| Commit message (Collapse) | Author | Age | Files | Lines |
| |
|
|
|
|
| |
all non-style changes made by heimdal to our own libgssapi.
|
| |
|
|
|
|
|
|
| |
PR: 117512
Submitted by: Jeremy C. Reed <reed@reedmedia.net>
MFC after: 1 week
|
|
|
|
|
|
|
|
|
|
|
| |
test MK_INSTALLLIB, users can set WITHOUT_INSTALLLIB. The old
NO_INSTALLLIB is still supported as several makefiles set it.
- While here, fix an install when instructed not to install libs
(usr.bin/lex/lib/Makefile).
PR: bin/114200
Submitted by: Henrik Brix Andersen
|
|
|
|
|
|
|
|
| |
pam_sm_open_session(), avoiding false negatives when no tty is present.
Submitted by: Todd C. Miller <millert@courtesan.com>
Approved by: re (rwatson)
MFC after: 2 weeks
|
|
|
|
| |
Approved by: re (rwatson)
|
|
|
|
|
|
| |
Reported by: jhb
Discussed with: deischen, des, doubg, harti
Approved by: re (kensmith)
|
|
|
|
|
|
|
|
|
|
| |
the nologin(5) file is located and whether the user may bypass its
restriction.
Add some error checks.
Approved by: des
PR: bin/107612
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
instead of an authentication function. There are a design reason
and a practical reason for that. First, the module belongs in
account management because it checks availability of the account
and does no authentication. Second, there are existing and potential
PAM consumers that skip PAM authentication for good or for bad.
E.g., sshd(8) just prefers internal routines for public key auth;
OTOH, cron(8) and atrun(8) do implicit authentication when running
a job on behalf of its owner, so their inability to use PAM auth
is fundamental, but they can benefit from PAM account management.
Document this change in the manpage.
Modify /etc/pam.d files accordingly, so that pam_nologin.so is listed
under the "account" function class.
Bump __FreeBSD_version (mostly for ports, as this change should be
invisible to C code outside pam_nologin.)
PR: bin/112574
Approved by: des, re
|
|
|
|
|
|
| |
PR: bin/112955
Submitted by: A. Blake Cooper <blake@cluebie.net>
MFC after: 3 weeks
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
with `pw lock', so that it's impossible to log into a locked account
using an alternative authentication mechanism, such as an ssh key.
This change affects only accounts locked with pw(8), i.e., having a
`*LOCKED*' prefix in their password hash field, so people still can
use a different pattern to disable password authentication only.
Mention all account management criteria in the manpage.
Approved by: maintainer (timeout)
PR: bin/71147
MFC after: 1 month
|
|
|
|
|
|
|
| |
NAS-Identifier and NAS-IP-Address.
Reviewed by: bz
MFC after: 1 month
|
|
|
|
|
| |
PR: bin/85830
MFC after: 1 week
|
|
|
|
|
|
| |
PR: docs/93491
Submitted by: Lior Kadosh
MFC after: 3 days
|
| |
|
|
|
|
|
|
|
| |
otherwise OPIE will happily truncate it.
Spotted by: ghelmer
MFC after: 2 weeks
|
|
|
|
| |
Noticed by: danger
|
|
|
|
|
| |
Requested by: novel
Discussed with: brueffer, simon
|
| |
|
|
|
|
| |
OK'ed by: des
|
|
|
|
| |
Discussed with: ru
|
|
|
|
|
|
|
|
| |
the namespace of applications which inadvertantly link in libssh (usually
through pam_ssh)
Suggested by: lukem@netbsd.org
MFC after: 6 weeks
|
|
|
|
|
|
|
| |
Remove it.
Reviewed by: des
Approved by: cognet (mentor)
|
| |
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
|
| |
http://lists.freebsd.org/pipermail/freebsd-current/2006-March/061725.html
The src.conf(5) manpage is to follow in a few days.
Brought to you by: imp, jhb, kris, phk, ru (all bugs are mine)
|
|
|
|
| |
MFC after: 3 days
|
|
|
|
|
|
|
| |
login.access.5 will be installed from the respective PAM
module's src directory.
MFC after: 3 days
|
|
|
|
|
|
|
|
| |
src/usr.bin/login/login.access.5 should be removed from use
because the whole login.access feature has moved to this PAM
module.
MFC after: 3 days
|
| |
|
| |
|
| |
|
|
|
|
|
|
| |
a password. Also, work around some harmless type pun warnings.
MFC after: 3 days
|
|
|
|
|
|
|
|
| |
option was specified.
PR: bin/81231
Submitted by: "Daniel O'Connor" <doconnor@gsoft.com.au>
MFC after: 3 days
|
|
|
|
|
|
| |
Fix one case where openpam_restore_cred() might be called twice in a row.
MFC after: 3 days
|
|
|
|
|
|
|
|
|
|
|
|
| |
sizeof(*list), not sizeof(**list). (i.e., sizeof(pointer) rather than
sizeof(char)).
It is possible that this buffer overflow is exploitable, but it was
added after RELENG_5 forked and hasn't been MFCed, so this will not
receive an advisory.
Submitted by: Vitezslav Novy
MFC after: 1 day
|
|
|
|
|
|
|
| |
been bumped since RELENG_5.
Reviewed by: ru
Approved by: re (not needed for commit check but in principle...)
|
|
|
|
|
|
|
|
| |
if _FREEFALL_CONFIG is set gcc bails since pam_sm_setcred() in pam_krb5.c
no longer uses any of its parameters.
Pointy hat: kensmith
Approved by: re (scottl)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
branches but missed HEAD. This patch extends his a little bit,
setting it up via the Makefiles so that adding _FREEFALL_CONFIG
to /etc/make.conf is the only thing needed to cluster-ize things
(current setup also requires overriding CFLAGS).
From Peter's commit to the RELENG_* branches:
> Add the freebsd.org custer's source modifications under #ifdefs to aid
> keeping things in sync. For ksu:
> * install suid-root by default
> * don't fall back to asking for a unix password (ie: be pure kerberos)
> * allow custom user instances for things like www and not just root
The Makefile tweaks will be MFC-ed, the rest is already done.
MFC after: 3 days
Approved by: re (dwhite)
|
|
|
|
|
|
|
| |
PR: 65557, 72949
Submitted by: Stephen P. Cravey <clists@gotbrains.org>
Approved by: re (scottl)
MFC after: 2 weeks
|
|
|
|
| |
Approved by: re (kensmith)
|
|
|
|
| |
Approved by: re
|
|
|
|
|
|
|
|
| |
Add a redundant test to make it painfully obvious to the reader that this
code does not support IPv6.
Approved by: re (dwhite)
MFC after: 1 week
|
|
|
|
| |
Noticed by: pjd
|
|
|
|
|
|
| |
trouble, especially on amd64.
Requested by: ru
|
| |
|
|
|
|
| |
Reviewed by: des
|