summaryrefslogtreecommitdiffstats
path: root/etc/pam.d
Commit message (Collapse)AuthorAgeFilesLines
* Remove rexecd(8), a server that implements a particularly insecurenectar2005-06-102-20/+1
| | | | | | | method of executing commands remotely. There are no rexec clients in the FreeBSD tree, and the client function rexec(3) is present only in libcompat. It has been documented as "obsolete" since 4.3BSD, and its use has been discouraged in the man page for over 10 years.
* X logins should be recorded in lastlog / wtmp / utmp. I have no idea whydes2005-04-281-1/+1
| | | | | | this wasn't there already... it makes much more sense this way. MFC after: 2 weeks
* Start the dreaded NOFOO -> NO_FOO conversion.ru2004-12-211-1/+1
| | | | OK'ed by: core
* For variables that are only checked with defined(), don't provideru2004-10-241-1/+1
| | | | any fake value.
* Removed whitespace at BOF, EOL & EOF.schweikh2004-06-062-6/+6
|
* the default password policy for xdm should be pam_deny, since it isdes2004-02-201-0/+3
| | | | incapable of holding a meaningful conversation.
* Don't do session management in su.des2003-07-091-1/+1
| | | | | PR: misc/53293 Submitted by: ru
* Add a system policy, and have the login and su policies include it ratherdes2003-06-144-23/+35
| | | | | | than duplicate it. This requires OpenPAM Dianthus, which was committed two weeks ago; installing these files on a system running a world older than June 1st, 2003 will cause login(1) and su(1) to fail.
* Try to describe the control flags a little better.des2003-06-011-2/+4
|
* The PAM module pam_krb5 does not have "session" capabilities.markm2003-04-309-9/+0
| | | | Don't give examples of such use, this is bogus.
* Add nullok to the pam_unix line.des2003-04-241-1/+1
|
* Use the canonical form of installing links.ru2003-03-141-3/+1
| | | | | | Also, make "ftp" and "ftpd" hard links. Not objected to by: des
* Initiate KerberosIV de-orbit burn. Disconnect the /etc configs.markm2003-03-0811-32/+0
|
* Add the allow_local option to all pam_opieaccess entries.des2003-02-166-6/+6
|
* Add the want_agent option to the commented-out "session" pam_ssh entry.des2003-02-161-1/+1
|
* Major cleanup & homogenization.des2003-02-1014-131/+150
|
* No idea what this is for, and it doesn't make much sense. If a port needsdes2003-02-101-8/+0
| | | | it, it can install its own copy in /usr/local/etc/pam.d/.
* There's no reason to have two identical policies for FTP servers, sodes2003-02-102-26/+5
| | | | make ftp a symlink to ftpd.
* Use pam_group(8) instead of pam_wheel(8).des2003-02-061-1/+1
|
* Don't enable pam_krb5 by default - most people don't have it since mostdes2003-02-031-2/+2
| | | | | | | people don't build with MAKE_KERBEROS5 defined. Provide commented-out usage examples instead, like we do everywhere else. Pointy hat to: des
* Enable pam_krb5 for sshd. I've had this in my tree for ages.des2003-02-021-0/+2
|
* Since OpenSSH drops privileges before calling pam_open_session(3),des2002-12-031-1/+1
| | | | | | pam_lastlog(8) can't possibly work, so let OpenSSH handle lastlog. Approved by: re (rwatson)
* Exempt the "wheel group requirement" by default when su'ing to root ifrwatson2002-10-181-1/+1
| | | | | | | | | | the wheel group has no explicit members listed in /etc/group. This adds the "exempt_if_empty" flag to pam_wheel in the default configuration; in some environments, it may be appropriate to remove this flag, however, this default is the same as pre-pam_wheel. Reviewed by: markm Sponsored by: DARPA, Network Associates Laboratories
* Silence pam_lastlog for now.des2002-07-071-1/+1
|
* We don't use this any more.des2002-06-192-10/+1
| | | | Sponsored by: DARPA, NAI Labs
* Enable OPIE for sshd and telnetd. I thought I'd done this a long timedes2002-06-192-0/+4
| | | | | | ago... Sponsored by: DARPA, NAI Labs
* Use pam_lastlog(8)'s new no_fail option.des2002-05-083-3/+3
| | | | Sponsored by: DARPA, NAI Labs
* Add a PAM policy for rexecd(8).des2002-05-022-1/+17
| | | | Sponsored by: DARPA, NAI Labs
* xdm plays horrid tricks with PAM, and dumps core if it's allowed to calldes2002-05-022-0/+2
| | | | | | | | pam_lastlog, so add a dummy session chain to avoid using the one from pam.d/other. I assume gdm does something similar, so give it a dummy session chain as well. Sponsored by: DARPA, NAI Labs.
* Add no_warn to pam_lastlog. This should prevent xdm from dumping coredes2002-04-291-1/+1
| | | | when linked with Linux-PAM.
* Don't list pam_unix in the session chain, since it does not provide anydes2002-04-189-11/+1
| | | | | | session management services. Sponsored by: DARPA, NAI Labs
* Fixed bugs in previous revision:ru2002-04-181-20/+6
| | | | | | | | | | | | | Added NOOBJ if anyone even attempts to "make obj" here. Revert to installing files with mode 644 except README. Make this overall look like a BSD-style Makefile rather than roll-your-own (this is not a bug). For the record. Previous revision also fixed the breakage introduced by the sys.mk,v 1.60 commit: bsd.own.mk is no longer automatically included from sys.mk. Reported by: jhay
* Use ${FILES} and <bsd.prog.mk> rather than roll-your-own.des2002-04-181-22/+21
|
* Add PAM policy for the "passwd" service, including a sample config linedes2002-04-152-0/+12
| | | | | | for pam_passwdqc. Sponsored by: DARPA, NAI Labs
* Add pam_lastlog(8) here since I removed lastlog support from sshd.des2002-04-151-0/+1
| | | | Sponsored by: DARPA, NAI Labs
* Use pam_rhosts(8).des2002-04-121-1/+1
|
* If used, pam_ssh should be marked "sufficient", not "required".des2002-04-081-1/+1
| | | | Sponsored by: DARPA, NAI Labs
* Switch over to using pam_login_access(8) module in sshd(8).ru2002-03-261-0/+1
| | | | | | (Fixes static compilation. Reduces diffs to OpenSSH.) Reviewed by: bde
* Add missing "nullok" option to pam_unix.des2002-02-081-1/+1
|
* Add pam_self(8) so users can login(1) as themselves without authentication,des2002-01-301-0/+4
| | | | | | | | pam_login_access(8) and pam_securetty(8) to enforce various checks previously done by login(1) but now handled by PAM, and pam_lastlog(8) to record login sessions in utmp / wtmp / lastlog. Sponsored by: DARPA, NAI Labs
* Use pam_self(8) to allow users to su(1) to themselves without authentication.des2002-01-301-0/+1
| | | | Sponsored by: DARPA, NAI Labs
* Enable OPIE by default, using the no_fake_prompts option to hide it fromdes2002-01-219-23/+40
| | | | | | | | | | | | | | users who don't wish to use it. If the admin is worried about leaking information about which users exist and which have OPIE enabled, the no_fake_prompts option can simply be removed. Also insert the appropriate pam_opieaccess lines after pam_opie to break the chain in case the user is logging in from an untrusted host, or has a .opiealways file. The entire opieaccess / opiealways concept is slightly unpammish, but admins familiar with OPIE will expect it to work. Reviewed by: ache, markm Sponsored by: DARPA, NAI Labs
* Really back out ache's commits. These files are now precisely as they weredes2002-01-193-4/+7
| | | | twentyfour hours ago, except for RCS ids.
* Back out recent changesache2002-01-193-3/+3
|
* Turn on pam_opie by default. It should not affect non-OPIE users.ache2002-01-191-1/+1
|
* Turn on pam_opie by default. It not affect non-OPIE usersache2002-01-191-2/+1
|
* Previous commit was incomplete, useache2002-01-191-1/+1
| | | | | "[default=ignore success=done cred_err=die]" options instead of "required"
* Remove explaining comment and pam_unix commented out, now pam_unix can beache2002-01-191-4/+1
| | | | chained with pam_opie
* Change comment since fallback provided now not by ftpd but by pam_opieache2002-01-191-1/+2
|
* Unmunge the version preservation code and obfuscate it so CVS won't mungedes2002-01-121-2/+2
| | | | it all over again.
OpenPOWER on IntegriCloud