diff options
author | yar <yar@FreeBSD.org> | 2007-06-10 18:57:20 +0000 |
---|---|---|
committer | yar <yar@FreeBSD.org> | 2007-06-10 18:57:20 +0000 |
commit | dac62e7ff2f6d9dbbc83623d558cd1169444ce35 (patch) | |
tree | 37d2537512c71ec8e47fb6d4279f5add1fbf960b /etc | |
parent | 2a881a553e67fa066b2dc74064c17ff8c9ecb927 (diff) | |
download | FreeBSD-src-dac62e7ff2f6d9dbbc83623d558cd1169444ce35.zip FreeBSD-src-dac62e7ff2f6d9dbbc83623d558cd1169444ce35.tar.gz |
Now pam_nologin(8) will provide an account management function
instead of an authentication function. There are a design reason
and a practical reason for that. First, the module belongs in
account management because it checks availability of the account
and does no authentication. Second, there are existing and potential
PAM consumers that skip PAM authentication for good or for bad.
E.g., sshd(8) just prefers internal routines for public key auth;
OTOH, cron(8) and atrun(8) do implicit authentication when running
a job on behalf of its owner, so their inability to use PAM auth
is fundamental, but they can benefit from PAM account management.
Document this change in the manpage.
Modify /etc/pam.d files accordingly, so that pam_nologin.so is listed
under the "account" function class.
Bump __FreeBSD_version (mostly for ports, as this change should be
invisible to C code outside pam_nologin.)
PR: bin/112574
Approved by: des, re
Diffstat (limited to 'etc')
-rw-r--r-- | etc/pam.d/ftpd | 2 | ||||
-rw-r--r-- | etc/pam.d/gdm | 2 | ||||
-rw-r--r-- | etc/pam.d/imap | 4 | ||||
-rw-r--r-- | etc/pam.d/kde | 2 | ||||
-rw-r--r-- | etc/pam.d/login | 2 | ||||
-rw-r--r-- | etc/pam.d/other | 2 | ||||
-rw-r--r-- | etc/pam.d/pop3 | 4 | ||||
-rw-r--r-- | etc/pam.d/rsh | 2 | ||||
-rw-r--r-- | etc/pam.d/sshd | 2 | ||||
-rw-r--r-- | etc/pam.d/telnetd | 2 | ||||
-rw-r--r-- | etc/pam.d/xdm | 2 |
11 files changed, 15 insertions, 11 deletions
diff --git a/etc/pam.d/ftpd b/etc/pam.d/ftpd index d248f00..632c973 100644 --- a/etc/pam.d/ftpd +++ b/etc/pam.d/ftpd @@ -5,7 +5,6 @@ # # auth -auth required pam_nologin.so no_warn auth sufficient pam_opie.so no_warn no_fake_prompts auth requisite pam_opieaccess.so no_warn allow_local #auth sufficient pam_krb5.so no_warn @@ -13,6 +12,7 @@ auth requisite pam_opieaccess.so no_warn allow_local auth required pam_unix.so no_warn try_first_pass # account +account required pam_nologin.so #account required pam_krb5.so account required pam_unix.so diff --git a/etc/pam.d/gdm b/etc/pam.d/gdm index 08391e6..b588aa7 100644 --- a/etc/pam.d/gdm +++ b/etc/pam.d/gdm @@ -5,12 +5,12 @@ # # auth -auth required pam_nologin.so no_warn #auth sufficient pam_krb5.so no_warn try_first_pass #auth sufficient pam_ssh.so no_warn try_first_pass auth required pam_unix.so no_warn try_first_pass # account +account required pam_nologin.so #account required pam_krb5.so account required pam_unix.so diff --git a/etc/pam.d/imap b/etc/pam.d/imap index cba8af9..6254d14 100644 --- a/etc/pam.d/imap +++ b/etc/pam.d/imap @@ -5,7 +5,9 @@ # # auth -#auth required pam_nologin.so no_warn #auth sufficient pam_krb5.so no_warn try_first_pass #auth sufficient pam_ssh.so no_warn try_first_pass auth required pam_unix.so no_warn try_first_pass + +# account +#account required pam_nologin.so diff --git a/etc/pam.d/kde b/etc/pam.d/kde index 5390183..a384d62 100644 --- a/etc/pam.d/kde +++ b/etc/pam.d/kde @@ -5,12 +5,12 @@ # # auth -auth required pam_nologin.so no_warn #auth sufficient pam_krb5.so no_warn try_first_pass #auth sufficient pam_ssh.so no_warn try_first_pass auth required pam_unix.so no_warn try_first_pass # account +account required pam_nologin.so #account required pam_krb5.so account required pam_unix.so diff --git a/etc/pam.d/login b/etc/pam.d/login index a4c6628..287036d 100644 --- a/etc/pam.d/login +++ b/etc/pam.d/login @@ -5,12 +5,12 @@ # # auth -auth required pam_nologin.so no_warn auth sufficient pam_self.so no_warn auth include system # account account requisite pam_securetty.so +account required pam_nologin.so account include system # session diff --git a/etc/pam.d/other b/etc/pam.d/other index e4ddf7e..c86239c 100644 --- a/etc/pam.d/other +++ b/etc/pam.d/other @@ -5,7 +5,6 @@ # # auth -auth required pam_nologin.so no_warn auth sufficient pam_opie.so no_warn no_fake_prompts auth requisite pam_opieaccess.so no_warn allow_local #auth sufficient pam_krb5.so no_warn try_first_pass @@ -13,6 +12,7 @@ auth requisite pam_opieaccess.so no_warn allow_local auth required pam_unix.so no_warn try_first_pass # account +account required pam_nologin.so #account required pam_krb5.so account required pam_login_access.so account required pam_unix.so diff --git a/etc/pam.d/pop3 b/etc/pam.d/pop3 index 34d6cc0..c5e93ce 100644 --- a/etc/pam.d/pop3 +++ b/etc/pam.d/pop3 @@ -5,7 +5,9 @@ # # auth -#auth required pam_nologin.so no_warn #auth sufficient pam_krb5.so no_warn try_first_pass #auth sufficient pam_ssh.so no_warn try_first_pass auth required pam_unix.so no_warn try_first_pass + +# account +#account required pam_nologin.so diff --git a/etc/pam.d/rsh b/etc/pam.d/rsh index 02c0048..9e562e0 100644 --- a/etc/pam.d/rsh +++ b/etc/pam.d/rsh @@ -5,10 +5,10 @@ # # auth -auth required pam_nologin.so no_warn auth required pam_rhosts.so no_warn # account +account required pam_nologin.so account required pam_unix.so # session diff --git a/etc/pam.d/sshd b/etc/pam.d/sshd index cf3e0f0..46f536c 100644 --- a/etc/pam.d/sshd +++ b/etc/pam.d/sshd @@ -5,7 +5,6 @@ # # auth -auth required pam_nologin.so no_warn auth sufficient pam_opie.so no_warn no_fake_prompts auth requisite pam_opieaccess.so no_warn allow_local #auth sufficient pam_krb5.so no_warn try_first_pass @@ -13,6 +12,7 @@ auth requisite pam_opieaccess.so no_warn allow_local auth required pam_unix.so no_warn try_first_pass # account +account required pam_nologin.so #account required pam_krb5.so account required pam_login_access.so account required pam_unix.so diff --git a/etc/pam.d/telnetd b/etc/pam.d/telnetd index 3ebee20..535afc2 100644 --- a/etc/pam.d/telnetd +++ b/etc/pam.d/telnetd @@ -5,7 +5,6 @@ # # auth -auth required pam_nologin.so no_warn auth sufficient pam_opie.so no_warn no_fake_prompts auth requisite pam_opieaccess.so no_warn allow_local #auth sufficient pam_krb5.so no_warn try_first_pass @@ -13,6 +12,7 @@ auth requisite pam_opieaccess.so no_warn allow_local auth required pam_unix.so no_warn try_first_pass # account +account required pam_nologin.so #account required pam_krb5.so account required pam_login_access.so account required pam_unix.so diff --git a/etc/pam.d/xdm b/etc/pam.d/xdm index 0a1c78e..b883de7 100644 --- a/etc/pam.d/xdm +++ b/etc/pam.d/xdm @@ -5,12 +5,12 @@ # # auth -auth required pam_nologin.so no_warn #auth sufficient pam_krb5.so no_warn try_first_pass #auth sufficient pam_ssh.so no_warn try_first_pass auth required pam_unix.so no_warn try_first_pass # account +account required pam_nologin.so #account required pam_krb5.so account required pam_unix.so |