summaryrefslogtreecommitdiffstats
path: root/etc/pam.d/su
Commit message (Collapse)AuthorAgeFilesLines
* Don't do session management in su.des2003-07-091-1/+1
| | | | | PR: misc/53293 Submitted by: ru
* Add a system policy, and have the login and su policies include it ratherdes2003-06-141-9/+4
| | | | | | than duplicate it. This requires OpenPAM Dianthus, which was committed two weeks ago; installing these files on a system running a world older than June 1st, 2003 will cause login(1) and su(1) to fail.
* The PAM module pam_krb5 does not have "session" capabilities.markm2003-04-301-1/+0
| | | | Don't give examples of such use, this is bogus.
* Initiate KerberosIV de-orbit burn. Disconnect the /etc configs.markm2003-03-081-3/+0
|
* Add the allow_local option to all pam_opieaccess entries.des2003-02-161-1/+1
|
* Major cleanup & homogenization.des2003-02-101-40/+13
|
* Use pam_group(8) instead of pam_wheel(8).des2003-02-061-1/+1
|
* Exempt the "wheel group requirement" by default when su'ing to root ifrwatson2002-10-181-1/+1
| | | | | | | | | | the wheel group has no explicit members listed in /etc/group. This adds the "exempt_if_empty" flag to pam_wheel in the default configuration; in some environments, it may be appropriate to remove this flag, however, this default is the same as pre-pam_wheel. Reviewed by: markm Sponsored by: DARPA, Network Associates Laboratories
* Don't list pam_unix in the session chain, since it does not provide anydes2002-04-181-1/+0
| | | | | | session management services. Sponsored by: DARPA, NAI Labs
* Use pam_self(8) to allow users to su(1) to themselves without authentication.des2002-01-301-0/+1
| | | | Sponsored by: DARPA, NAI Labs
* Enable OPIE by default, using the no_fake_prompts option to hide it fromdes2002-01-211-11/+23
| | | | | | | | | | | | | | users who don't wish to use it. If the admin is worried about leaking information about which users exist and which have OPIE enabled, the no_fake_prompts option can simply be removed. Also insert the appropriate pam_opieaccess lines after pam_opie to break the chain in case the user is logging in from an untrusted host, or has a .opiealways file. The entire opieaccess / opiealways concept is slightly unpammish, but admins familiar with OPIE will expect it to work. Reviewed by: ache, markm Sponsored by: DARPA, NAI Labs
* Really back out ache's commits. These files are now precisely as they weredes2002-01-191-1/+1
| | | | twentyfour hours ago, except for RCS ids.
* Back out recent changesache2002-01-191-1/+1
|
* Turn on pam_opie by default. It should not affect non-OPIE users.ache2002-01-191-1/+1
|
* Awright, egg on my face. I should have taken more time with this. Thedes2001-12-051-28/+28
| | | | | | | conversion script generated the wrong format, so the configuration files didn't actually work. Good thing I hadn't thrown the switch yet... Sponsored by: DARPA, NAI Labs (but the f***ups are all mine)
* pam.d-style configuration, auto-generated from pam.conf.des2001-12-051-0/+41
Sponsored by: DARPA, NAI Labs
OpenPOWER on IntegriCloud