From 341beea7b903e9ef8ceb2e3b42557bbd8ca94fd1 Mon Sep 17 00:00:00 2001
From: des <des@FreeBSD.org>
Date: Wed, 5 Dec 2001 21:26:00 +0000
Subject: Awright, egg on my face.  I should have taken more time with this. 
 The conversion script generated the wrong format, so the configuration files
 didn't actually work.  Good thing I hadn't thrown the switch yet...

Sponsored by:	DARPA, NAI Labs (but the f***ups are all mine)
---
 etc/pam.d/README     |  4 ++--
 etc/pam.d/convert.pl |  8 ++++++--
 etc/pam.d/csshd      |  2 +-
 etc/pam.d/ftp        | 26 ++++++++++++------------
 etc/pam.d/ftpd       | 26 ++++++++++++------------
 etc/pam.d/gdm        | 26 ++++++++++++------------
 etc/pam.d/imap       |  8 ++++----
 etc/pam.d/kde        | 12 +++++------
 etc/pam.d/login      | 34 +++++++++++++++----------------
 etc/pam.d/other      | 12 +++++------
 etc/pam.d/pop3       |  8 ++++----
 etc/pam.d/rsh        |  8 ++++----
 etc/pam.d/sshd       | 10 +++++-----
 etc/pam.d/su         | 56 ++++++++++++++++++++++++++--------------------------
 etc/pam.d/telnetd    |  6 +++---
 etc/pam.d/xdm        | 26 ++++++++++++------------
 etc/pam.d/xserver    |  2 +-
 17 files changed, 139 insertions(+), 135 deletions(-)

(limited to 'etc/pam.d')

diff --git a/etc/pam.d/README b/etc/pam.d/README
index 6d2c260..9acbff6 100644
--- a/etc/pam.d/README
+++ b/etc/pam.d/README
@@ -14,12 +14,12 @@ is a summary of the format for the pam.conf and /etc/pam.d/* files.
 
 Configuration lines take the following form:
 
-service-name	module-type	control-flag	module-path	arguments
+module-type	control-flag	module-path	arguments
 
 Comments are introduced with a hash mark ('#').  Blank lines and lines
 consisting entirely of comments are ignored.
 
-The meanings of the various fields are as follows:
+The meanings of the different fields are as follows:
  
  module-type:
    auth:      prompt for a password to authenticate that the user is
diff --git a/etc/pam.d/convert.pl b/etc/pam.d/convert.pl
index d1f2d99..02d4103 100644
--- a/etc/pam.d/convert.pl
+++ b/etc/pam.d/convert.pl
@@ -40,6 +40,7 @@ use Fcntl;
 use vars qw(%SERVICES);
 
 MAIN:{
+    my $line;
     my $service;
     my $type;
     local *FILE;
@@ -47,8 +48,11 @@ MAIN:{
     while (<>) {
 	chomp();
 	s/\s*$//;
-	next unless m/^\#*(\w+)\s+(auth|account|session|password)\s+(\S.*)$/;
-	push(@{$SERVICES{$1}->{$2}}, $_);
+	next unless m/^(\#*)(\w+)\s+(auth|account|session|password)\s+(\S.*)$/;
+	$line = $1.$3;
+	$line .= "\t" x ((16 - length($line) + 7) / 8);
+	$line .= $4;
+	push(@{$SERVICES{$2}->{$3}}, $line);
     }
 
     foreach $service (keys(%SERVICES)) {
diff --git a/etc/pam.d/csshd b/etc/pam.d/csshd
index 9fd61f4..863160e 100644
--- a/etc/pam.d/csshd
+++ b/etc/pam.d/csshd
@@ -5,4 +5,4 @@
 #
 
 # auth
-csshd	auth	required	pam_opie.so	no_warn
+auth		required	pam_opie.so	no_warn
diff --git a/etc/pam.d/ftp b/etc/pam.d/ftp
index b1762e9..3a083ef 100644
--- a/etc/pam.d/ftp
+++ b/etc/pam.d/ftp
@@ -5,20 +5,20 @@
 #
 
 # auth
-ftp	auth	required	pam_nologin.so	no_warn
-#ftp	auth	sufficient	pam_kerberosIV.so	no_warn
-#ftp	auth	sufficient	pam_krb5.so	no_warn
-#ftp	auth	required	pam_opie.so	no_warn
-#ftp	auth	required	pam_ssh.so	no_warn try_first_pass
-ftp	auth	required	pam_unix.so	no_warn try_first_pass
+auth		required	pam_nologin.so	no_warn
+#auth		sufficient	pam_kerberosIV.so	no_warn
+#auth		sufficient	pam_krb5.so	no_warn
+#auth		required	pam_opie.so	no_warn
+#auth		required	pam_ssh.so	no_warn try_first_pass
+auth		required	pam_unix.so	no_warn try_first_pass
 
 # account
-#ftp	account	required	pam_kerberosIV.so
-#ftp	account	required	pam_krb5.so
-ftp	account	required	pam_unix.so
+#account	required	pam_kerberosIV.so
+#account	required	pam_krb5.so
+account		required	pam_unix.so
 
 # session
-#ftp	session	required	pam_kerberosIV.so
-#ftp	session	required	pam_krb5.so
-#ftp	session	required	pam_ssh.so
-ftp	session	required	pam_unix.so
+#session	required	pam_kerberosIV.so
+#session	required	pam_krb5.so
+#session	required	pam_ssh.so
+session		required	pam_unix.so
diff --git a/etc/pam.d/ftpd b/etc/pam.d/ftpd
index a3a677c..5d2784d 100644
--- a/etc/pam.d/ftpd
+++ b/etc/pam.d/ftpd
@@ -5,20 +5,20 @@
 #
 
 # auth
-ftpd	auth	required	pam_nologin.so	no_warn
-#ftpd	auth	sufficient	pam_kerberosIV.so	no_warn
-#ftpd	auth	sufficient	pam_krb5.so	no_warn
-#ftpd	auth	required	pam_opie.so	no_warn
-#ftpd	auth	required	pam_ssh.so	no_warn try_first_pass
-ftpd	auth	required	pam_unix.so	no_warn try_first_pass
+auth		required	pam_nologin.so	no_warn
+#auth		sufficient	pam_kerberosIV.so	no_warn
+#auth		sufficient	pam_krb5.so	no_warn
+#auth		required	pam_opie.so	no_warn
+#auth		required	pam_ssh.so	no_warn try_first_pass
+auth		required	pam_unix.so	no_warn try_first_pass
 
 # account
-#ftpd	account	required	pam_kerberosIV.so
-#ftpd	account	required	pam_krb5.so
-ftpd	account	required	pam_unix.so
+#account	required	pam_kerberosIV.so
+#account	required	pam_krb5.so
+account		required	pam_unix.so
 
 # session
-#ftpd	session	required	pam_kerberosIV.so
-#ftpd	session	required	pam_krb5.so
-#ftpd	session	required	pam_ssh.so
-ftpd	session	required	pam_unix.so
+#session	required	pam_kerberosIV.so
+#session	required	pam_krb5.so
+#session	required	pam_ssh.so
+session		required	pam_unix.so
diff --git a/etc/pam.d/gdm b/etc/pam.d/gdm
index e0fd313..84088d3 100644
--- a/etc/pam.d/gdm
+++ b/etc/pam.d/gdm
@@ -5,22 +5,22 @@
 #
 
 # auth
-gdm	auth	required	pam_nologin.so	no_warn
-#gdm	auth	sufficient	pam_kerberosIV.so	no_warn	try_first_pass
-#gdm	auth	sufficient	pam_krb5.so	no_warn	try_first_pass
-#gdm	auth	sufficient	pam_ssh.so	no_warn	try_first_pass
-gdm	auth	required	pam_unix.so	no_warn	try_first_pass
+auth		required	pam_nologin.so	no_warn
+#auth		sufficient	pam_kerberosIV.so	no_warn	try_first_pass
+#auth		sufficient	pam_krb5.so	no_warn	try_first_pass
+#auth		sufficient	pam_ssh.so	no_warn	try_first_pass
+auth		required	pam_unix.so	no_warn	try_first_pass
 
 # account
-#gdm	account	required	pam_kerberosIV.so
-#gdm	account	required	pam_krb5.so
-gdm	account	required	pam_unix.so
+#account	required	pam_kerberosIV.so
+#account	required	pam_krb5.so
+account		required	pam_unix.so
 
 # session
-#gdm	session	required	pam_kerberosIV.so
-#gdm	session	required	pam_krb5.so
-#gdm	session	required	pam_ssh.so
-gdm	session	required	pam_unix.so
+#session	required	pam_kerberosIV.so
+#session	required	pam_krb5.so
+#session	required	pam_ssh.so
+session		required	pam_unix.so
 
 # password
-gdm	password required	pam_deny.so
+password	required	pam_deny.so
diff --git a/etc/pam.d/imap b/etc/pam.d/imap
index 6911370..cfacfb8 100644
--- a/etc/pam.d/imap
+++ b/etc/pam.d/imap
@@ -5,7 +5,7 @@
 #
 
 # auth
-#imap	auth	required	pam_nologin.so	no_warn
-#imap	auth	required	pam_opie.so	no_warn
-#imap	auth	required	pam_ssh.so	no_warn try_first_pass
-#imap	auth	required	pam_unix.so	no_warn try_first_pass
+#auth		required	pam_nologin.so	no_warn
+#auth		required	pam_opie.so	no_warn
+#auth		required	pam_ssh.so	no_warn try_first_pass
+#auth		required	pam_unix.so	no_warn try_first_pass
diff --git a/etc/pam.d/kde b/etc/pam.d/kde
index 81fc590..0956488 100644
--- a/etc/pam.d/kde
+++ b/etc/pam.d/kde
@@ -5,9 +5,9 @@
 #
 
 # auth
-kde	auth	required	pam_nologin.so	no_warn
-#kde	auth	sufficient	pam_opie.so	no_warn
-#kde	auth	sufficient	pam_kerberosIV.so	no_warn try_first_pass
-#kde	auth	sufficient	pam_krb5.so	no_warn try_first_pass
-#kde	auth	required	pam_ssh.so	no_warn try_first_pass
-kde	auth	required	pam_unix.so	no_warn try_first_pass
+auth		required	pam_nologin.so	no_warn
+#auth		sufficient	pam_opie.so	no_warn
+#auth		sufficient	pam_kerberosIV.so	no_warn try_first_pass
+#auth		sufficient	pam_krb5.so	no_warn try_first_pass
+#auth		required	pam_ssh.so	no_warn try_first_pass
+auth		required	pam_unix.so	no_warn try_first_pass
diff --git a/etc/pam.d/login b/etc/pam.d/login
index 019a15a..ab7046b 100644
--- a/etc/pam.d/login
+++ b/etc/pam.d/login
@@ -5,26 +5,26 @@
 #
 
 # auth
-login	auth	required	pam_nologin.so	no_warn
-#login	auth	sufficient	pam_opie.so	no_warn
-#login	auth	sufficient	pam_kerberosIV.so	no_warn try_first_pass
-#login	auth	sufficient	pam_krb5.so	no_warn try_first_pass
-#login	auth	required	pam_ssh.so	no_warn try_first_pass
-login	auth	required	pam_unix.so	no_warn try_first_pass
+auth		required	pam_nologin.so	no_warn
+#auth		sufficient	pam_opie.so	no_warn
+#auth		sufficient	pam_kerberosIV.so	no_warn try_first_pass
+#auth		sufficient	pam_krb5.so	no_warn try_first_pass
+#auth		required	pam_ssh.so	no_warn try_first_pass
+auth		required	pam_unix.so	no_warn try_first_pass
 
 # account
-#login	account	required	pam_kerberosIV.so
-#login	account	required	pam_krb5.so
-login	account	required	pam_unix.so
+#account	required	pam_kerberosIV.so
+#account	required	pam_krb5.so
+account		required	pam_unix.so
 
 # session
-#login	session	required	pam_kerberosIV.so
-#login	session	required	pam_krb5.so
-#login	session	required	pam_ssh.so
-login	session	required	pam_unix.so
+#session	required	pam_kerberosIV.so
+#session	required	pam_krb5.so
+#session	required	pam_ssh.so
+session		required	pam_unix.so
 
 # password
-#login	password sufficient	pam_opie.so	no_warn
-#login	password sufficient	pam_kerberosIV.so	no_warn try_first_pass
-#login	password sufficient	pam_krb5.so	no_warn try_first_pass
-login	password required	pam_unix.so	no_warn try_first_pass
+#password	sufficient	pam_opie.so	no_warn
+#password	sufficient	pam_kerberosIV.so	no_warn try_first_pass
+#password	sufficient	pam_krb5.so	no_warn try_first_pass
+password	required	pam_unix.so	no_warn try_first_pass
diff --git a/etc/pam.d/other b/etc/pam.d/other
index 058a0b7..f4f758c 100644
--- a/etc/pam.d/other
+++ b/etc/pam.d/other
@@ -5,15 +5,15 @@
 #
 
 # auth
-other	auth	required	pam_nologin.so	no_warn
-#other	auth	required	pam_opie.so	no_warn
-other	auth	required	pam_unix.so	no_warn try_first_pass
+auth		required	pam_nologin.so	no_warn
+#auth		required	pam_opie.so	no_warn
+auth		required	pam_unix.so	no_warn try_first_pass
 
 # account
-other	account	required	pam_unix.so
+account		required	pam_unix.so
 
 # session
-other	session	required	pam_unix.so
+session		required	pam_unix.so
 
 # password
-other	password required	pam_deny.so
+password	required	pam_deny.so
diff --git a/etc/pam.d/pop3 b/etc/pam.d/pop3
index 32fafca..0cc10fb 100644
--- a/etc/pam.d/pop3
+++ b/etc/pam.d/pop3
@@ -5,7 +5,7 @@
 #
 
 # auth
-#pop3	auth	required	pam_nologin.so	no_warn
-#pop3	auth	required	pam_opie.so	no_warn
-#pop3	auth	required	pam_ssh.so	no_warn try_first_pass
-#pop3	auth	required	pam_unix.so	no_warn try_first_pass
+#auth		required	pam_nologin.so	no_warn
+#auth		required	pam_opie.so	no_warn
+#auth		required	pam_ssh.so	no_warn try_first_pass
+#auth		required	pam_unix.so	no_warn try_first_pass
diff --git a/etc/pam.d/rsh b/etc/pam.d/rsh
index b392415..2ddcacd 100644
--- a/etc/pam.d/rsh
+++ b/etc/pam.d/rsh
@@ -5,11 +5,11 @@
 #
 
 # auth
-rsh	auth	required	pam_nologin.so	no_warn
-rsh	auth	required	pam_deny.so	no_warn
+auth		required	pam_nologin.so	no_warn
+auth		required	pam_deny.so	no_warn
 
 # account
-rsh	account	required	pam_unix.so
+account		required	pam_unix.so
 
 # session
-rsh	session	required	pam_permit.so
+session		required	pam_permit.so
diff --git a/etc/pam.d/sshd b/etc/pam.d/sshd
index f28ff87..8dbb05f 100644
--- a/etc/pam.d/sshd
+++ b/etc/pam.d/sshd
@@ -5,14 +5,14 @@
 #
 
 # auth
-sshd	auth	required	pam_nologin.so	no_warn
-sshd	auth	required	pam_unix.so	no_warn try_first_pass
+auth		required	pam_nologin.so	no_warn
+auth		required	pam_unix.so	no_warn try_first_pass
 
 # account
-sshd	account	required	pam_unix.so
+account		required	pam_unix.so
 
 # session
-sshd	session	required	pam_permit.so
+session		required	pam_permit.so
 
 # password
-sshd	password required	pam_permit.so
+password	required	pam_permit.so
diff --git a/etc/pam.d/su b/etc/pam.d/su
index 085216c..8e3a9bc 100644
--- a/etc/pam.d/su
+++ b/etc/pam.d/su
@@ -5,37 +5,37 @@
 #
 
 # auth
-su	auth	sufficient	pam_rootok.so	no_warn
-su	auth	requisite	pam_wheel.so	no_warn auth_as_self noroot_ok
-#su	auth	sufficient	pam_kerberosIV.so	no_warn
-#su	auth	sufficient	pam_krb5.so	no_warn try_first_pass auth_as_self
-#su	auth	required	pam_opie.so	no_warn
-#su	auth	required	pam_ssh.so	no_warn try_first_pass
-su	auth	required	pam_unix.so	no_warn try_first_pass nullok
-#su	auth	sufficient	pam_rootok.so	no_warn
-##su	auth	sufficient	pam_kerberosIV.so	no_warn
-##su	auth	sufficient	pam_krb5.so	no_warn
-#su	auth	required	pam_opie.so	no_warn auth_as_self
-#su	auth	required	pam_unix.so	no_warn try_first_pass auth_as_self
+auth		sufficient	pam_rootok.so	no_warn
+auth		requisite	pam_wheel.so	no_warn auth_as_self noroot_ok
+#auth		sufficient	pam_kerberosIV.so	no_warn
+#auth		sufficient	pam_krb5.so	no_warn try_first_pass auth_as_self
+#auth		required	pam_opie.so	no_warn
+#auth		required	pam_ssh.so	no_warn try_first_pass
+auth		required	pam_unix.so	no_warn try_first_pass nullok
+#auth		sufficient	pam_rootok.so	no_warn
+##auth		sufficient	pam_kerberosIV.so	no_warn
+##auth		sufficient	pam_krb5.so	no_warn
+#auth		required	pam_opie.so	no_warn auth_as_self
+#auth		required	pam_unix.so	no_warn try_first_pass auth_as_self
 
 # account
-#su	account	required	pam_kerberosIV.so
-#su	account	required	pam_krb5.so
-su	account	required	pam_unix.so
-##su	account	required	pam_kerberosIV.so
-##su	account	required	pam_krb5.so
-#su	account	required	pam_unix.so
+#account	required	pam_kerberosIV.so
+#account	required	pam_krb5.so
+account		required	pam_unix.so
+##account	required	pam_kerberosIV.so
+##account	required	pam_krb5.so
+#account	required	pam_unix.so
 
 # session
-#su	session	required	pam_kerberosIV.so
-#su	session	required	pam_krb5.so
-#su	session	required	pam_ssh.so
-su	session	required	pam_unix.so
-##su	session	required	pam_kerberosIV.so
-##su	session	required	pam_krb5.so
-##su	session	required	pam_ssh.so
-#su	session	required	pam_unix.so
+#session	required	pam_kerberosIV.so
+#session	required	pam_krb5.so
+#session	required	pam_ssh.so
+session		required	pam_unix.so
+##session	required	pam_kerberosIV.so
+##session	required	pam_krb5.so
+##session	required	pam_ssh.so
+#session	required	pam_unix.so
 
 # password
-su	password required	pam_permit.so
-#su	password required	pam_permit.so
+password	required	pam_permit.so
+#password	required	pam_permit.so
diff --git a/etc/pam.d/telnetd b/etc/pam.d/telnetd
index 423de8e..dd9d5f4 100644
--- a/etc/pam.d/telnetd
+++ b/etc/pam.d/telnetd
@@ -5,8 +5,8 @@
 #
 
 # auth
-telnetd	auth	required	pam_nologin.so	no_warn
-telnetd	auth	required	pam_unix.so	no_warn try_first_pass
+auth		required	pam_nologin.so	no_warn
+auth		required	pam_unix.so	no_warn try_first_pass
 
 # account
-telnetd	account	required	pam_unix.so
+account		required	pam_unix.so
diff --git a/etc/pam.d/xdm b/etc/pam.d/xdm
index 8528e03..19e7ba8e 100644
--- a/etc/pam.d/xdm
+++ b/etc/pam.d/xdm
@@ -5,22 +5,22 @@
 #
 
 # auth
-xdm	auth	required	pam_nologin.so	no_warn
-#xdm	auth	sufficient	pam_kerberosIV.so	no_warn try_first_pass
-#xdm	auth	sufficient	pam_krb5.so	no_warn try_first_pass
-#xdm	auth	sufficient	pam_ssh.so	no_warn try_first_pass
-xdm	auth	required	pam_unix.so	no_warn try_first_pass
+auth		required	pam_nologin.so	no_warn
+#auth		sufficient	pam_kerberosIV.so	no_warn try_first_pass
+#auth		sufficient	pam_krb5.so	no_warn try_first_pass
+#auth		sufficient	pam_ssh.so	no_warn try_first_pass
+auth		required	pam_unix.so	no_warn try_first_pass
 
 # account
-#xdm	account	required	pam_kerberosIV.so
-#xdm	account	required	pam_krb5.so
-xdm	account	required	pam_unix.so
+#account	required	pam_kerberosIV.so
+#account	required	pam_krb5.so
+account		required	pam_unix.so
 
 # session
-#xdm	session	required	pam_kerberosIV.so
-#xdm	session	required	pam_krb5.so
-#xdm	session	required	pam_ssh.so
-xdm	session	required	pam_unix.so
+#session	required	pam_kerberosIV.so
+#session	required	pam_krb5.so
+#session	required	pam_ssh.so
+session		required	pam_unix.so
 
 # password
-xdm	password required	pam_deny.so
+password	required	pam_deny.so
diff --git a/etc/pam.d/xserver b/etc/pam.d/xserver
index 58fa760..81d7727 100644
--- a/etc/pam.d/xserver
+++ b/etc/pam.d/xserver
@@ -5,4 +5,4 @@
 #
 
 # auth
-xserver	auth	required	pam_permit.so	no_warn
+auth		required	pam_permit.so	no_warn
-- 
cgit v1.1