#
303975 |
|
11-Aug-2016 |
gjb |
Copy stable/11@r303970 to releng/11.0 as part of the 11.0-RELEASE cycle.
Prune svn:mergeinfo from the new branch, and rename it to RC1.
Update __FreeBSD_version.
Use the quarterly branch for the default FreeBSD.conf pkg(8) repo and the dvd1.iso packages population.
Approved by: re (implicit) Sponsored by: The FreeBSD Foundation |
#
302408 |
|
08-Jul-2016 |
gjb |
Copy head@r302406 to stable/11 as part of the 11.0-RELEASE cycle. Prune svn:mergeinfo from the new branch, as nothing has been merged here.
Additional commits post-branch will follow.
Approved by: re (implicit) Sponsored by: The FreeBSD Foundation
|
#
197769 |
|
05-Oct-2009 |
des |
tabify
MFC after: 3 weeks
|
#
170510 |
|
10-Jun-2007 |
yar |
Now pam_nologin(8) will provide an account management function instead of an authentication function. There are a design reason and a practical reason for that. First, the module belongs in account management because it checks availability of the account and does no authentication. Second, there are existing and potential PAM consumers that skip PAM authentication for good or for bad. E.g., sshd(8) just prefers internal routines for public key auth; OTOH, cron(8) and atrun(8) do implicit authentication when running a job on behalf of its owner, so their inability to use PAM auth is fundamental, but they can benefit from PAM account management.
Document this change in the manpage.
Modify /etc/pam.d files accordingly, so that pam_nologin.so is listed under the "account" function class.
Bump __FreeBSD_version (mostly for ports, as this change should be invisible to C code outside pam_nologin.)
PR: bin/112574 Approved by: des, re
|
#
114337 |
|
30-Apr-2003 |
markm |
The PAM module pam_krb5 does not have "session" capabilities. Don't give examples of such use, this is bogus.
|
#
111982 |
|
08-Mar-2003 |
markm |
Initiate KerberosIV de-orbit burn. Disconnect the /etc configs.
|
#
110993 |
|
16-Feb-2003 |
des |
Add the allow_local option to all pam_opieaccess entries.
|
#
110608 |
|
10-Feb-2003 |
des |
Major cleanup & homogenization.
|
#
95006 |
|
18-Apr-2002 |
des |
Don't list pam_unix in the session chain, since it does not provide any session management services.
Sponsored by: DARPA, NAI Labs
|
#
89619 |
|
21-Jan-2002 |
des |
Enable OPIE by default, using the no_fake_prompts option to hide it from users who don't wish to use it. If the admin is worried about leaking information about which users exist and which have OPIE enabled, the no_fake_prompts option can simply be removed.
Also insert the appropriate pam_opieaccess lines after pam_opie to break the chain in case the user is logging in from an untrusted host, or has a .opiealways file. The entire opieaccess / opiealways concept is slightly unpammish, but admins familiar with OPIE will expect it to work.
Reviewed by: ache, markm Sponsored by: DARPA, NAI Labs
|
#
89569 |
|
19-Jan-2002 |
des |
Really back out ache's commits. These files are now precisely as they were twentyfour hours ago, except for RCS ids.
|
#
89567 |
|
19-Jan-2002 |
ache |
Back out recent changes
|
#
89551 |
|
19-Jan-2002 |
ache |
Previous commit was incomplete, use "[default=ignore success=done cred_err=die]" options instead of "required"
|
#
89547 |
|
19-Jan-2002 |
ache |
Remove explaining comment and pam_unix commented out, now pam_unix can be chained with pam_opie
|
#
89532 |
|
19-Jan-2002 |
ache |
Change comment since fallback provided now not by ftpd but by pam_opie
|
#
89290 |
|
12-Jan-2002 |
des |
Back out previous commit, which erroneously removed essential comments. I definitely need coffee.
Apologies to: ache
|
#
89286 |
|
12-Jan-2002 |
des |
Sync with pam.conf revision 1.25.
|
#
88807 |
|
02-Jan-2002 |
ache |
Improve pam_unix/opie related ftpd comment even more
|
#
88766 |
|
01-Jan-2002 |
ache |
Clarify comment about pam_unix fallback for ftpd
|
#
88764 |
|
01-Jan-2002 |
ache |
Turn on pam_opie.so for ftpd by default It not affect non-OPIE users
|
#
87423 |
|
05-Dec-2001 |
des |
Awright, egg on my face. I should have taken more time with this. The conversion script generated the wrong format, so the configuration files didn't actually work. Good thing I hadn't thrown the switch yet...
Sponsored by: DARPA, NAI Labs (but the f***ups are all mine)
|
#
87419 |
|
05-Dec-2001 |
des |
pam.d-style configuration, auto-generated from pam.conf.
Sponsored by: DARPA, NAI Labs
|