7 files changed, 0 insertions, 617 deletions

diff --git a/lib/libpam/libpam/pam_debug_log.c b/lib/libpam/libpam/pam_debug_log.c
deleted file mode 100644
index c3fe8e3f8467..000000000000
--- a/lib/libpam/libpam/pam_debug_log.c
+++ /dev/null
@@ -1,62 +0,0 @@
-/*-
- * Copyright 2001 Mark R V Murray
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- *
- * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#include <sys/cdefs.h>
-__FBSDID("$FreeBSD$");
-
-#include <libgen.h>
-#include <stdarg.h>
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-
-#include <security/pam_appl.h>
-#include <security/openpam.h>
-#include <security/pam_mod_misc.h>
-
-/* Print a verbose error, including the function name and a
- * cleaned up filename.
- */
-void
-_pam_verbose_error(pam_handle_t *pamh, int flags,
-    const char *file, const char *function, const char *format, ...)
-{
-	va_list ap;
-	char *fmtbuf, *modname, *period;
-
-	if (!(flags & PAM_SILENT) && !openpam_get_option(pamh, "no_warn")) {
-		modname = basename(file);
-		period = strchr(modname, '.');
-		if (period == NULL)
-			period = strchr(modname, '\0');
-		va_start(ap, format);
-		asprintf(&fmtbuf, "%.*s: %s: %s\n", (int)(period - modname),
-		    modname, function, format);
-		pam_verror(pamh, fmtbuf, ap);
-		free(fmtbuf);
-		va_end(ap);
-	}
-}
diff --git a/lib/libpam/libpam/security/pam_mod_misc.h b/lib/libpam/libpam/security/pam_mod_misc.h
deleted file mode 100644
index 8e50ff621228..000000000000
--- a/lib/libpam/libpam/security/pam_mod_misc.h
+++ /dev/null
@@ -1,74 +0,0 @@
-/*-
- * Copyright 1998 Juniper Networks, Inc.
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- *
- * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- *	$FreeBSD$
- */
-
-#ifndef PAM_MOD_MISC_H
-#define PAM_MOD_MISC_H
-
-#include <sys/cdefs.h>
-
-/* Standard options
- */
-enum opt { PAM_OPT_DEBUG, PAM_OPT_NO_WARN, PAM_OPT_ECHO_PASS,
-	PAM_OPT_USE_FIRST_PASS, PAM_OPT_TRY_FIRST_PASS, PAM_OPT_USE_MAPPED_PASS,
-	PAM_OPT_TRY_MAPPED_PASS, PAM_OPT_EXPOSE_ACCOUNT,
-	PAM_OPT_STD_MAX /* XXX */ };
-
-#define PAM_MAX_OPTIONS	32
-
-struct opttab {
-	const char *name;
-	int value;
-};
-
-struct options {
-	struct {
-		const char *name;
-		int bool;
-		char *arg;
-	} opt[PAM_MAX_OPTIONS];
-};
-
-__BEGIN_DECLS
-void	pam_std_option(struct options *, struct opttab *, int, const char **);
-int	pam_test_option(struct options *, enum opt, char **);
-void	pam_set_option(struct options *, enum opt);
-void	pam_clear_option(struct options *, enum opt);
-void	_pam_verbose_error(pam_handle_t *, int, const char *,
-		const char *, const char *, ...);
-__END_DECLS
-
-#define	PAM_LOG(args...)						\
-	openpam_log(PAM_LOG_DEBUG, ##args)
-
-#define PAM_RETURN(arg)							\
-	return (arg)
-
-#define PAM_VERBOSE_ERROR(args...)					\
-	_pam_verbose_error(pamh, flags, __FILE__, __FUNCTION__, ##args)
-
-#endif
diff --git a/lib/libpam/modules/pam_opie/pam_opie.8 b/lib/libpam/modules/pam_opie/pam_opie.8
deleted file mode 100644
index bae696d1b16e..000000000000
--- a/lib/libpam/modules/pam_opie/pam_opie.8
+++ /dev/null
@@ -1,123 +0,0 @@
-.\" Copyright (c) 2001 Mark R V Murray
-.\" All rights reserved.
-.\" Copyright (c) 2002 Networks Associates Technology, Inc.
-.\" All rights reserved.
-.\"
-.\" Portions of this software were developed for the FreeBSD Project by
-.\" ThinkSec AS and NAI Labs, the Security Research Division of Network
-.\" Associates, Inc.  under DARPA/SPAWAR contract N66001-01-C-8035
-.\" ("CBOSS"), as part of the DARPA CHATS research program.
-.\"
-.\" Redistribution and use in source and binary forms, with or without
-.\" modification, are permitted provided that the following conditions
-.\" are met:
-.\" 1. Redistributions of source code must retain the above copyright
-.\"    notice, this list of conditions and the following disclaimer.
-.\" 2. Redistributions in binary form must reproduce the above copyright
-.\"    notice, this list of conditions and the following disclaimer in the
-.\"    documentation and/or other materials provided with the distribution.
-.\" 3. The name of the author may not be used to endorse or promote
-.\"    products derived from this software without specific prior written
-.\"    permission.
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
-.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-.\" SUCH DAMAGE.
-.\"
-.\" $FreeBSD$
-.\"
-.Dd July 7, 2001
-.Dt PAM_OPIE 8
-.Os
-.Sh NAME
-.Nm pam_opie
-.Nd OPIE PAM module
-.Sh SYNOPSIS
-.Op Ar service-name
-.Ar module-type
-.Ar control-flag
-.Pa pam_opie
-.Op Ar options
-.Sh DESCRIPTION
-The OPIE authentication service module for PAM,
-.Nm
-provides functionality for only one PAM category:
-that of authentication.
-In terms of the
-.Ar module-type
-parameter, this is the
-.Dq Li auth
-feature.
-It also provides a null function for session management.
-.Pp
-Note that this module does not enforce
-.Xr opieaccess 5
-checks.
-There is a separate module,
-.Xr pam_opieaccess 8 ,
-for this purpose.
-.Ss OPIE Authentication Module
-The OPIE authentication component
-provides functions to verify the identity of a user
-.Pq Fn pam_sm_authenticate ,
-which obtains the relevant
-.Xr opie 4
-credentials.
-It provides the user with an OPIE challenge,
-and verifies that this is correct with
-.Xr opiechallenge 3 .
-.Pp
-The following options may be passed to the authentication module:
-.Bl -tag -width ".Cm auth_as_self"
-.It Cm debug
-.Xr syslog 3
-debugging information at
-.Dv LOG_DEBUG
-level.
-.It Cm auth_as_self
-This option will require the user
-to authenticate themself as the user
-given by
-.Xr getlogin 2 ,
-not as the account they are attempting to access.
-This is primarily for services like
-.Xr su 1 ,
-where the user's ability to retype
-their own password
-might be deemed sufficient.
-.It Cm no_fake_prompts
-Do not generate fake challenges for users who do not have an OPIE key.
-Note that this can leak information to a hypothetical attacker about
-who uses OPIE and who does not, but it can be useful on systems where
-some users want to use OPIE but most do not.
-.El
-.Pp
-Note that
-.Nm
-ignores the standard options
-.Cm try_first_pass
-and
-.Cm use_first_pass ,
-since a challenge must be generated before the user can submit a valid
-response.
-.Sh FILES
-.Bl -tag -width ".Pa /etc/opiekeys" -compact
-.It Pa /etc/opiekeys
-default OPIE password database.
-.El
-.Sh SEE ALSO
-.Xr passwd 1 ,
-.Xr getlogin 2 ,
-.Xr opiechallenge 3 ,
-.Xr syslog 3 ,
-.Xr opie 4 ,
-.Xr pam.conf 5 ,
-.Xr pam 8
diff --git a/lib/libpam/modules/pam_opieaccess/Makefile b/lib/libpam/modules/pam_opieaccess/Makefile
deleted file mode 100644
index 654684509785..000000000000
--- a/lib/libpam/modules/pam_opieaccess/Makefile
+++ /dev/null
@@ -1,9 +0,0 @@
-# $FreeBSD$
-
-LIB=		pam_opieaccess
-SRCS=		${LIB}.c
-DPADD=		${LIBOPIE}
-LDADD=		-lopie
-MAN=		pam_opieaccess.8
-
-.include <bsd.lib.mk>
diff --git a/lib/libpam/modules/pam_opieaccess/pam_opieaccess.8 b/lib/libpam/modules/pam_opieaccess/pam_opieaccess.8
deleted file mode 100644
index b5392029c2ed..000000000000
--- a/lib/libpam/modules/pam_opieaccess/pam_opieaccess.8
+++ /dev/null
@@ -1,125 +0,0 @@
-.\" Copyright (c) 2001 Mark R V Murray
-.\" All rights reserved.
-.\" Copyright (c) 2002 Networks Associates Technology, Inc.
-.\" All rights reserved.
-.\"
-.\" Portions of this software were developed for the FreeBSD Project by
-.\" ThinkSec AS and NAI Labs, the Security Research Division of Network
-.\" Associates, Inc.  under DARPA/SPAWAR contract N66001-01-C-8035
-.\" ("CBOSS"), as part of the DARPA CHATS research program.
-.\"
-.\" Redistribution and use in source and binary forms, with or without
-.\" modification, are permitted provided that the following conditions
-.\" are met:
-.\" 1. Redistributions of source code must retain the above copyright
-.\"    notice, this list of conditions and the following disclaimer.
-.\" 2. Redistributions in binary form must reproduce the above copyright
-.\"    notice, this list of conditions and the following disclaimer in the
-.\"    documentation and/or other materials provided with the distribution.
-.\" 3. The name of the author may not be used to endorse or promote
-.\"    products derived from this software without specific prior written
-.\"    permission.
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
-.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-.\" SUCH DAMAGE.
-.\"
-.\" $FreeBSD$
-.\"
-.Dd January 21, 2002
-.Dt PAM_OPIEACCESS 8
-.Os
-.Sh NAME
-.Nm pam_opieaccess
-.Nd OPIEAccess PAM module
-.Sh SYNOPSIS
-.Op Ar service-name
-.Ar module-type
-.Ar control-flag
-.Pa pam_opieaccess
-.Op Ar options
-.Sh DESCRIPTION
-The
-.Nm
-module is used in conjunction with the
-.Xr pam_opie 8
-PAM module to ascertain that authentication can proceed by other means
-(such as the
-.Xr pam_unix 8
-module) even if OPIE authentication failed.
-To properly use this module,
-.Xr pam_opie 8
-should be marked
-.Dq Li sufficient ,
-and
-.Nm
-should be listed right below it and marked
-.Dq Li requisite .
-.Pp
-The
-.Nm
-module provides functionality for only one PAM category:
-authentication.
-In terms of the
-.Ar module-type
-parameter, this is the
-.Dq Li auth
-feature.
-It also provides null functions for the remaining module types.
-.Ss OPIEAccess Authentication Module
-The authentication component
-.Pq Fn pam_sm_authenticate ,
-returns
-.Dv PAM_SUCCESS
-in two cases:
-.Bl -enum
-.It
-The user does not have OPIE enabled.
-.It
-The user has OPIE enabled, and the remote host is listed as a trusted
-host in
-.Pa /etc/opieaccess ,
-and the user does not have a file named
-.Pa opiealways
-in his home directory.
-.El
-.Pp
-Otherwise, it returns
-.Dv PAM_AUTH_ERR .
-.Pp
-The following options may be passed to the authentication module:
-.Bl -tag -width ".Cm no_warn"
-.It Cm debug
-.Xr syslog 3
-debugging information at
-.Dv LOG_DEBUG
-level.
-.It Cm no_warn
-suppress warning messages to the user.
-These messages include reasons why the user's authentication attempt
-was declined.
-.El
-.Sh SEE ALSO
-.Xr opie 4 ,
-.Xr opieaccess 5 ,
-.Xr pam.conf 5 ,
-.Xr pam 8 ,
-.Xr pam_opie 8
-.Sh AUTHORS
-The
-.Nm
-module and this manual page were developed for the
-.Fx
-Project by
-ThinkSec AS and NAI Labs, the Security Research Division of Network
-Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035
-.Pq Dq CBOSS ,
-as part of the DARPA CHATS research program.
diff --git a/lib/libpam/modules/pam_opieaccess/pam_opieaccess.c b/lib/libpam/modules/pam_opieaccess/pam_opieaccess.c
deleted file mode 100644
index 67cbfc0203e4..000000000000
--- a/lib/libpam/modules/pam_opieaccess/pam_opieaccess.c
+++ /dev/null
@@ -1,94 +0,0 @@
-/*-
- * Copyright (c) 2002 Networks Associates Technology, Inc.
- * All rights reserved.
- *
- * This software was developed for the FreeBSD Project by ThinkSec AS and
- * NAI Labs, the Security Research Division of Network Associates, Inc.
- * under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the
- * DARPA CHATS research program.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. The name of the author may not be used to endorse or promote
- *    products derived from this software without specific prior written
- *    permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * $FreeBSD$
- */
-
-#include <sys/cdefs.h>
-__FBSDID("$FreeBSD$");
-
-#define _BSD_SOURCE
-
-#include <sys/types.h>
-#include <opie.h>
-#include <pwd.h>
-#include <unistd.h>
-#include <syslog.h>
-
-#define PAM_SM_AUTH
-
-#include <security/pam_appl.h>
-#include <security/pam_modules.h>
-#include <security/pam_mod_misc.h>
-
-PAM_EXTERN int
-pam_sm_authenticate(pam_handle_t *pamh, int flags __unused,
-    int argc __unused, const char *argv[] __unused)
-{
-	struct opie opie;
-	struct passwd *pwent;
-	char *luser, *rhost;
-	int r;
-
-	r = pam_get_item(pamh, PAM_USER, (const void **)&luser);
-	if (r != PAM_SUCCESS)
-		return (r);
-	if (luser == NULL)
-		return (PAM_SERVICE_ERR);
-
-	pwent = getpwnam(luser);
-	if (pwent == NULL || opielookup(&opie, luser) != 0)
-		return (PAM_SUCCESS);
-
-	r = pam_get_item(pamh, PAM_RHOST, (const void **)&rhost);
-	if (r != PAM_SUCCESS)
-		return (r);
-
-	if ((rhost == NULL || opieaccessfile(rhost)) &&
-	    opiealways(pwent->pw_dir) != 0)
-		return (PAM_SUCCESS);
-
-	PAM_VERBOSE_ERROR("Refused; remote host is not in opieaccess");
-
-	return (PAM_AUTH_ERR);
-}
-
-PAM_EXTERN int
-pam_sm_setcred(pam_handle_t *pamh __unused, int flags __unused,
-    int argc __unused, const char *argv[] __unused)
-{
-
-	return (PAM_SUCCESS);
-}
-
-PAM_MODULE_ENTRY("pam_opieaccess");
diff --git a/lib/libpam/modules/pam_tacplus/pam_tacplus.8 b/lib/libpam/modules/pam_tacplus/pam_tacplus.8
deleted file mode 100644
index 5ad7f07851a5..000000000000
--- a/lib/libpam/modules/pam_tacplus/pam_tacplus.8
+++ /dev/null
@@ -1,130 +0,0 @@
-.\" Copyright (c) 1999
-.\"	Andrzej Bialecki <abial@FreeBSD.org>.  All rights reserved.
-.\"
-.\" Copyright (c) 1992, 1993, 1994
-.\"	The Regents of the University of California.  All rights reserved.
-.\" All rights reserved.
-.\"
-.\" This code is derived from software donated to Berkeley by
-.\" Jan-Simon Pendry.
-.\"
-.\" Redistribution and use in source and binary forms, with or without
-.\" modification, are permitted provided that the following conditions
-.\" are met:
-.\" 1. Redistributions of source code must retain the above copyright
-.\"    notice, this list of conditions and the following disclaimer.
-.\" 2. Redistributions in binary form must reproduce the above copyright
-.\"    notice, this list of conditions and the following disclaimer in the
-.\"    documentation and/or other materials provided with the distribution.
-.\" 3. All advertising materials mentioning features or use of this software
-.\"    must display the following acknowledgement:
-.\"	This product includes software developed by the University of
-.\"	California, Berkeley and its contributors.
-.\" 4. Neither the name of the University nor the names of its contributors
-.\"    may be used to endorse or promote products derived from this software
-.\"    without specific prior written permission.
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
-.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
-.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-.\" SUCH DAMAGE.
-.\"
-.\" $FreeBSD$
-.\"
-.Dd August 2, 1999
-.Dt PAM_TACPLUS 8
-.Os
-.Sh NAME
-.Nm pam_tacplus
-.Nd TACACS+ authentication PAM module
-.Sh SYNOPSIS
-.Op Ar service-name
-.Ar module-type
-.Ar control-flag
-.Pa pam_tacplus
-.Op Ar options
-.Sh DESCRIPTION
-The
-.Nm
-module provides authentication services based
-upon the TACACS+ protocol
-for the PAM (Pluggable Authentication Module) framework.
-.Pp
-The
-.Nm
-module accepts these optional parameters:
-.Bl -tag -width ".Cm use_first_pass"
-.It Cm use_first_pass
-causes
-.Nm
-to use a previously entered password instead of prompting for a new one.
-If no password has been entered then authentication fails.
-.It Cm try_first_pass
-causes
-.Nm
-to use a previously entered password, if one is available.
-If no
-password has been entered,
-.Nm
-prompts for one as usual.
-.It Cm echo_pass
-causes echoing to be left on if
-.Nm
-prompts for a password.
-.It Cm conf Ns = Ns Ar pathname
-specifies a non-standard location for the TACACS+ client configuration file
-(normally located in
-.Pa /etc/tacplus.conf ) .
-.It Cm template_user Ns = Ns Ar username
-specifies a user whose
-.Xr passwd 5
-entry will be used as a template to create the session environment
-if the supplied username does not exist in local password database.
-The user
-will be authenticated with the supplied username and password, but his
-credentials to the system will be presented as the ones for
-.Ar username ,
-i.e., his login class, home directory, resource limits, etc. will be set to ones
-defined for
-.Ar username .
-.Pp
-If this option is omitted, and there is no username
-in the system databases equal to the supplied one (as determined by call to
-.Xr getpwnam 3 ) ,
-the authentication will fail.
-.El
-.Sh FILES
-.Bl -tag -width /etc/tacplus.conf -compact
-.It Pa /etc/tacplus.conf
-The standard TACACS+ client configuration file for
-.Nm
-.El
-.Sh SEE ALSO
-.Xr passwd 5 ,
-.Xr tacplus.conf 5 ,
-.Xr pam 8
-.Sh HISTORY
-The
-.Nm
-module first appeared in
-.Fx 3.1 .
-.Sh AUTHORS
-.An -nosplit
-The
-.Nm
-manual page was written by
-.An Andrzej Bialecki Aq abial@FreeBSD.org
-and adapted to TACACS+ from RADIUS by
-.An Mark R V Murray Aq markm@FreeBSD.org .
-.Pp
-The
-.Nm
-module was written by
-.An John D. Polstra Aq jdp@FreeBSD.org .