diff options
| -rw-r--r-- | lib/libpam/modules/pam_self/pam_self.8 | 7 | ||||
| -rw-r--r-- | lib/libpam/modules/pam_self/pam_self.c | 6 |
2 files changed, 6 insertions, 7 deletions
diff --git a/lib/libpam/modules/pam_self/pam_self.8 b/lib/libpam/modules/pam_self/pam_self.8 index 0317c23..2008bf3 100644 --- a/lib/libpam/modules/pam_self/pam_self.8 +++ b/lib/libpam/modules/pam_self/pam_self.8 @@ -56,7 +56,6 @@ In terms of the parameter, this is the .Dq Li auth feature. -It also provides a null function for session management. .Ss Self Authentication Module The Self authentication component .Pq Fn pam_sm_authenticate , @@ -64,11 +63,11 @@ returns success if and only if the target user's user ID is identical with the current real user ID. If the current real user ID is non-zero, authentication will fail, unless the -.Cm even_root +.Cm allow_root option was specified. .Pp The following options may be passed to the authentication module: -.Bl -tag -width ".Cm even_root" +.Bl -tag -width ".Cm allow_root" .It Cm debug .Xr syslog 3 debugging information at @@ -78,7 +77,7 @@ level. suppress warning messages to the user. These messages include reasons why the user's authentication attempt was declined. -.It Cm even_root +.It Cm allow_root do not automatically fail if the current real user ID is 0. .El .Sh SEE ALSO diff --git a/lib/libpam/modules/pam_self/pam_self.c b/lib/libpam/modules/pam_self/pam_self.c index da93596..e3252bf 100644 --- a/lib/libpam/modules/pam_self/pam_self.c +++ b/lib/libpam/modules/pam_self/pam_self.c @@ -53,11 +53,11 @@ __FBSDID("$FreeBSD$"); #include <security/pam_mod_misc.h> enum { - PAM_OPT_EVEN_ROOT = PAM_OPT_STD_MAX, + PAM_OPT_ALLOW_ROOT = PAM_OPT_STD_MAX, }; static struct opttab other_options[] = { - { "even_root", PAM_OPT_EVEN_ROOT }, + { "allow_root", PAM_OPT_ALLOW_ROOT }, { NULL, 0 } }; @@ -81,7 +81,7 @@ pam_sm_authenticate(pam_handle_t *pamh, int flags __unused, int argc, const char PAM_RETURN(PAM_AUTH_ERR); uid = getuid(); - if (uid == 0 && !pam_test_option(&options, PAM_OPT_EVEN_ROOT, NULL)) + if (uid == 0 && !pam_test_option(&options, PAM_OPT_ALLOW_ROOT, NULL)) PAM_RETURN(PAM_AUTH_ERR); if (uid == (uid_t)pwd->pw_uid) |
