#
272461 |
|
02-Oct-2014 |
gjb |
Copy stable/10@r272459 to releng/10.1 as part of the 10.1-RELEASE process.
Approved by: re (implicit) Sponsored by: The FreeBSD Foundation |
#
256281 |
|
10-Oct-2013 |
gjb |
Copy head (r256279) to stable/10 as part of the 10.0-RELEASE cycle.
Approved by: re (implicit) Sponsored by: The FreeBSD Foundation
|
#
197769 |
|
05-Oct-2009 |
des |
tabify
MFC after: 3 weeks
|
#
170510 |
|
10-Jun-2007 |
yar |
Now pam_nologin(8) will provide an account management function instead of an authentication function. There are a design reason and a practical reason for that. First, the module belongs in account management because it checks availability of the account and does no authentication. Second, there are existing and potential PAM consumers that skip PAM authentication for good or for bad. E.g., sshd(8) just prefers internal routines for public key auth; OTOH, cron(8) and atrun(8) do implicit authentication when running a job on behalf of its owner, so their inability to use PAM auth is fundamental, but they can benefit from PAM account management.
Document this change in the manpage.
Modify /etc/pam.d files accordingly, so that pam_nologin.so is listed under the "account" function class.
Bump __FreeBSD_version (mostly for ports, as this change should be invisible to C code outside pam_nologin.)
PR: bin/112574 Approved by: des, re
|
#
145613 |
|
28-Apr-2005 |
des |
X logins should be recorded in lastlog / wtmp / utmp. I have no idea why this wasn't there already... it makes much more sense this way.
MFC after: 2 weeks
|
#
126056 |
|
20-Feb-2004 |
des |
the default password policy for xdm should be pam_deny, since it is incapable of holding a meaningful conversation.
|
#
114337 |
|
30-Apr-2003 |
markm |
The PAM module pam_krb5 does not have "session" capabilities. Don't give examples of such use, this is bogus.
|
#
111982 |
|
08-Mar-2003 |
markm |
Initiate KerberosIV de-orbit burn. Disconnect the /etc configs.
|
#
110992 |
|
16-Feb-2003 |
des |
Add the want_agent option to the commented-out "session" pam_ssh entry.
|
#
110608 |
|
09-Feb-2003 |
des |
Major cleanup & homogenization.
|
#
95912 |
|
02-May-2002 |
des |
xdm plays horrid tricks with PAM, and dumps core if it's allowed to call pam_lastlog, so add a dummy session chain to avoid using the one from pam.d/other. I assume gdm does something similar, so give it a dummy session chain as well.
Sponsored by: DARPA, NAI Labs.
|
#
95006 |
|
18-Apr-2002 |
des |
Don't list pam_unix in the session chain, since it does not provide any session management services.
Sponsored by: DARPA, NAI Labs
|
#
87423 |
|
05-Dec-2001 |
des |
Awright, egg on my face. I should have taken more time with this. The conversion script generated the wrong format, so the configuration files didn't actually work. Good thing I hadn't thrown the switch yet...
Sponsored by: DARPA, NAI Labs (but the f***ups are all mine)
|
#
87419 |
|
05-Dec-2001 |
des |
pam.d-style configuration, auto-generated from pam.conf.
Sponsored by: DARPA, NAI Labs
|