From fbfd675a532a85858530d9ad7bdd63d563189bec Mon Sep 17 00:00:00 2001
From: jim-p <jimp@pfsense.org>
Date: Fri, 8 Apr 2011 08:59:50 -0400
Subject: Add an IPsec xauth permission. Try to use the nologin shell first
 (just unlock the account). Ticket #1202

---
 etc/inc/auth.inc | 2 ++
 1 file changed, 2 insertions(+)

(limited to 'etc/inc/auth.inc')

diff --git a/etc/inc/auth.inc b/etc/inc/auth.inc
index 159e791..239d7de 100644
--- a/etc/inc/auth.inc
+++ b/etc/inc/auth.inc
@@ -360,6 +360,8 @@ function local_user_set(& $user) {
 		$user_shell = "/usr/local/bin/scponly";
 	} elseif (userHasPrivilege($user, "user-ssh-tunnel")) {
 		$user_shell = "/usr/local/sbin/ssh_tunnel_shell";
+	} elseif (userHasPrivilege($user, "user-ipsec-xauth-dialin")) {
+		$user_shell = "/sbin/nologin";
 	} else {
 		$user_shell = "/sbin/nologin";
 		$lock_account = true;
-- 
cgit v1.1