summaryrefslogtreecommitdiffstats
path: root/etc/pam.d/sshd
Commit message (Collapse)AuthorAgeFilesLines
* tabifydes2009-10-051-2/+2
| | | | MFC after: 3 weeks
* Change the pam_ssh examples: if you use it, you probably want want_agent.des2009-10-051-1/+1
| | | | MFC after: 3 weeks
* Now pam_nologin(8) will provide an account management functionyar2007-06-101-1/+1
| | | | | | | | | | | | | | | | | | | | | | | instead of an authentication function. There are a design reason and a practical reason for that. First, the module belongs in account management because it checks availability of the account and does no authentication. Second, there are existing and potential PAM consumers that skip PAM authentication for good or for bad. E.g., sshd(8) just prefers internal routines for public key auth; OTOH, cron(8) and atrun(8) do implicit authentication when running a job on behalf of its owner, so their inability to use PAM auth is fundamental, but they can benefit from PAM account management. Document this change in the manpage. Modify /etc/pam.d files accordingly, so that pam_nologin.so is listed under the "account" function class. Bump __FreeBSD_version (mostly for ports, as this change should be invisible to C code outside pam_nologin.) PR: bin/112574 Approved by: des, re
* The PAM module pam_krb5 does not have "session" capabilities.markm2003-04-301-1/+0
| | | | Don't give examples of such use, this is bogus.
* Initiate KerberosIV de-orbit burn. Disconnect the /etc configs.markm2003-03-081-4/+0
|
* Add the allow_local option to all pam_opieaccess entries.des2003-02-161-1/+1
|
* Major cleanup & homogenization.des2003-02-101-7/+15
|
* Don't enable pam_krb5 by default - most people don't have it since mostdes2003-02-031-2/+2
| | | | | | | people don't build with MAKE_KERBEROS5 defined. Provide commented-out usage examples instead, like we do everywhere else. Pointy hat to: des
* Enable pam_krb5 for sshd. I've had this in my tree for ages.des2003-02-021-0/+2
|
* Since OpenSSH drops privileges before calling pam_open_session(3),des2002-12-031-1/+1
| | | | | | pam_lastlog(8) can't possibly work, so let OpenSSH handle lastlog. Approved by: re (rwatson)
* Silence pam_lastlog for now.des2002-07-071-1/+1
|
* Enable OPIE for sshd and telnetd. I thought I'd done this a long timedes2002-06-191-0/+2
| | | | | | ago... Sponsored by: DARPA, NAI Labs
* Use pam_lastlog(8)'s new no_fail option.des2002-05-081-1/+1
| | | | Sponsored by: DARPA, NAI Labs
* Don't list pam_unix in the session chain, since it does not provide anydes2002-04-181-1/+0
| | | | | | session management services. Sponsored by: DARPA, NAI Labs
* Add pam_lastlog(8) here since I removed lastlog support from sshd.des2002-04-151-0/+1
| | | | Sponsored by: DARPA, NAI Labs
* Switch over to using pam_login_access(8) module in sshd(8).ru2002-03-261-0/+1
| | | | | | (Fixes static compilation. Reduces diffs to OpenSSH.) Reviewed by: bde
* Awright, egg on my face. I should have taken more time with this. Thedes2001-12-051-5/+5
| | | | | | | conversion script generated the wrong format, so the configuration files didn't actually work. Good thing I hadn't thrown the switch yet... Sponsored by: DARPA, NAI Labs (but the f***ups are all mine)
* pam.d-style configuration, auto-generated from pam.conf.des2001-12-051-0/+18
Sponsored by: DARPA, NAI Labs
OpenPOWER on IntegriCloud