diff options
author | des <des@FreeBSD.org> | 2009-11-13 11:19:26 +0000 |
---|---|---|
committer | des <des@FreeBSD.org> | 2009-11-13 11:19:26 +0000 |
commit | e00b284b2062d80db8eca6bc650cd04768f79158 (patch) | |
tree | af0bd5c6407436b783ee22f906ad20211c1d5bed /lib/libpam | |
parent | 063906a1aa678b2f30a88d8b824f88608941f538 (diff) | |
download | FreeBSD-src-e00b284b2062d80db8eca6bc650cd04768f79158.zip FreeBSD-src-e00b284b2062d80db8eca6bc650cd04768f79158.tar.gz |
Note that nullok should not be used by processes that can't access the
password database.
PR: bin/126650, misc/140514
MFC after: 1 week
Diffstat (limited to 'lib/libpam')
-rw-r--r-- | lib/libpam/modules/pam_unix/pam_unix.8 | 11 |
1 files changed, 11 insertions, 0 deletions
diff --git a/lib/libpam/modules/pam_unix/pam_unix.8 b/lib/libpam/modules/pam_unix/pam_unix.8 index eec0e0e..82354d5 100644 --- a/lib/libpam/modules/pam_unix/pam_unix.8 +++ b/lib/libpam/modules/pam_unix/pam_unix.8 @@ -105,6 +105,17 @@ sufficient. If the password database has no password for the entity being authenticated, then this option will forgo password prompting, and silently allow authentication to succeed. +.Pp +.Sy NOTE: +If +.Nm +is invoked by a process that does not have the privileges required to +access the password database (in most cases, this means root +privileges), the +.Cm nullok +option may cause +.Nm +to allow any user to log in with any password. .It Cm local_pass Use only the local password database, even if NIS is in use. This will cause an authentication failure if the system is configured |