34d163df68d81c11cbbe1dc4ddb8af335c (diff) | |
download | FreeBSD-src-d1e778062c616537c4ddb01163b8412dcf0e48b8.zip FreeBSD-src-d1e778062c616537c4ddb01163b8412dcf0e48b8.tar.gz |
Add an "allow_local" option which forces historical behaviour.
-rw-r--r-- | lib/libpam/modules/pam_opieaccess/pam_opieaccess.8 | 19 | ||||
-rw-r--r-- | lib/libpam/modules/pam_opieaccess/pam_opieaccess.c | 3 |
2 files changed, 20 insertions, 2 deletions
diff --git a/lib/libpam/modules/pam_opieaccess/pam_opieaccess.8 b/lib/libpam/modules/pam_opieaccess/pam_opieaccess.8 index b539202..93f01c1 100644 --- a/lib/libpam/modules/pam_opieaccess/pam_opieaccess.8 +++ b/lib/libpam/modules/pam_opieaccess/pam_opieaccess.8 @@ -96,7 +96,16 @@ Otherwise, it returns .Dv PAM_AUTH_ERR . .Pp The following options may be passed to the authentication module: -.Bl -tag -width ".Cm no_warn" +.Bl -tag -width ".Cm allow_local" +.It Cm allow_local +Always allow local logins. +If this option is not specified, local logins are treated as remote +logins from +.Dq localhost , +and will be refused unless an appropriate +.Dq allow +entry exists in +.Pa /etc/opieaccess . .It Cm debug .Xr syslog 3 debugging information at @@ -107,6 +116,14 @@ suppress warning messages to the user. These messages include reasons why the user's authentication attempt was declined. .El +.Sh FILES +.Bl -tag -width Ds +.It Pa /etc/opieaccess +List of trusted hosts or networks. +See +.Xr opieaccess 5 +for a description of its syntax. +.El .Sh SEE ALSO .Xr opie 4 , .Xr opieaccess 5 , diff --git a/lib/libpam/modules/pam_opieaccess/pam_opieaccess.c b/lib/libpam/modules/pam_opieaccess/pam_opieaccess.c index 3201dc2..47d443d 100644 --- a/lib/libpam/modules/pam_opieaccess/pam_opieaccess.c +++ b/lib/libpam/modules/pam_opieaccess/pam_opieaccess.c @@ -74,7 +74,8 @@ pam_sm_authenticate(pam_handle_t *pamh, int flags __unused, if (r != PAM_SUCCESS) return (r); if (rhost == NULL) - rhost = "localhost"; + rhost = openpam_get_option(pamh, "allow_local") ? + "" : "localhost"; if (opieaccessfile(rhost) != 0 && opiealways(pwent->pw_dir) != 0) return (PAM_SUCCESS); |