summaryrefslogtreecommitdiff
path: root/lib/libpam
Commit message (Collapse)AuthorAgeFilesLines
* merge r196650 from head (via stable/8): tty might be NULLDag-Erling Smørgrav2010-06-221-0/+5
| | | | | | | Approved by: re (kib@) Notes: svn path=/releng/8.1/; revision=209441
* MFC r207553, r207555, r207651:Martin Matuska2010-05-172-24/+35
| | | | | | | | | | | | | | | | | | Implement the no_user_check option to pam_krb5. This option is available in the Linux implementation of pam_krb5 and allows to authorize a user not known to the local system. Ccache is not used as we don't have a secure uid/gid for the cache file. Usable for authentication of external kerberos users (e.g Active Directory) via PAM from applications like Cyrus saslauthd, PHP or perl. PR: bin/146186 Approved by: deplhij (mentor) Notes: svn path=/stable/8/; revision=208193
* MFH OpenSSH 5.4p1Dag-Erling Smørgrav2010-04-212-0/+6
| | | | Notes: svn path=/stable/8/; revision=206984
* Bump the version of all non-symbol-versioned shared libraries inKen Smith2009-07-191-1/+1
| | | | | | | | | | | preparation for 8.0-RELEASE. Add the previous version of those libraries to ObsoleteFiles.inc and bump __FreeBSD_Version. Reviewed by: kib Approved by: re (rwatson) Notes: svn path=/head/; revision=195767
* Rewrap; this was getting painful. Translators can ignore this.Dag-Erling Smørgrav2009-06-201-59/+36
| | | | | | | MFC after: 1 week Notes: svn path=/head/; revision=194529
* Reword.Dag-Erling Smørgrav2009-06-201-4/+2
| | | | | | | MFC after: 1 week Notes: svn path=/head/; revision=194528
* Include <stdio.h> for asprintf().Ed Schouten2009-06-141-0/+1
| | | | | | | Submitted by: Pawel Worach Notes: svn path=/head/; revision=194188
* Don't try to auto-detect dynamic linking; it fails on mips. The MakefileDag-Erling Smørgrav2009-02-171-0/+3
| | | | | | | | | part of the patch is an ugly (and hopefully temporary) hack. Discussed with: imp@ Notes: svn path=/head/; revision=188720
* Add new heimdal-1.1 library.Doug Rabson2008-05-151-2/+2
| | | | Notes: svn path=/head/; revision=179016
* Fix conflicts after heimdal-1.1 import and add build infrastructure. ImportDoug Rabson2008-05-071-2/+2
| | | | | | | all non-style changes made by heimdal to our own libgssapi. Notes: svn path=/head/; revision=178828
* Adjust for OpenPAM Hydrangea.Dag-Erling Smørgrav2007-12-214-7/+8
| | | | Notes: svn path=/head/; revision=174837
* Correct documentation of ~/.opiealwaysDag-Erling Smørgrav2007-10-261-3/+5
| | | | | | | | | PR: 117512 Submitted by: Jeremy C. Reed <reed@reedmedia.net> MFC after: 1 week Notes: svn path=/head/; revision=173003
* - Convert NO_INSTALLLIB option to a new syntax: makefiles shouldRuslan Ermilov2007-10-201-0/+1
| | | | | | | | | | | | | | test MK_INSTALLLIB, users can set WITHOUT_INSTALLLIB. The old NO_INSTALLLIB is still supported as several makefiles set it. - While here, fix an install when instructed not to install libs (usr.bin/lex/lib/Makefile). PR: bin/114200 Submitted by: Henrik Brix Andersen Notes: svn path=/head/; revision=172832
* Apply the same error checks to PAM_TTY in pam_sm_close_session() as inDag-Erling Smørgrav2007-07-221-1/+9
| | | | | | | | | | | pam_sm_open_session(), avoiding false negatives when no tty is present. Submitted by: Todd C. Miller <millert@courtesan.com> Approved by: re (rwatson) MFC after: 2 weeks Notes: svn path=/head/; revision=171544
* Whitespace cleanupDag-Erling Smørgrav2007-07-221-6/+6
| | | | | | | Approved by: re (rwatson) Notes: svn path=/head/; revision=171543
* - Bump share library version which were missed in last bumpRong-En Fan2007-06-181-1/+1
| | | | | | | | | Reported by: jhb Discussed with: deischen, des, doubg, harti Approved by: re (kensmith) Notes: svn path=/head/; revision=170925
* Use the current user's login class for the decisions about whereYaroslav Tykhiy2007-06-142-44/+58
| | | | | | | | | | | | | the nologin(5) file is located and whether the user may bypass its restriction. Add some error checks. Approved by: des PR: bin/107612 Notes: svn path=/head/; revision=170725
* Now pam_nologin(8) will provide an account management functionYaroslav Tykhiy2007-06-102-20/+11
| | | | | | | | | | | | | | | | | | | | | | | | | | instead of an authentication function. There are a design reason and a practical reason for that. First, the module belongs in account management because it checks availability of the account and does no authentication. Second, there are existing and potential PAM consumers that skip PAM authentication for good or for bad. E.g., sshd(8) just prefers internal routines for public key auth; OTOH, cron(8) and atrun(8) do implicit authentication when running a job on behalf of its owner, so their inability to use PAM auth is fundamental, but they can benefit from PAM account management. Document this change in the manpage. Modify /etc/pam.d files accordingly, so that pam_nologin.so is listed under the "account" function class. Bump __FreeBSD_version (mostly for ports, as this change should be invisible to C code outside pam_nologin.) PR: bin/112574 Approved by: des, re Notes: svn path=/head/; revision=170510
* Re-add support for NIS netgroups (heavily modified from patch in PR)Dag-Erling Smørgrav2007-05-251-4/+22
| | | | | | | | | PR: bin/112955 Submitted by: A. Blake Cooper <blake@cluebie.net> MFC after: 3 weeks Notes: svn path=/head/; revision=169976
* In account management, verify whether the account has been lockedYaroslav Tykhiy2007-03-272-3/+22
| | | | | | | | | | | | | | | | | with `pw lock', so that it's impossible to log into a locked account using an alternative authentication mechanism, such as an ssh key. This change affects only accounts locked with pw(8), i.e., having a `*LOCKED*' prefix in their password hash field, so people still can use a different pattern to disable password authentication only. Mention all account management criteria in the manpage. Approved by: maintainer (timeout) PR: bin/71147 MFC after: 1 month Notes: svn path=/head/; revision=167940
* Send not only Access Request, but also Access Challenge with definedPawel Jakub Dawidek2007-01-201-5/+7
| | | | | | | | | | NAS-Identifier and NAS-IP-Address. Reviewed by: bz MFC after: 1 month Notes: svn path=/head/; revision=166136
* childerr needs to be volatile so gcc won't optimize it away.Dag-Erling Smørgrav2006-11-101-1/+2
| | | | | | | | PR: bin/85830 MFC after: 1 week Notes: svn path=/head/; revision=164154
* The pam_unix module also provides password management.Ruslan Ermilov2006-10-121-7/+8
| | | | | | | | | PR: docs/93491 Submitted by: Lior Kadosh MFC after: 3 days Notes: svn path=/head/; revision=163273
* Fix build.Ruslan Ermilov2006-09-301-0/+1
| | | | Notes: svn path=/head/; revision=162900
* Reject user with names that are longer than OPIE is willing to deal with;Dag-Erling Smørgrav2006-09-151-4/+13
| | | | | | | | | | otherwise OPIE will happily truncate it. Spotted by: ghelmer MFC after: 2 weeks Notes: svn path=/head/; revision=162320
* Bump .Dd.Joel Dahl2006-09-131-1/+1
| | | | | | | Noticed by: danger Notes: svn path=/head/; revision=162287
* Remove references to the pam(8) manual page. It does not exist.Joel Dahl2006-09-131-1/+0
| | | | | | | | Requested by: novel Discussed with: brueffer, simon Notes: svn path=/head/; revision=162286
* Additional debugging stuff I had in my tree.Dag-Erling Smørgrav2006-08-111-3/+10
| | | | Notes: svn path=/head/; revision=161209
* Change the GCC specific __FUNCTION__ to C99's __func__.Stefan Farfeleder2006-07-171-1/+1
| | | | | | | OK'ed by: des Notes: svn path=/head/; revision=160434
* Add a manual dependency on ssh_namespace.h.Dag-Erling Smørgrav2006-05-131-2/+6
| | | | | | | Discussed with: ru Notes: svn path=/head/; revision=158529
* Introduce a namespace munging hack inspired by NetBSD to avoid pollutingDag-Erling Smørgrav2006-05-131-1/+1
| | | | | | | | | | | the namespace of applications which inadvertantly link in libssh (usually through pam_ssh) Suggested by: lukem@netbsd.org MFC after: 6 weeks Notes: svn path=/head/; revision=158519
* There is no need to pass NULL to the pam_error() as the last argument.Wojciech A. Koszek2006-03-201-1/+1
| | | | | | | | | | Remove it. Reviewed by: des Approved by: cognet (mentor) Notes: svn path=/head/; revision=156915
* Fix build until I find a way to handle this case properly.Ruslan Ermilov2006-03-192-1/+2
| | | | Notes: svn path=/head/; revision=156872
* Revert last delta.Ruslan Ermilov2006-03-191-1/+1
| | | | Notes: svn path=/head/; revision=156870
* Comment out MK_PROFILE until ru@ can fix this properlyPoul-Henning Kamp2006-03-191-1/+1
| | | | Notes: svn path=/head/; revision=156867
* Convert NO_PROFILE and NO_LIB32 to new style.Ruslan Ermilov2006-03-181-1/+1
| | | | Notes: svn path=/head/; revision=156854
* Reimplementation of world/kernel build options. For details, see:Ruslan Ermilov2006-03-172-3/+7
| | | | | | | | | | | http://lists.freebsd.org/pipermail/freebsd-current/2006-March/061725.html The src.conf(5) manpage is to follow in a few days. Brought to you by: imp, jhb, kris, phk, ru (all bugs are mine) Notes: svn path=/head/; revision=156813
* Add appropriate xrefs.Yaroslav Tykhiy2006-03-062-2/+3
| | | | | | | MFC after: 3 days Notes: svn path=/head/; revision=156350
* Since the whole login.access feature has moved to PAM,Yaroslav Tykhiy2006-03-061-1/+1
| | | | | | | | | | login.access.5 will be installed from the respective PAM module's src directory. MFC after: 3 days Notes: svn path=/head/; revision=156344
* Sync with src/usr.bin/login/login.access.5.Yaroslav Tykhiy2006-03-061-5/+1
| | | | | | | | | | | src/usr.bin/login/login.access.5 should be removed from use because the whole login.access feature has moved to this PAM module. MFC after: 3 days Notes: svn path=/head/; revision=156343
* Commenting out WARNS actually brought it up to 4.Ruslan Ermilov2005-09-281-1/+1
| | | | Notes: svn path=/head/; revision=150685
* Comment out WARNS, the OpenSSL headers don't compile cleanly on some platforms.Dag-Erling Smørgrav2005-09-281-1/+1
| | | | Notes: svn path=/head/; revision=150655
* Increase WARNS.Dag-Erling Smørgrav2005-09-261-1/+1
| | | | Notes: svn path=/head/; revision=150597
* Correct the logic for determining whether the user has already enteredDag-Erling Smørgrav2005-09-261-4/+7
| | | | | | | | | a password. Also, work around some harmless type pun warnings. MFC after: 3 days Notes: svn path=/head/; revision=150596
* Do not use passphraseless keys for authentication unless the nullokDag-Erling Smørgrav2005-09-222-2/+13
| | | | | | | | | | | option was specified. PR: bin/81231 Submitted by: "Daniel O'Connor" <doconnor@gsoft.com.au> MFC after: 3 days Notes: svn path=/head/; revision=150455
* Narrow the use of user credentials.Dag-Erling Smørgrav2005-09-211-14/+10
| | | | | | | | | Fix one case where openpam_restore_cred() might be called twice in a row. MFC after: 3 days Notes: svn path=/head/; revision=150426
* When (re)allocating space for an array of pointers to char, useColin Percival2005-09-191-1/+1
| | | | | | | | | | | | | | | sizeof(*list), not sizeof(**list). (i.e., sizeof(pointer) rather than sizeof(char)). It is possible that this buffer overflow is exploitable, but it was added after RELENG_5 forked and hasn't been MFCed, so this will not receive an advisory. Submitted by: Vitezslav Novy MFC after: 1 day Notes: svn path=/head/; revision=150339
* Bump the shared library version number of all libraries that have notKen Smith2005-07-221-1/+1
| | | | | | | | | | been bumped since RELENG_5. Reviewed by: ru Approved by: re (not needed for commit check but in principle...) Notes: svn path=/head/; revision=148297
* Missed one piece of the cluster's quirk. Need to override WARNS becauseKen Smith2005-07-081-0/+1
| | | | | | | | | | | if _FREEFALL_CONFIG is set gcc bails since pam_sm_setcred() in pam_krb5.c no longer uses any of its parameters. Pointy hat: kensmith Approved by: re (scottl) Notes: svn path=/head/; revision=147830
* This is sort of an MFS. Peter made these changes to the RELENG_*Ken Smith2005-07-072-0/+7
| | | | | | | | | | | | | | | | | | | | | | branches but missed HEAD. This patch extends his a little bit, setting it up via the Makefiles so that adding _FREEFALL_CONFIG to /etc/make.conf is the only thing needed to cluster-ize things (current setup also requires overriding CFLAGS). From Peter's commit to the RELENG_* branches: > Add the freebsd.org custer's source modifications under #ifdefs to aid > keeping things in sync. For ksu: > * install suid-root by default > * don't fall back to asking for a unix password (ie: be pure kerberos) > * allow custom user instances for things like www and not just root The Makefile tweaks will be MFC-ed, the rest is already done. MFC after: 3 days Approved by: re (dwhite) Notes: svn path=/head/; revision=147810
generated by cgit v1.3 (git 2.53.0) at 2026-04-17 22:47:12 +0000