268888 |
19-Jul-2014 |
des |
Check if the specified group is the user's primary group before iterating over the (possibly empty) list of members. Otherwise, we get a false negative when the target group has no members listed in /etc/group. This went mostly unnoticed because root is explicitly listed as a member of wheel, so the bug is never triggered in the most common use case, which is su(8).
PR: 109416 MFC after: 1 week
|
219563 |
12-Mar-2011 |
des |
Add "ruser" and "luser" options. The former corresponds to the current behavior, where the module checks that the supplicant is a member of the required group. The latter checks the target user instead. If neither option was specified, pam_group(8) assumes "ruser" and issues a warning. I intend to eventually change the default to "luser" to match the behavior of similarly-named service modules in other operating systems.
MFC after: 1 month
|
110453 |
06-Feb-2003 |
des |
Replace pam_wheel(8) with pam_group(8) which has a cleaner interface. The pam_wheel(8) module was written to work in spite of a broken libpam, and has grown organically since its inception, which is reflected in both its functionality and implementation. Rather than clean up pam_wheel(8) and break backward compatibility, I've chosen to reimplement it under a new, more generic name.
Sponsored by: DARPA, NAI Labs
|