summaryrefslogtreecommitdiffstats
path: root/etc
Commit message (Collapse)AuthorAgeFilesLines
* The existing bazaar and site-specific policy in rc.diskless1 is Just Wrong;obrien2002-02-228-28/+46
| | | | | | | | and looks like no other Unix diskless configuration I've ever seen. Thus allow a more traditional /etc. Note, the use of an MFS /var should also be settable. Otherwise installing ports(packages) is just a total PITA.
* Bring rc.firewall{,6} more in line with the word and spirit ofcjc2002-02-212-20/+41
| | | | | | | | | | | | | | | | rc.conf(5) and the files' inline documentation. - Add the "closed"-type, documented in both places, but which did not exist in the code. - When provided a ruleset, the system should not make any assumptions about the sites's policy and should add no rules of its own. - Make the "UNKNOWN" (documented in-line) actual work as advertised, load no rules. Prodded by: Igor M Podlesny <poige@morning.ru> MFC after: 1 week
* Delete a needless rule for DAD. An unspecified address is never usedume2002-02-201-1/+0
| | | | | | | as a destination address of IPv6 packets. Submitted by: cjc MFC after: 1 week
* There is no reason to demand the administrator set 'natd_interface'cjc2002-02-208-36/+29
| | | | | | | | | | | | | when running natd(8) out of the rc-files. It is perfectly valid for the interface or alias address to be set in a natd(8) configuration file, not on the command line. Also, loosen up the restrictions on identifying an IP address argument in 'natd_interface.' Fix the documentation, rc.conf(5), to reflect this change. Take the bogus default for 'natd_interface' out of /etc/defaults/rc.conf. MFC after: 3 days
* Turn FEATURE(relay_based_on_MX) off by default. It should not be used unlessgshapiro2002-02-171-1/+5
| | | | | | | | absolutely necessary Requested by: peter PR: conf/33855 MFC after: 1 week
* Add infrastructure for sendmail 8.12. If users are not starting a daemongshapiro2002-02-172-3/+24
| | | | | | | | | | | | | at boot (sendmail_enable=NO), a localhost-only daemon may started (sendmail_submit_enable) as it is needed to accept mail from command line submissions. If this isn't desired, see etc/mail/README for more hints. Optionally (sendmail_msp_queue_enable) start a queue runner for the submission queue in case a daemon isn't available to accept command line submitted mail at submission time. Note that the syslog labels for all of these sendmail processes have been uniquified for easier log parsing.
* Add information about how the new sendmail set-group-ID mail submissiongshapiro2002-02-171-0/+39
| | | | | | works and ways to work around common problems people might have. Include information on reverting to a set-user-ID root sendmail binary in case anyone really needs to do this.
* Don't build a submit.cf file if SENDMAIL_SET_USER_ID is setgshapiro2002-02-171-0/+8
|
* Add /var/spool/clientmqueue for 8.12's non-set-user-ID root mail submissiongshapiro2002-02-171-0/+2
|
* Add new include/libmilter directory for libmilter (sendmail mail filter API)gshapiro2002-02-171-0/+2
| | | | include files
* Add new build knob, SENDMAIL_SET_USER_ID, which installs sendmail as agshapiro2002-02-171-0/+6
| | | | | set-user-ID root binary instead of the new method (set-group-ID smmsp). Therefore, we shouldn't install /etc/mail/submit.cf if it is set.
* Update for sendmail 8.12 which has a new OSTYPE(freebsd5)gshapiro2002-02-172-3/+3
| | | | Fix access_db usage for 8.12
* Add Proxim RangeLAN-DS.imp2002-02-171-3/+8
| | | | | | | Submitted by: Matt Peterson <matt@peterson.org> PR: 35057 Also update my note for the 3crwe737A after talking to Alan Clegg at BSDcon.
* Remove check for sendmail.conf before even trying to start sendmail.cjc2002-02-171-12/+10
| | | | | | | | | | | | Checking for the existence of sendmail.cf is rather silly when someone is using the mailwrapper(8) to run a mail daemon that is not actually sendmail(8). It is also probably better to let sendmail(8) actually try to start and error out if the administrator has 'sendmail_enable="YES"' but no sendmail.conf. At present, it would fail silently. Reviewed by: gshapiro MFC after: 2 days
* Set rc=1 rather than 0 so that setting daily_show_success=YES masksbrian2002-02-131-1/+1
| | | | | | | | the output of all goes well. PR: 34825 Submitted by: Valentin Nechayev <netch@netch.kiev.ua> MFC after: 3 weeks
* Fix a typo in swat example.maxim2002-02-131-1/+1
| | | | | | | Spotted by: Sergey Osokin <osa@freebsd.org.ru> Reviewed by: ru Approved by: ru MFC after: 1 week
* Install complete.tcsh and csh-mode.el into ${SHAREDIR}/examples/tcsh.mp2002-02-121-0/+2
| | | | | | PR: misc/34800 (from Steven Grady) Submitted by: phantom (patch) MFC after: 3 days
* crdup(9) is not a protocol.dd2002-02-101-1/+1
| | | | | | PR: 34624 Submitted by: John Nielsen <nielsenj@cs.byu.edu>, Hiten Pandya <hiten@uk.FreeBSD.org>
* Fix MAKEDEV for RocketPort (rp(4)) cuaR* and ttyR* to work with thejhb2002-02-091-2/+2
| | | | | | updated driver. The newer driver in current outputs a version string that contains a space, so we need to eat two words in between RocketPortX and the number of ports on the board.
* Add missing "nullok" option to pam_unix.des2002-02-081-1/+1
|
* peter points out that we probably should not mess with the sysctl(8)cjc2002-02-087-28/+35
| | | | | | | | | values at all if they are not purposefully set. What if the administrator messed with them in /etc/sysctl.conf? We don't want to overwrite them. If 'log_in_vain' is zero, do not force the issue. If it is non-zero, set it.
* Enable TCP_WRAPPERs for the NIS server. The protection afforded ismarkm2002-02-061-0/+6
| | | | not massive, but usable.
* Install PROTO.localhost-v6.rev. Umm, it seems namedb/Makefileume2002-02-061-1/+2
| | | | is not used.
* Install PROTO.localhost-v6.rev.ume2002-02-061-1/+2
| | | | | Reported by: Scott Allendorf <scott-allendorf@uiowa.edu> Forgot by: me (ume)
* Add the MTA users 'mailnull' and 'smmp'.sheldonh2002-02-041-0/+2
| | | | | | PR: conf/34535 Submitted by: Ceri <setantae@submonkey.net> MFC after: 1 week
* Use MACHINE_ARCH instead of MACHINE to check i386 arch.nyan2002-02-041-2/+2
| | | | MFC after: 3 days
* Add pam_self(8) so users can login(1) as themselves without authentication,des2002-01-301-0/+4
| | | | | | | | pam_login_access(8) and pam_securetty(8) to enforce various checks previously done by login(1) but now handled by PAM, and pam_lastlog(8) to record login sessions in utmp / wtmp / lastlog. Sponsored by: DARPA, NAI Labs
* Use pam_self(8) to allow users to su(1) to themselves without authentication.des2002-01-301-0/+1
| | | | Sponsored by: DARPA, NAI Labs
* Added this makefile. This is not attached to the build yet. I oftenbde2002-01-302-0/+16
| | | | | install parts of /etc manually and it helps to have a makefile for each subdir even if the main makefile doesn't invoke it.
* By commit of usr.sbin/pccard/pccardd/cardd.c at Nov 29 (Decsanpei2002-01-291-4/+4
| | | | | | | | | | | | | | | | | | | | 10 in -STABLE), pccardd's string comparison between pccard.conf's entry and PC card's CIS tupple became strict matching. As influences of this commit, some PC cards don't work since some /etc/default/pccard.conf's card identifiers entries are incorrectly described. - Lexar Media compact flash - IO DATA CBIDE2 in 16 bit mode - TOSHIBA Portable 24X Speed CD-ROM Drive PA2673UJ - Hewlett Packard M820e (CD-writer) Update these card configs. PR: 33815 Obtained from: [bsd-nomads:16128]
* Tidy up gecos field for `bin'.ru2002-01-291-1/+1
|
* Uncomment kserver-adm, which is IANA-sanctioned and has no apparentsheldonh2002-01-291-2/+2
| | | | | | | | conflicts. PR: conf/34316 Submitted by: Sean Chittenden <sean@chittenden.org> MFC after: 2 weeks
* Add Linksys Instant Wireless WPC11 v2.5imp2002-01-291-0/+6
| | | | Submitted by: eliedtke@apogeetelecom.com
* Put a complete set of pppd(8) sample configuration files incjc2002-01-293-36/+2
| | | | | | | | | | /usr/share/examples/pppd. Remove the out-of-place pppd(8) configuration files in etc/ppp, ppp.shells.sample and ppp.deny. Make the appropriate changes to the build process, etc/Makefile and etc/mtree/BSD.usr.mtree, so it all works.
* Put a complete set of pppd(8) sample configuration files incjc2002-01-291-5/+2
| | | | | | | | | | | | | | | | | | /usr/share/examples/pppd. Update pppd(8) documentation to reflect this, usr.sbin/pppd/pppd.8. Remove the out-of-place pppd(8) configuration files in etc/ppp, ppp.shells.sample and ppp.deny. Make the appropriate changes to the build process, etc/Makefile and etc/mtree/BSD.usr.mtree, so it all works. The files from etc/ppp, ppp.shells.sample and ppp.deny, were moved with a repo copy. Note it in the logs with a forced commit to these two. Submitted by: Maxim Konovalov <maxim@macomnet.ru> provided the new samples.
* Register amd's dependency on NFS.sheldonh2002-01-288-252/+358
| | | | | | | | This change was submitted to the freebsd-audit mailing list for review but received no feedback. Hindsight-enabled reviews are welcome. PR: conf/31358 Submitted: Thomas Quinot <thomas@cuivre.fr.eu.org>
* Add ADLINK340C wireless card mentioned in nomads.imp2002-01-281-0/+6
| | | | | | | | # This card has the same PCMCIA and OEM id as ELSA XI300 wireless card, which # appears to be listed elsewhere in this file. Submitted by: Abe Toshiaki-san <ans@sun-tec.co.jp> MFC After: 5 days
* Make the rc.conf(5) 'log_in_vain' knob an integer.cjc2002-01-268-22/+85
| | | | | | | | | | Try this out in -CURRENT, MFC, and then consider dropping the 'log_in_vain' knob all together. It really is something for sysctl.conf(5). PR: bin/32953 Reviewed by: -bugs discussion MFC after: 1 week
* Add local/share/java/classes, local/share/sgml, local/share/xmldes2002-01-231-0/+8
| | | | | Approved by: ru, silence on -ports MFC after: 1 week
* Do not taint ::/124 for localhost reverse table.ume2002-01-223-2/+26
|
* Reincarnate SETUID code in man(1), not compiled in by default.ru2002-01-224-7/+17
| | | | | | The code will be fixed for all known security vulnerabilities, and a make.conf(5) knob (ENABLE_SUID_MAN) will be provided for those who still want it installed setuid for whatever reasons.
* Enable OPIE by default, using the no_fake_prompts option to hide it fromdes2002-01-219-23/+40
| | | | | | | | | | | | | | users who don't wish to use it. If the admin is worried about leaking information about which users exist and which have OPIE enabled, the no_fake_prompts option can simply be removed. Also insert the appropriate pam_opieaccess lines after pam_opie to break the chain in case the user is logging in from an untrusted host, or has a .opiealways file. The entire opieaccess / opiealways concept is slightly unpammish, but admins familiar with OPIE will expect it to work. Reviewed by: ache, markm Sponsored by: DARPA, NAI Labs
* Really back out ache's commits. These files are now precisely as they weredes2002-01-193-4/+7
| | | | twentyfour hours ago, except for RCS ids.
* Back out recent changesache2002-01-193-3/+3
|
* Turn on pam_opie by default. It should not affect non-OPIE users.ache2002-01-191-1/+1
|
* Turn on pam_opie by default. It not affect non-OPIE usersache2002-01-191-2/+1
|
* Previous commit was incomplete, useache2002-01-191-1/+1
| | | | | "[default=ignore success=done cred_err=die]" options instead of "required"
* Add flags 0x10000 to IO Data WN-B11/PCM's entry. Evidentally, theyimp2002-01-191-1/+1
| | | | | | | changed firmware and the new cards don't work without this. Submitted by: ume MFC after: 3 days
* Remove explaining comment and pam_unix commented out, now pam_unix can beache2002-01-191-4/+1
| | | | chained with pam_opie
* Change comment since fallback provided now not by ftpd but by pam_opieache2002-01-191-1/+2
|
OpenPOWER on IntegriCloud