summaryrefslogtreecommitdiffstats
path: root/lib/libpam
Commit message (Collapse)AuthorAgeFilesLines
* Bump .Dd date.delphij2010-05-031-1/+1
| | | | Forgotten by: delphij
* Code indent according to style(9).mm2010-05-031-23/+23
| | | | | | | PR: bin/146186 Submitted by: myself Approved by: delphij (mentor) MFC after: 2 weeks
* Implement the no_user_check option to pam_krb5.mm2010-05-032-1/+12
| | | | | | | | | | | | | | | This option is available in the Linux implementation of pam_krb5 and allows to authorize a user not known to the local system. Ccache is not used as we don't have a secure uid/gid for the cache file. Usable for authentication of external kerberos users (e.g Active Directory) via PAM from applications like Cyrus saslauthd, PHP or perl. PR: bin/146186 Submitted by: myself Approved by: deplhij (mentor) MFC after: 2 weeks
* Upgrade to OpenSSH 5.4p1.des2010-03-091-0/+3
| | | | MFC after: 1 month
* Remove redundant WARNS?=6 overrides and inherit the WARNS setting fromuqs2010-03-022-1/+2
| | | | | | | | the toplevel directory. This does not change any WARNS level and survives a make universe. Approved by: ed (co-mentor)
* Always assign WARNS using ?=uqs2010-03-021-1/+1
| | | | | | | - fix some nearby style bugs - include Makefile.inc where it makes sense and reduces duplication Approved by: ed (co-mentor)
* %U was macroized in mdoc(7), escape.ru2010-02-161-1/+1
|
* Respect passwordtime from login.conf if set.des2010-02-021-2/+9
| | | | | | PR: bin/93473 Submitted by: Björn König <bkoenig@cs.tu-berlin.de> MFC after: 1 week
* Remove stale references to utmp(5) and its corresponding filenames.ed2010-01-211-7/+2
| | | | I removed utmp and its manpage, but not other manpages referring to it.
* Let pam_lastlog use random ut_id's.ed2010-01-182-14/+42
| | | | | | | | | | | | | | | | | By using random values for ut_id, not based on the TTY name, it is possible to run for example login(1) multiple times on the same TTY, without overwriting any previous records. The output of w(1) will then be as follows: | 12:26PM up 2 days, 2:31, 5 users, load averages: 0.01, 0.03, 0.03 | USER TTY FROM LOGIN@ IDLE WHAT | ed pts/2 mekker.80386.nl 12:26PM - w | root pts/2 - 12:26PM - w | root pts/2 - 12:26PM - w | root pts/2 - 12:26PM - w Approved by: des
* Unbreak builds with _FREEFALL_CONFIG=yes, by forcing a lower WARNSmarcel2010-01-171-0/+1
| | | | level in that case.
* Let pam_lastlog use utmpx instead of libulog's utmpx interface.ed2010-01-131-5/+6
| | | | | It will still use ulog_login(3) and ulog_logout(3), which will remain present.
* Build lib/ with WARNS=6 by default.ed2010-01-025-5/+4
| | | | | | | | | Similar to libexec/, do the same with lib/. Make WARNS=6 the norm and lower it when needed. I'm setting WARNS?=0 for secure/. It seems secure/ includes the Makefile.inc provided by lib/. I'm not going to touch that directory. Most of the code there is contributed anyway.
* Several refinements to libulog's API.ed2009-12-261-1/+1
| | | | | | | | | - Only set the fields in the ulog_utmpx structure that are valid for the command in question. This means that strings like "shutdown" or "~" are not visible to the user anymore. - Rename UTXF_* to UTXI_*, indicating the indexation, instead of using the `antique' filename. If we ever get rid of utmp, it makes little sense calling it by its old name.
* Convert pam_lastlog(8) to libulog.ed2009-12-112-84/+22
| | | | | | | | | | | The information used by the "Last login:"-line is obtained by using ulog_setutxfile(3) to switch to the lastlog database. Login and logout are performed using the utility functions ulog_login(3) and ulog_logout(3). This also means we must build libulog during bootstrap. Approved by: des
* Note that nullok should not be used by processes that can't access thedes2009-11-131-0/+11
| | | | | | | password database. PR: bin/126650, misc/140514 MFC after: 1 week
* pam_ssh needs roaming_dummy to link correctly against libssh.des2009-10-051-0/+3
|
* Prevents pam_lastlog from segfaulting on session close when tty is null.jon2009-08-301-0/+5
| | | | MFC after: 1 month
* Bump the version of all non-symbol-versioned shared libraries inkensmith2009-07-191-1/+1
| | | | | | | | preparation for 8.0-RELEASE. Add the previous version of those libraries to ObsoleteFiles.inc and bump __FreeBSD_Version. Reviewed by: kib Approved by: re (rwatson)
* Rewrap; this was getting painful. Translators can ignore this.des2009-06-201-59/+36
| | | | MFC after: 1 week
* Reword.des2009-06-201-4/+2
| | | | MFC after: 1 week
* Include <stdio.h> for asprintf().ed2009-06-141-0/+1
| | | | Submitted by: Pawel Worach
* Don't try to auto-detect dynamic linking; it fails on mips. The Makefiledes2009-02-171-0/+3
| | | | | | part of the patch is an ugly (and hopefully temporary) hack. Discussed with: imp@
* Add new heimdal-1.1 library.dfr2008-05-151-2/+2
|
* Fix conflicts after heimdal-1.1 import and add build infrastructure. Importdfr2008-05-071-2/+2
| | | | all non-style changes made by heimdal to our own libgssapi.
* Adjust for OpenPAM Hydrangea.des2007-12-214-7/+8
|
* Correct documentation of ~/.opiealwaysdes2007-10-261-3/+5
| | | | | | PR: 117512 Submitted by: Jeremy C. Reed <reed@reedmedia.net> MFC after: 1 week
* - Convert NO_INSTALLLIB option to a new syntax: makefiles shouldru2007-10-201-0/+1
| | | | | | | | | | | test MK_INSTALLLIB, users can set WITHOUT_INSTALLLIB. The old NO_INSTALLLIB is still supported as several makefiles set it. - While here, fix an install when instructed not to install libs (usr.bin/lex/lib/Makefile). PR: bin/114200 Submitted by: Henrik Brix Andersen
* Apply the same error checks to PAM_TTY in pam_sm_close_session() as indes2007-07-221-1/+9
| | | | | | | | pam_sm_open_session(), avoiding false negatives when no tty is present. Submitted by: Todd C. Miller <millert@courtesan.com> Approved by: re (rwatson) MFC after: 2 weeks
* Whitespace cleanupdes2007-07-221-6/+6
| | | | Approved by: re (rwatson)
* - Bump share library version which were missed in last bumprafan2007-06-181-1/+1
| | | | | | Reported by: jhb Discussed with: deischen, des, doubg, harti Approved by: re (kensmith)
* Use the current user's login class for the decisions about whereyar2007-06-142-45/+59
| | | | | | | | | | the nologin(5) file is located and whether the user may bypass its restriction. Add some error checks. Approved by: des PR: bin/107612
* Now pam_nologin(8) will provide an account management functionyar2007-06-102-20/+11
| | | | | | | | | | | | | | | | | | | | | | | instead of an authentication function. There are a design reason and a practical reason for that. First, the module belongs in account management because it checks availability of the account and does no authentication. Second, there are existing and potential PAM consumers that skip PAM authentication for good or for bad. E.g., sshd(8) just prefers internal routines for public key auth; OTOH, cron(8) and atrun(8) do implicit authentication when running a job on behalf of its owner, so their inability to use PAM auth is fundamental, but they can benefit from PAM account management. Document this change in the manpage. Modify /etc/pam.d files accordingly, so that pam_nologin.so is listed under the "account" function class. Bump __FreeBSD_version (mostly for ports, as this change should be invisible to C code outside pam_nologin.) PR: bin/112574 Approved by: des, re
* Re-add support for NIS netgroups (heavily modified from patch in PR)des2007-05-251-4/+22
| | | | | | PR: bin/112955 Submitted by: A. Blake Cooper <blake@cluebie.net> MFC after: 3 weeks
* In account management, verify whether the account has been lockedyar2007-03-272-3/+22
| | | | | | | | | | | | | | with `pw lock', so that it's impossible to log into a locked account using an alternative authentication mechanism, such as an ssh key. This change affects only accounts locked with pw(8), i.e., having a `*LOCKED*' prefix in their password hash field, so people still can use a different pattern to disable password authentication only. Mention all account management criteria in the manpage. Approved by: maintainer (timeout) PR: bin/71147 MFC after: 1 month
* Send not only Access Request, but also Access Challenge with definedpjd2007-01-201-5/+7
| | | | | | | NAS-Identifier and NAS-IP-Address. Reviewed by: bz MFC after: 1 month
* childerr needs to be volatile so gcc won't optimize it away.des2006-11-101-1/+2
| | | | | PR: bin/85830 MFC after: 1 week
* The pam_unix module also provides password management.ru2006-10-121-7/+8
| | | | | | PR: docs/93491 Submitted by: Lior Kadosh MFC after: 3 days
* Fix build.ru2006-09-301-0/+1
|
* Reject user with names that are longer than OPIE is willing to deal with;des2006-09-151-4/+13
| | | | | | | otherwise OPIE will happily truncate it. Spotted by: ghelmer MFC after: 2 weeks
* Bump .Dd.joel2006-09-131-1/+1
| | | | Noticed by: danger
* Remove references to the pam(8) manual page. It does not exist.joel2006-09-131-1/+0
| | | | | Requested by: novel Discussed with: brueffer, simon
* Additional debugging stuff I had in my tree.des2006-08-111-3/+10
|
* Change the GCC specific __FUNCTION__ to C99's __func__.stefanf2006-07-171-1/+1
| | | | OK'ed by: des
* Add a manual dependency on ssh_namespace.h.des2006-05-131-2/+6
| | | | Discussed with: ru
* Introduce a namespace munging hack inspired by NetBSD to avoid pollutingdes2006-05-131-1/+1
| | | | | | | | the namespace of applications which inadvertantly link in libssh (usually through pam_ssh) Suggested by: lukem@netbsd.org MFC after: 6 weeks
* There is no need to pass NULL to the pam_error() as the last argument.wkoszek2006-03-201-1/+1
| | | | | | | Remove it. Reviewed by: des Approved by: cognet (mentor)
* Fix build until I find a way to handle this case properly.ru2006-03-192-1/+2
|
* Revert last delta.ru2006-03-191-1/+1
|
* Comment out MK_PROFILE until ru@ can fix this properlyphk2006-03-191-1/+1
|
OpenPOWER on IntegriCloud