summaryrefslogtreecommitdiffstats
path: root/lib/libpam
Commit message (Collapse)AuthorAgeFilesLines
* In account management, verify whether the account has been lockedyar2007-03-272-3/+22
| | | | | | | | | | | | | | with `pw lock', so that it's impossible to log into a locked account using an alternative authentication mechanism, such as an ssh key. This change affects only accounts locked with pw(8), i.e., having a `*LOCKED*' prefix in their password hash field, so people still can use a different pattern to disable password authentication only. Mention all account management criteria in the manpage. Approved by: maintainer (timeout) PR: bin/71147 MFC after: 1 month
* Send not only Access Request, but also Access Challenge with definedpjd2007-01-201-5/+7
| | | | | | | NAS-Identifier and NAS-IP-Address. Reviewed by: bz MFC after: 1 month
* childerr needs to be volatile so gcc won't optimize it away.des2006-11-101-1/+2
| | | | | PR: bin/85830 MFC after: 1 week
* The pam_unix module also provides password management.ru2006-10-121-7/+8
| | | | | | PR: docs/93491 Submitted by: Lior Kadosh MFC after: 3 days
* Fix build.ru2006-09-301-0/+1
|
* Reject user with names that are longer than OPIE is willing to deal with;des2006-09-151-4/+13
| | | | | | | otherwise OPIE will happily truncate it. Spotted by: ghelmer MFC after: 2 weeks
* Bump .Dd.joel2006-09-131-1/+1
| | | | Noticed by: danger
* Remove references to the pam(8) manual page. It does not exist.joel2006-09-131-1/+0
| | | | | Requested by: novel Discussed with: brueffer, simon
* Additional debugging stuff I had in my tree.des2006-08-111-3/+10
|
* Change the GCC specific __FUNCTION__ to C99's __func__.stefanf2006-07-171-1/+1
| | | | OK'ed by: des
* Add a manual dependency on ssh_namespace.h.des2006-05-131-2/+6
| | | | Discussed with: ru
* Introduce a namespace munging hack inspired by NetBSD to avoid pollutingdes2006-05-131-1/+1
| | | | | | | | the namespace of applications which inadvertantly link in libssh (usually through pam_ssh) Suggested by: lukem@netbsd.org MFC after: 6 weeks
* There is no need to pass NULL to the pam_error() as the last argument.wkoszek2006-03-201-1/+1
| | | | | | | Remove it. Reviewed by: des Approved by: cognet (mentor)
* Fix build until I find a way to handle this case properly.ru2006-03-192-1/+2
|
* Revert last delta.ru2006-03-191-1/+1
|
* Comment out MK_PROFILE until ru@ can fix this properlyphk2006-03-191-1/+1
|
* Convert NO_PROFILE and NO_LIB32 to new style.ru2006-03-181-1/+1
|
* Reimplementation of world/kernel build options. For details, see:ru2006-03-172-3/+7
| | | | | | | | http://lists.freebsd.org/pipermail/freebsd-current/2006-March/061725.html The src.conf(5) manpage is to follow in a few days. Brought to you by: imp, jhb, kris, phk, ru (all bugs are mine)
* Add appropriate xrefs.yar2006-03-062-2/+3
| | | | MFC after: 3 days
* Since the whole login.access feature has moved to PAM,yar2006-03-061-1/+1
| | | | | | | login.access.5 will be installed from the respective PAM module's src directory. MFC after: 3 days
* Sync with src/usr.bin/login/login.access.5.yar2006-03-061-5/+1
| | | | | | | | src/usr.bin/login/login.access.5 should be removed from use because the whole login.access feature has moved to this PAM module. MFC after: 3 days
* Commenting out WARNS actually brought it up to 4.ru2005-09-281-1/+1
|
* Comment out WARNS, the OpenSSL headers don't compile cleanly on some platforms.des2005-09-281-1/+1
|
* Increase WARNS.des2005-09-261-1/+1
|
* Correct the logic for determining whether the user has already entereddes2005-09-261-4/+7
| | | | | | a password. Also, work around some harmless type pun warnings. MFC after: 3 days
* Do not use passphraseless keys for authentication unless the nullokdes2005-09-222-2/+13
| | | | | | | | option was specified. PR: bin/81231 Submitted by: "Daniel O'Connor" <doconnor@gsoft.com.au> MFC after: 3 days
* Narrow the use of user credentials.des2005-09-211-14/+10
| | | | | | Fix one case where openpam_restore_cred() might be called twice in a row. MFC after: 3 days
* When (re)allocating space for an array of pointers to char, usecperciva2005-09-191-1/+1
| | | | | | | | | | | | sizeof(*list), not sizeof(**list). (i.e., sizeof(pointer) rather than sizeof(char)). It is possible that this buffer overflow is exploitable, but it was added after RELENG_5 forked and hasn't been MFCed, so this will not receive an advisory. Submitted by: Vitezslav Novy MFC after: 1 day
* Bump the shared library version number of all libraries that have notkensmith2005-07-221-1/+1
| | | | | | | been bumped since RELENG_5. Reviewed by: ru Approved by: re (not needed for commit check but in principle...)
* Missed one piece of the cluster's quirk. Need to override WARNS becausekensmith2005-07-081-0/+1
| | | | | | | | if _FREEFALL_CONFIG is set gcc bails since pam_sm_setcred() in pam_krb5.c no longer uses any of its parameters. Pointy hat: kensmith Approved by: re (scottl)
* This is sort of an MFS. Peter made these changes to the RELENG_*kensmith2005-07-072-0/+7
| | | | | | | | | | | | | | | | | | | branches but missed HEAD. This patch extends his a little bit, setting it up via the Makefiles so that adding _FREEFALL_CONFIG to /etc/make.conf is the only thing needed to cluster-ize things (current setup also requires overriding CFLAGS). From Peter's commit to the RELENG_* branches: > Add the freebsd.org custer's source modifications under #ifdefs to aid > keeping things in sync. For ksu: > * install suid-root by default > * don't fall back to asking for a unix password (ie: be pure kerberos) > * allow custom user instances for things like www and not just root The Makefile tweaks will be MFC-ed, the rest is already done. MFC after: 3 days Approved by: re (dwhite)
* Use the correct login class when setting a new password.des2005-07-051-1/+1
| | | | | | | PR: 65557, 72949 Submitted by: Stephen P. Cravey <clists@gotbrains.org> Approved by: re (scottl) MFC after: 2 weeks
* Update for OpenPAM Figwort.des2005-06-172-1/+6
| | | | Approved by: re (kensmith)
* Assorted markup fixes.ru2005-06-151-1/+1
| | | | Approved by: re
* Don't use a cast as an lvalue.des2005-06-131-3/+3
| | | | | | | | Add a redundant test to make it painfully obvious to the reader that this code does not support IPv6. Approved by: re (dwhite) MFC after: 1 week
* Use appropriate error codes for each facility instead of just PAM_AUTH_ERR.des2005-06-101-4/+4
| | | | Noticed by: pjd
* Revert the commits that made libssh an INTERNALLIB; they caused too muchdes2005-06-071-2/+1
| | | | | | trouble, especially on amd64. Requested by: ru
* Fix libssh dependency.des2005-06-061-1/+2
|
* NI_WITHSCOPEID cleanupume2005-05-131-1/+1
| | | | Reviewed by: des
* Expand *n't contractions.ru2005-02-131-1/+1
|
* In addition to the PAM environment, export a handful of useful PAM items.des2005-02-012-8/+62
| | | | Suggested by: Ed Maste <emaste@phaedrus.sandvine.ca>
* Add openpam_free_envlist(3).des2005-02-011-0/+2
|
* When "no_ccache" is set as an argument to the pam_krb5 module, don'trwatson2005-01-241-0/+4
| | | | | | | | | copy the acquired TGT from the in-memory cache to the on-disk cache at login. This was documented but un-implemented behavior. MFC after: 1 week PR: bin/64464 Reported and tested by: Eric van Gyzen <vangyzen at stat dot duke dot edu>
* The final argument to verify_krb_v5_tgt() is the debug flag, not therwatson2005-01-231-2/+3
| | | | | | | | | ticket forwardable flag, so key generation of debugging output to "debug" rather than "forwardable". Update copyright. MFC after: 3 days
* Fixed xref.ru2005-01-212-3/+3
|
* NOCRYPT -> NO_CRYPTru2004-12-211-2/+2
|
* NOINSTALLLIB -> NO_INSTALLLIBru2004-12-211-1/+1
|
* NODOCCOMPRESS -> NO_DOCCOMPRESSru2004-12-212-3/+3
| | | | | | | | NOINFO -> NO_INFO NOINFOCOMPRESS -> NO_INFOCOMPRESS NOLINT -> NO_LINT NOPIC -> NO_PIC NOPROFILE -> NO_PROFILE
* Add knob NO_NIS (fka NO_YP_LIBC) and make world compileable when set.bz2004-11-131-3/+7
| | | | | | | | | | | If turned on no NIS support and related programs will be built. Lost parts rediscovered by: Danny Braniss <danny at cs.huji.ac.il> PR: bin/68303 No objections: des, gshapiro, nectar Reviewed by: ru Approved by: rwatson (mentor) MFC after: 2 weeks
* For variables that are only checked with defined(), don't provideru2004-10-242-4/+4
| | | | any fake value.
OpenPOWER on IntegriCloud