Note that nullok should not be used by processes that can't access the

password database. PR: bin/126650, misc/140514 MFC after: 1 week
author: des <des@FreeBSD.org> 2009-11-13 11:19:26 +0000
committer: des <des@FreeBSD.org> 2009-11-13 11:19:26 +0000
commit: e00b284b2062d80db8eca6bc650cd04768f79158 (patch)
tree: af0bd5c6407436b783ee22f906ad20211c1d5bed /lib/libpam
parent: 063906a1aa678b2f30a88d8b824f88608941f538 (diff)
download: FreeBSD-src-e00b284b2062d80db8eca6bc650cd04768f79158.zip
FreeBSD-src-e00b284b2062d80db8eca6bc650cd04768f79158.tar.gz
1 files changed, 11 insertions, 0 deletions
diff --git a/lib/libpam/modules/pam_unix/pam_unix.8 b/lib/libpam/modules/pam_unix/pam_unix.8
index eec0e0e..82354d5 100644
--- a/lib/libpam/modules/pam_unix/pam_unix.8
+++ b/lib/libpam/modules/pam_unix/pam_unix.8
@@ -105,6 +105,17 @@ sufficient.
 If the password database has no password for the entity being
 authenticated, then this option will forgo password prompting, and
 silently allow authentication to succeed.
+.Pp
+.Sy NOTE:
+If
+.Nm
+is invoked by a process that does not have the privileges required to
+access the password database (in most cases, this means root
+privileges), the
+.Cm nullok
+option may cause
+.Nm
+to allow any user to log in with any password.
 .It Cm local_pass
 Use only the local password database, even if NIS is in use.
 This will cause an authentication failure if the system is configured
author	des <des@FreeBSD.org>	2009-11-13 11:19:26 +0000
committer	des <des@FreeBSD.org>	2009-11-13 11:19:26 +0000
commit	e00b284b2062d80db8eca6bc650cd04768f79158 (patch)
tree	af0bd5c6407436b783ee22f906ad20211c1d5bed /lib/libpam
parent	063906a1aa678b2f30a88d8b824f88608941f538 (diff)
download	FreeBSD-src-e00b284b2062d80db8eca6bc650cd04768f79158.zip FreeBSD-src-e00b284b2062d80db8eca6bc650cd04768f79158.tar.gz