#
256281 |
|
10-Oct-2013 |
gjb |
Copy head (r256279) to stable/10 as part of the 10.0-RELEASE cycle.
Approved by: re (implicit) Sponsored by: The FreeBSD Foundation |
#
219663 |
|
15-Mar-2011 |
des |
Forgot to commit this change along with r219563: pam_group(8) now issues a warning if neither luser nor ruser is specified. The correct option for su(1) is ruser.
MFC after: 1 month
|
#
117360 |
|
09-Jul-2003 |
des |
Don't do session management in su.
PR: misc/53293 Submitted by: ru
|
#
116331 |
|
14-Jun-2003 |
des |
Add a system policy, and have the login and su policies include it rather than duplicate it. This requires OpenPAM Dianthus, which was committed two weeks ago; installing these files on a system running a world older than June 1st, 2003 will cause login(1) and su(1) to fail.
|
#
114337 |
|
30-Apr-2003 |
markm |
The PAM module pam_krb5 does not have "session" capabilities. Don't give examples of such use, this is bogus.
|
#
111982 |
|
08-Mar-2003 |
markm |
Initiate KerberosIV de-orbit burn. Disconnect the /etc configs.
|
#
110993 |
|
16-Feb-2003 |
des |
Add the allow_local option to all pam_opieaccess entries.
|
#
110608 |
|
09-Feb-2003 |
des |
Major cleanup & homogenization.
|
#
110457 |
|
06-Feb-2003 |
des |
Use pam_group(8) instead of pam_wheel(8).
|
#
105374 |
|
18-Oct-2002 |
rwatson |
Exempt the "wheel group requirement" by default when su'ing to root if the wheel group has no explicit members listed in /etc/group. This adds the "exempt_if_empty" flag to pam_wheel in the default configuration; in some environments, it may be appropriate to remove this flag, however, this default is the same as pre-pam_wheel.
Reviewed by: markm Sponsored by: DARPA, Network Associates Laboratories
|
#
95006 |
|
18-Apr-2002 |
des |
Don't list pam_unix in the session chain, since it does not provide any session management services.
Sponsored by: DARPA, NAI Labs
|
#
89992 |
|
30-Jan-2002 |
des |
Use pam_self(8) to allow users to su(1) to themselves without authentication.
Sponsored by: DARPA, NAI Labs
|
#
89619 |
|
21-Jan-2002 |
des |
Enable OPIE by default, using the no_fake_prompts option to hide it from users who don't wish to use it. If the admin is worried about leaking information about which users exist and which have OPIE enabled, the no_fake_prompts option can simply be removed.
Also insert the appropriate pam_opieaccess lines after pam_opie to break the chain in case the user is logging in from an untrusted host, or has a .opiealways file. The entire opieaccess / opiealways concept is slightly unpammish, but admins familiar with OPIE will expect it to work.
Reviewed by: ache, markm Sponsored by: DARPA, NAI Labs
|
#
89569 |
|
19-Jan-2002 |
des |
Really back out ache's commits. These files are now precisely as they were twentyfour hours ago, except for RCS ids.
|
#
89567 |
|
19-Jan-2002 |
ache |
Back out recent changes
|
#
89556 |
|
19-Jan-2002 |
ache |
Turn on pam_opie by default. It should not affect non-OPIE users.
|
#
87423 |
|
05-Dec-2001 |
des |
Awright, egg on my face. I should have taken more time with this. The conversion script generated the wrong format, so the configuration files didn't actually work. Good thing I hadn't thrown the switch yet...
Sponsored by: DARPA, NAI Labs (but the f***ups are all mine)
|
#
87419 |
|
05-Dec-2001 |
des |
pam.d-style configuration, auto-generated from pam.conf.
Sponsored by: DARPA, NAI Labs
|