src-test2/lib/libpam/modules, branch release/7.2.0_cvs FreeBSD source tree https://cgit-dev.freebsd.org/src-test2/atom?h=release%2F7.2.0_cvs 2009-05-01T02:51:58Z Copy releng/7.2 to release/7.2.0 for FreeBSD 7.2-RELEASE. 2009-05-01T02:51:58Z Ken Smith kensmith@FreeBSD.org 2009-05-01T02:51:58Z urn:sha1:b205d83df7763ca1f099bce5ac12a05862a626c4 Approved by: re (implicit) This commit was manufactured to restore the state of the 7.2-RELEASE image. MFC: OpenPAM Hydrangea 2008-01-18T13:29:05Z Dag-Erling Smørgrav des@FreeBSD.org 2008-01-18T13:29:05Z urn:sha1:8acf0a5bc09a79b0d5328d6a2d9dba5eda072b17 MFC: (1.10) correct documentation of ~/.opiealways 2008-01-18T13:28:24Z Dag-Erling Smørgrav des@FreeBSD.org 2008-01-18T13:28:24Z urn:sha1:8cfbe08463cbdf5cedde5a9ef11e79fe31463e90 PR: 117512 MFC: Added MK_INSTALLLIB support and fixed usr.bin/lex/lib/Makefile 2007-10-23T15:41:34Z Ruslan Ermilov ru@FreeBSD.org 2007-10-23T15:41:34Z urn:sha1:9939260597d96c1a04fc83aaab5ab7b08b9d5373 in case of installing with WITHOUT_INSTALLLIB (e.g. in nanobsd(8)). PR: bin/114200 Approved by: re (kensmith) Apply the same error checks to PAM_TTY in pam_sm_close_session() as in 2007-07-22T15:17:29Z Dag-Erling Smørgrav des@FreeBSD.org 2007-07-22T15:17:29Z urn:sha1:f0f1db2e4c62ff89dcf1f4d107eed8c9eebc5e7a pam_sm_open_session(), avoiding false negatives when no tty is present. Submitted by: Todd C. Miller <millert@courtesan.com> Approved by: re (rwatson) MFC after: 2 weeks Whitespace cleanup 2007-07-22T15:14:40Z Dag-Erling Smørgrav des@FreeBSD.org 2007-07-22T15:14:40Z urn:sha1:1173d3bb333b113fb4eb748780c6376ac2d4e57f Approved by: re (rwatson) Use the current user's login class for the decisions about where 2007-06-14T13:07:06Z Yaroslav Tykhiy ytykhiy@gmail.com 2007-06-14T13:07:06Z urn:sha1:58d6bdcbe0af72d6cdf9c21f917bec3daae906a4 the nologin(5) file is located and whether the user may bypass its restriction. Add some error checks. Approved by: des PR: bin/107612 Now pam_nologin(8) will provide an account management function 2007-06-10T18:57:20Z Yaroslav Tykhiy ytykhiy@gmail.com 2007-06-10T18:57:20Z urn:sha1:9cd40e64b4fb4a559eb67a266f768143086bc5d9 instead of an authentication function. There are a design reason and a practical reason for that. First, the module belongs in account management because it checks availability of the account and does no authentication. Second, there are existing and potential PAM consumers that skip PAM authentication for good or for bad. E.g., sshd(8) just prefers internal routines for public key auth; OTOH, cron(8) and atrun(8) do implicit authentication when running a job on behalf of its owner, so their inability to use PAM auth is fundamental, but they can benefit from PAM account management. Document this change in the manpage. Modify /etc/pam.d files accordingly, so that pam_nologin.so is listed under the "account" function class. Bump __FreeBSD_version (mostly for ports, as this change should be invisible to C code outside pam_nologin.) PR: bin/112574 Approved by: des, re Re-add support for NIS netgroups (heavily modified from patch in PR) 2007-05-25T07:50:18Z Dag-Erling Smørgrav des@FreeBSD.org 2007-05-25T07:50:18Z urn:sha1:ca2ddac3282b17bf838dab9ccb07758c2fcf55aa PR: bin/112955 Submitted by: A. Blake Cooper <blake@cluebie.net> MFC after: 3 weeks In account management, verify whether the account has been locked 2007-03-27T09:59:15Z Yaroslav Tykhiy ytykhiy@gmail.com 2007-03-27T09:59:15Z urn:sha1:cf21ead53b98186fd2b4e34617e8275ed7493694 with `pw lock', so that it's impossible to log into a locked account using an alternative authentication mechanism, such as an ssh key. This change affects only accounts locked with pw(8), i.e., having a `*LOCKED*' prefix in their password hash field, so people still can use a different pattern to disable password authentication only. Mention all account management criteria in the manpage. Approved by: maintainer (timeout) PR: bin/71147 MFC after: 1 month