| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
| |
passwordless login (kde-np),
and it doesn't really belong in base system.
PR: misc/167261
Submitted by: avilla@
Approved by: rwatson (mentor)
MFC after: 3 days
|
| |
|
|
|
| |
Approved by: re (kib)
Reminded by: nork
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
by unavailable accounts, e.g., those locked, expired, not allowed in at
the moment by nologin(5), or whatever, depending on cron's pam.conf(5).
This applies to personal crontabs only, /etc/crontab is unaffected.
In other words, now the account management policy will apply to
commands scheduled by users via crontab(1) so that a user can no
longer use cron(8) to set up a delayed backdoor and run commands
during periods when the admin doesn't want him to.
The PAM check is done just before running a command, not when loading
a crontab, because accounts can get locked, expired, and re-enabled
any time with no changes to their crontabs. E.g., imagine that you
provide a system with payed access, or better a cluster of such
systems with centralized account management via PAM. When a user
pays for some days of access, you set his expire field respectively.
If the account expires before its owner pays more, its crontab
commands won't run until the next payment is made. Then it'll be
enough to set the expire field in future for the commands to run
again. And so on.
Document this change in the cron(8) manpage, which includes adding
a FILES section and touching the document date.
X-Security: should benefit as users have access to cron(8) by default
|
| | |
|
| |
|
|
|
| |
so that the change history stays easily readable as the number
of PAM-aware services grows.
|
| |
|
|
|
|
|
| |
method of executing commands remotely. There are no rexec clients in
the FreeBSD tree, and the client function rexec(3) is present only in
libcompat. It has been documented as "obsolete" since 4.3BSD, and its
use has been discouraged in the man page for over 10 years.
|
| |
|
|
| |
OK'ed by: core
|
| |
|
|
| |
any fake value.
|
| |
|
|
|
|
| |
than duplicate it. This requires OpenPAM Dianthus, which was committed two
weeks ago; installing these files on a system running a world older than
June 1st, 2003 will cause login(1) and su(1) to fail.
|
| |
|
|
|
|
| |
Also, make "ftp" and "ftpd" hard links.
Not objected to by: des
|
| |
|
|
| |
make ftp a symlink to ftpd.
|
| |
|
|
| |
Sponsored by: DARPA, NAI Labs
|
| |
|
|
| |
Sponsored by: DARPA, NAI Labs
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Added NOOBJ if anyone even attempts to "make obj" here.
Revert to installing files with mode 644 except README.
Make this overall look like a BSD-style Makefile rather
than roll-your-own (this is not a bug).
For the record. Previous revision also fixed the breakage
introduced by the sys.mk,v 1.60 commit: bsd.own.mk is no
longer automatically included from sys.mk.
Reported by: jhay
|
| | |
|
| |
|
|
|
|
| |
for pam_passwdqc.
Sponsored by: DARPA, NAI Labs
|
| | |
|
|
|
Sponsored by: DARPA, NAI Labs
|
