summaryrefslogtreecommitdiffstats
path: root/etc/pam.d
Commit message (Collapse)AuthorAgeFilesLines
* Removed whitespace at BOF, EOL & EOF.schweikh2004-06-062-6/+6
|
* the default password policy for xdm should be pam_deny, since it isdes2004-02-201-0/+3
| | | | incapable of holding a meaningful conversation.
* Don't do session management in su.des2003-07-091-1/+1
| | | | | PR: misc/53293 Submitted by: ru
* Add a system policy, and have the login and su policies include it ratherdes2003-06-144-23/+35
| | | | | | than duplicate it. This requires OpenPAM Dianthus, which was committed two weeks ago; installing these files on a system running a world older than June 1st, 2003 will cause login(1) and su(1) to fail.
* Try to describe the control flags a little better.des2003-06-011-2/+4
|
* The PAM module pam_krb5 does not have "session" capabilities.markm2003-04-309-9/+0
| | | | Don't give examples of such use, this is bogus.
* Add nullok to the pam_unix line.des2003-04-241-1/+1
|
* Use the canonical form of installing links.ru2003-03-141-3/+1
| | | | | | Also, make "ftp" and "ftpd" hard links. Not objected to by: des
* Initiate KerberosIV de-orbit burn. Disconnect the /etc configs.markm2003-03-0811-32/+0
|
* Add the allow_local option to all pam_opieaccess entries.des2003-02-166-6/+6
|
* Add the want_agent option to the commented-out "session" pam_ssh entry.des2003-02-161-1/+1
|
* Major cleanup & homogenization.des2003-02-1014-131/+150
|
* No idea what this is for, and it doesn't make much sense. If a port needsdes2003-02-101-8/+0
| | | | it, it can install its own copy in /usr/local/etc/pam.d/.
* There's no reason to have two identical policies for FTP servers, sodes2003-02-102-26/+5
| | | | make ftp a symlink to ftpd.
* Use pam_group(8) instead of pam_wheel(8).des2003-02-061-1/+1
|
* Don't enable pam_krb5 by default - most people don't have it since mostdes2003-02-031-2/+2
| | | | | | | people don't build with MAKE_KERBEROS5 defined. Provide commented-out usage examples instead, like we do everywhere else. Pointy hat to: des
* Enable pam_krb5 for sshd. I've had this in my tree for ages.des2003-02-021-0/+2
|
* Since OpenSSH drops privileges before calling pam_open_session(3),des2002-12-031-1/+1
| | | | | | pam_lastlog(8) can't possibly work, so let OpenSSH handle lastlog. Approved by: re (rwatson)
* Exempt the "wheel group requirement" by default when su'ing to root ifrwatson2002-10-181-1/+1
| | | | | | | | | | the wheel group has no explicit members listed in /etc/group. This adds the "exempt_if_empty" flag to pam_wheel in the default configuration; in some environments, it may be appropriate to remove this flag, however, this default is the same as pre-pam_wheel. Reviewed by: markm Sponsored by: DARPA, Network Associates Laboratories
* Silence pam_lastlog for now.des2002-07-071-1/+1
|
* We don't use this any more.des2002-06-192-10/+1
| | | | Sponsored by: DARPA, NAI Labs
* Enable OPIE for sshd and telnetd. I thought I'd done this a long timedes2002-06-192-0/+4
| | | | | | ago... Sponsored by: DARPA, NAI Labs
* Use pam_lastlog(8)'s new no_fail option.des2002-05-083-3/+3
| | | | Sponsored by: DARPA, NAI Labs
* Add a PAM policy for rexecd(8).des2002-05-022-1/+17
| | | | Sponsored by: DARPA, NAI Labs
* xdm plays horrid tricks with PAM, and dumps core if it's allowed to calldes2002-05-022-0/+2
| | | | | | | | pam_lastlog, so add a dummy session chain to avoid using the one from pam.d/other. I assume gdm does something similar, so give it a dummy session chain as well. Sponsored by: DARPA, NAI Labs.
* Add no_warn to pam_lastlog. This should prevent xdm from dumping coredes2002-04-291-1/+1
| | | | when linked with Linux-PAM.
* Don't list pam_unix in the session chain, since it does not provide anydes2002-04-189-11/+1
| | | | | | session management services. Sponsored by: DARPA, NAI Labs
* Fixed bugs in previous revision:ru2002-04-181-20/+6
| | | | | | | | | | | | | Added NOOBJ if anyone even attempts to "make obj" here. Revert to installing files with mode 644 except README. Make this overall look like a BSD-style Makefile rather than roll-your-own (this is not a bug). For the record. Previous revision also fixed the breakage introduced by the sys.mk,v 1.60 commit: bsd.own.mk is no longer automatically included from sys.mk. Reported by: jhay
* Use ${FILES} and <bsd.prog.mk> rather than roll-your-own.des2002-04-181-22/+21
|
* Add PAM policy for the "passwd" service, including a sample config linedes2002-04-152-0/+12
| | | | | | for pam_passwdqc. Sponsored by: DARPA, NAI Labs
* Add pam_lastlog(8) here since I removed lastlog support from sshd.des2002-04-151-0/+1
| | | | Sponsored by: DARPA, NAI Labs
* Use pam_rhosts(8).des2002-04-121-1/+1
|
* If used, pam_ssh should be marked "sufficient", not "required".des2002-04-081-1/+1
| | | | Sponsored by: DARPA, NAI Labs
* Switch over to using pam_login_access(8) module in sshd(8).ru2002-03-261-0/+1
| | | | | | (Fixes static compilation. Reduces diffs to OpenSSH.) Reviewed by: bde
* Add missing "nullok" option to pam_unix.des2002-02-081-1/+1
|
* Add pam_self(8) so users can login(1) as themselves without authentication,des2002-01-301-0/+4
| | | | | | | | pam_login_access(8) and pam_securetty(8) to enforce various checks previously done by login(1) but now handled by PAM, and pam_lastlog(8) to record login sessions in utmp / wtmp / lastlog. Sponsored by: DARPA, NAI Labs
* Use pam_self(8) to allow users to su(1) to themselves without authentication.des2002-01-301-0/+1
| | | | Sponsored by: DARPA, NAI Labs
* Enable OPIE by default, using the no_fake_prompts option to hide it fromdes2002-01-219-23/+40
| | | | | | | | | | | | | | users who don't wish to use it. If the admin is worried about leaking information about which users exist and which have OPIE enabled, the no_fake_prompts option can simply be removed. Also insert the appropriate pam_opieaccess lines after pam_opie to break the chain in case the user is logging in from an untrusted host, or has a .opiealways file. The entire opieaccess / opiealways concept is slightly unpammish, but admins familiar with OPIE will expect it to work. Reviewed by: ache, markm Sponsored by: DARPA, NAI Labs
* Really back out ache's commits. These files are now precisely as they weredes2002-01-193-4/+7
| | | | twentyfour hours ago, except for RCS ids.
* Back out recent changesache2002-01-193-3/+3
|
* Turn on pam_opie by default. It should not affect non-OPIE users.ache2002-01-191-1/+1
|
* Turn on pam_opie by default. It not affect non-OPIE usersache2002-01-191-2/+1
|
* Previous commit was incomplete, useache2002-01-191-1/+1
| | | | | "[default=ignore success=done cred_err=die]" options instead of "required"
* Remove explaining comment and pam_unix commented out, now pam_unix can beache2002-01-191-4/+1
| | | | chained with pam_opie
* Change comment since fallback provided now not by ftpd but by pam_opieache2002-01-191-1/+2
|
* Unmunge the version preservation code and obfuscate it so CVS won't mungedes2002-01-121-2/+2
| | | | it all over again.
* Back out previous commit, which erroneously removed essential comments. Ides2002-01-121-1/+3
| | | | | | definitely need coffee. Apologies to: ache
* Update copyrightdes2002-01-121-1/+1
|
* Sync with pam.conf revision 1.25.des2002-01-121-3/+1
|
* Preserve FreeBSD version strings in target files.des2002-01-121-1/+11
|
OpenPOWER on IntegriCloud