#
272461 |
|
02-Oct-2014 |
gjb |
Copy stable/10@r272459 to releng/10.1 as part of the 10.1-RELEASE process.
Approved by: re (implicit) Sponsored by: The FreeBSD Foundation |
#
264192 |
|
06-Apr-2014 |
jilles |
login: Clean up PAM and audit, then exit, on SIGHUP and SIGTERM.
This avoids leaving stale entries in utmpx after the connection is closed on an open login session. It also allows a clean way (SIGTERM) to forcibly terminate a user's terminal session.
This does not affect the situation for "hung" processes after the connection is closed. The foreground process group receives SIGHUP and the tty becomes inaccessible.
Also replace all use of the obsolete signal() function with sigaction() (not only the part where it is actually required: SIGHUP and SIGTERM must mask the other as well when caught).
PR: misc/183495
|
#
256281 |
|
10-Oct-2013 |
gjb |
Copy head (r256279) to stable/10 as part of the 10.0-RELEASE cycle.
Approved by: re (implicit) Sponsored by: The FreeBSD Foundation
|
#
221374 |
|
03-May-2011 |
dfr |
Call pam_setcred() before login_getpwclass to support home directories on GSS-API authenticated NFS where the kerberos credentials need to be saved so that the kernel can authenticate to the NFS server.
|
#
214115 |
|
20-Oct-2010 |
ed |
Get rid of hand-rolled closefrom(3).
|
#
213250 |
|
28-Sep-2010 |
emaste |
Remove copyright strings printed at login time via login(1) or sshd(8). It is not clear to what this copyright should apply, and this is in line with what other operating systems do.
For ssh specifically, printing of the copyright string is not in the upstream version so this reduces our FreeBSD-local diffs.
Approved by: core, des (ssh)
|
#
201382 |
|
02-Jan-2010 |
ed |
ANSIfy various tools in usr.bin/.
Most of these tools properly build at WARNS=6, except for their K&R function declarations. Fix this, so we can bump WARNS as well.
|
#
200462 |
|
13-Dec-2009 |
delphij |
Revert most part of 200420 as requested, as more review and polish is needed.
|
#
200420 |
|
11-Dec-2009 |
delphij |
Remove unneeded header includes from usr.bin/ except contributed code.
Tested with: make universe
|
#
190474 |
|
27-Mar-2009 |
ed |
Don't strip TTY device name to the last '/'.
We've seen this bug in other applications before: we have some applications that use strrchr(tty, '/') on the TTY device name. This isn't valid when using pts(4), because the device name will be stripped to "0" instead of "pts/0".
This fixes issues with login(1) ignoring /etc/ttys and missing utmp records.
Reported by: Barney Cordoba <barney_cordoba yahoo com> Reviewed by: rwatson
|
#
171195 |
|
03-Jul-2007 |
scf |
Significantly reduce the memory leak as noted in BUGS section for setenv(3) by tracking the size of the memory allocated instead of using strlen() on the current value.
Convert all calls to POSIX from historic BSD API: - unsetenv returns an int. - putenv takes a char * instead of const char *. - putenv no longer makes a copy of the input string. - errno is set appropriately for POSIX. Exceptions involve bad environ variable and internal initialization code. These both set errno to EFAULT.
Several patches to base utilities to handle the POSIX changes from Andrey Chernov's previous commit. A few I re-wrote to use setenv() instead of putenv().
New regression module for tools/regression/environ to test these functions. It also can be used to test the performance.
Bump __FreeBSD_version to 700050 due to API change.
PR: kern/99826 Approved by: wes Approved by: re (kensmith)
|
#
169177 |
|
01-May-2007 |
ache |
Back out all POSIXified *env() changes.
Not because I admit they are technically wrong and not because of bug reports (I receive nothing). But because I surprisingly meets so strong opposition and resistance so lost any desire to continue that.
Anyone who interested in POSIX can dig out what changes and how through cvs diffs.
|
#
169126 |
|
30-Apr-2007 |
ache |
Slightly tune previous fix: free memory if !export
|
#
169124 |
|
30-Apr-2007 |
ache |
Prepare for upcoming POSIXed putenv() rewrite: don't free memory after putenv()
|
#
165152 |
|
13-Dec-2006 |
csjp |
Teach login(1) about the make.conf NO_AUDIT variable. This allows us to conditionally build in audit support.
Submitted by: bz MFC after: 1 week
|
#
157215 |
|
28-Mar-2006 |
cognet |
Don't call audit_logout() if pwd is NULL, as audit_logout() attempts to dereference it. This will happen if we ^D at the Login: prompt without having provided a valid login before. Set pwd to NULL on bad login attempts to prevent audit_logout() from being called for a user which didn't actually log on.
Reported by: Jerome Magnin jethro at docisland dot org
|
#
155312 |
|
04-Feb-2006 |
wsalamon |
Make login audit-enabled, submitting audit records for the login and logout events. The specifics of submitting the records is contained within login_audit.c. Document the auditing behavior in the man page.
Obtained from: TrustedBSD Project, Apple Computer, Inc. Approved by: rwatson (mentor)
|
#
146867 |
|
01-Jun-2005 |
maxim |
o Teach login(1) to respect "hushlogin" and "nocheckmail" attributes defined in user's $HOME/.login_conf.
PR: bin/75001 Submitted by: Rostislav Krasny MFC after: 2 weeks
|
#
125055 |
|
26-Jan-2004 |
fjoe |
Fix ~/.hushlogin handling.
PR: 61354 Submitted by: Eugeny Grosbein <eugen (at) kuzbass.ru>
|
#
114048 |
|
26-Apr-2003 |
rwatson |
When the tty chown() fails, report a chown() failure rather than a chmod() failure.
|
#
114010 |
|
25-Apr-2003 |
des |
The documented login.conf variable for setting the login prompt is "login_prompt". This makes more sense than "prompt" which is what login actually used, so change the code to match the documentation.
PR: docs/51396 MFC in: 3 days
|
#
110966 |
|
15-Feb-2003 |
des |
Back out previous commit, I wasn't thinking clearly.
|
#
110964 |
|
15-Feb-2003 |
des |
Set PAM_RHOST to "localhost" if no remote host was specified. This allows pam_opieaccess() to work as expected for local logins.
|
#
110549 |
|
08-Feb-2003 |
des |
Use waitpid() instead of wait() since we know the pid of the process we are waiting for, and we don't want to reap the wrong process.
|
#
107585 |
|
04-Dec-2002 |
des |
Change the process title as soon as possible to mask information passed on the command line by getty(8). This is not a perfect fix, but drastically reduces the window of exposure.
Approved by: re (rwatson) MFC after: 1 week
|
#
105164 |
|
15-Oct-2002 |
phk |
Be consistent about functions being static.
Spotted by: FlexeLint
|
#
102141 |
|
19-Aug-2002 |
imp |
When login tries to do the chmod/chflags on a read only file system, it complains that it can't do it because the filesystem is readonly. Assume that when the user has a readonly /dev that they don't care if login can't change the permissions/flags. While this does break a few things like msgs, we'll assume that the user setting up the read only system knows what they are doing.
All this change does is to stop the complaint when the file system is read only. It also adds comments as to why EROFS and EOPNOTSUPP are ignored.
This allows one to have a read-only / w/o a /dev MFS and have a relatively warning-free existence. /etc/rc still complains when it can't chown/chflags/chmod things, but that's easy to ignore/tweak.
Reviewed by: roberto, phk Sponsored by: Timing Solutions
|
#
100825 |
|
28-Jul-2002 |
dwmalone |
Don't reuse a const char * when we really want a char *.
|
#
98990 |
|
28-Jun-2002 |
ache |
Simplify TERM handling since now libutil not overwrites existen TERM for "term"
|
#
98960 |
|
28-Jun-2002 |
ache |
Overwrite "term" from login.conf(5) for any known TERM
|
#
97376 |
|
28-May-2002 |
des |
Drive-by whitespace cleanup.
|
#
95243 |
|
22-Apr-2002 |
des |
Don't use PAM_SILENT unless hushlogin is set (perforce change 10123)
Sponsored by: DARPA, NAI Labs
|
#
94886 |
|
16-Apr-2002 |
des |
Remove unused #define.
|
#
94203 |
|
08-Apr-2002 |
ru |
Align for const poisoning in -lutil.
|
#
92174 |
|
12-Mar-2002 |
gad |
Simple fix so the 'LOGIN FAILURE' message send to syslog will include the correct userid, instead of random garbage. This bug does not exist in -stable.
Reviewed by: freebsd-audit
|
#
91714 |
|
05-Mar-2002 |
des |
Switch to OpenPAM. Bump library version. Modules are now versioned, so applications linked with Linux-PAM will still work. Remove pam_get_pass(); OpenPAM has pam_get_authtok(). Remove pam_prompt(); OpenPAM has pam_{,v}{error,info,prompt}(). Remove pam_set_item(3) man page as OpenPAM has its own.
Sponsored by: DARPA, NAI Labs
|
#
89994 |
|
30-Jan-2002 |
des |
Still with asbestos longjohns on, completely PAMify login(1) and remove code made redundant by various PAM modules (primarily pam_unix(8)).
Sponsored by: DARPA, NAI Labs
|
#
89970 |
|
29-Jan-2002 |
des |
Back out rev 1.78, which is incorrect now that the PAM modules have been fixed to accept a NULL PAM_RHOST.
|
#
89615 |
|
21-Jan-2002 |
des |
When running on a local terminal, set PAM_RHOST to the local hostname.
Sponsored by: DARPA, NAI Labs
|
#
89568 |
|
19-Jan-2002 |
ache |
Back out PAM_CRED_ERR addition
|
#
89552 |
|
19-Jan-2002 |
ache |
Add PAM_CRED_ERR as valid failure case
|
#
87628 |
|
10-Dec-2001 |
dwmalone |
Style improvements recommended by Bruce as a follow up to some of the recent WARNS commits. The idea is:
1) FreeBSD id tags should follow vendor tags. 2) Vendor tags should not be compiled (though copyrights probably should). 3) There should be no blank line between including cdefs and __FBSDIF.
|
#
87233 |
|
02-Dec-2001 |
markm |
Use __FBSDID(). Also do a bit of cosmetic #if and header-order cleaning-up.
|
#
87180 |
|
01-Dec-2001 |
markm |
Sort includes.
|
#
87177 |
|
01-Dec-2001 |
markm |
Style fixups.
Sort function declarations, includes. Make consistent WRT use of _P() macro (ugh!)
Inspired by: bde
|
#
87173 |
|
01-Dec-2001 |
markm |
WARNS=2 fixes.
Reviewed by: bde (a while back)
|
#
86450 |
|
16-Nov-2001 |
rwatson |
o Add support for a 'nocheckmail' capability, which (if true) prevents the 'You have mail.' check. This is useful for sites that rely on remote mail access, rather than a local mail spool. Due to the behavior of login_getcapbool(), the negated form is required so as to have appropriate results. o This behavior may have to be independently added to sshd due to redundant implementation.
|
#
83519 |
|
15-Sep-2001 |
rwatson |
o Modify NFS rights comment to note that the early credential changes to test for a home directory don't set up the additional groups, and as such may limit users conservatively. This does not affect the eventual credentials selected.
|
#
82562 |
|
30-Aug-2001 |
markm |
Like su(1), make PAM use mandatory. Remove parts of the authentication logic that are handled by PAM. Fix documentation to reflect this.
|
#
81575 |
|
13-Aug-2001 |
mike |
Fix some bogus strncpy(3) to strlcpy(3) changes I made in the previous revision. <utmp.h> structures don't leave room for a NUL character. Also fix "UNKNOWN" which should have just been UNKNOWN.
Pointed out by: bde
|
#
81555 |
|
12-Aug-2001 |
mike |
o Replace occurrences of strncpy(3) with strlcpy(3); most of the uses of it were wrong anyway. o Always check for NULL returns on strdup(3). o Fix a possible buffer overflow in strcpy(3). o Fix a format string vulnerability. o t->ty_type in stypeof() could be NULL and eventually cause a segmentation fault in setenv(3), so check for that.
Eyeballed by: kris Reviewed by: murray MFC after: 3 days
|
#
80514 |
|
28-Jul-2001 |
markm |
Fix the environment handling:
However, there's still a bug in login.c because you copy the environment *before* the call to pam_open_session, which won't set the necessary variables set by /usr/ports/security/pam_ssh.
Submitted by: Volker Stolz <stolz@hyperion.informatik.rwth-aachen.de>
|
#
79452 |
|
09-Jul-2001 |
brian |
Fix the type of the NULL arg to execl()
Idea from: Theo de Raadt <deraadt@openbsd.org>
|
#
76977 |
|
22-May-2001 |
eric |
Remove an accidentaly added extra blank line.
Approved by: murray
|
#
76942 |
|
21-May-2001 |
guido |
Disable SIGHUP while getting the login name.
Reviewed by: security-officer
|
#
76791 |
|
18-May-2001 |
obrien |
Missed a few things.
|
#
76788 |
|
18-May-2001 |
obrien |
In a word -- style(9).
|
#
76786 |
|
18-May-2001 |
obrien |
Add the "prompt" and "passwd_prompt" fields to /etc/login.conf, which makes lgoin more like getty in its ability to be configured.
Submitted by: tlambert (code only)
|
#
76710 |
|
17-May-2001 |
eric |
Check for the expiration of an account and its password in the proper order.
Reviewed by: -audit (silence) Approved by: murray Obtained from: OpenBSD MFC after: 5 days
|
#
74874 |
|
27-Mar-2001 |
markm |
Add full PAM support for account management and sessions.
The PAM_FAIL_CHECK and PAM_END macros in su.c came from the util-linux package's PAM patches to the BSD login.c
Submitted by: "David J. MacKenzie" <djm@web.us.uu.net>
|
#
72215 |
|
09-Feb-2001 |
nectar |
Fix login so that it exports environmental variables that are set by PAM modules (via pam_putenv). The following variables will never be set in this fashion:
SHELL, HOME, LOGNAME, MAIL, CDPATH, IFS, PATH any variable starting with `LD_'
|
#
71457 |
|
23-Jan-2001 |
nectar |
Call pam_setcred.
Reviewed by: markm, months ago
|
#
59645 |
|
26-Apr-2000 |
sheldonh |
Add braces to avoid ambiguity in a nested conditional (silences a gcc warning).
|
#
59621 |
|
25-Apr-2000 |
sheldonh |
Fix excessive use of parenthesis in previous commit.
Requested by: bde
|
#
59198 |
|
13-Apr-2000 |
sheldonh |
Do not issue a warning when chflags() fails with EOPNOTSUPP.
PR: 17875 Submitted by: Bjoern Fischer <bfischer@Techfak.Uni-Bielefeld.DE>
|
#
57546 |
|
27-Feb-2000 |
ache |
Fix diagnostic printing test condition (was always true)
Approved by: jkh
|
#
57339 |
|
19-Feb-2000 |
shin |
Added IPv6 name resolving support for utmp logging.
Approved by: jkh
|
#
50477 |
|
27-Aug-1999 |
peter |
$Id$ -> $FreeBSD$
|
#
50124 |
|
21-Aug-1999 |
imp |
Clear all file flags when taking ownership of devices. Do not ignore chown failures in some places, but instead log them like we do all other errors.
|
#
46007 |
|
24-Apr-1999 |
ache |
remove uid switching before login_getpwclass, now done inside libutil add gid switching before chdir and comment why it needed
|
#
45431 |
|
07-Apr-1999 |
brian |
Don't perform the trimdomain() functionality twice, trimdomain() now works as expected.
|
#
42850 |
|
19-Jan-1999 |
abial |
Add a compile knob to avoid using PAM code (login will use standard Unix authentication only). This comes handy when you're tight on space.
Submitted by: mostly John Baldwin <jobaldwi@vt.edu> Reviewed by: John D. Polstra <jdp@polstra.com>
|
#
42272 |
|
03-Jan-1999 |
eivind |
Make the timeout handler log any failed logins, to make sure failed logins get logged.
|
#
41279 |
|
21-Nov-1998 |
jdp |
ATTENTION: INSTALL "/etc/pam.conf" FROM "src/etc"!!!
Change login to use PAM for authentication. I kept the built-in passwd/NIS authentication support, to handle cases where the system is missing its "/etc/pam.conf" file. S/Key and KerberosIV authentication methods are removed from the login program, but still available in PAM modules.
|
#
41079 |
|
11-Nov-1998 |
jdp |
unifdef -DLOGIN_CAP. After almost 2 years, I think we can assume it's here to stay.
This code is starting to look almost reasonable again.
|
#
41069 |
|
11-Nov-1998 |
jdp |
Remove support for LOGIN_CAP_AUTH. It was never enabled, it was not complete, and it hasn't been touched for 18 months. All the ifdefs obfuscate the code. I discussed the LOGIN_CAP_AUTH support with its author and he agreed that it is a dead end. I am bringing PAM into the tree within the next two weeks. It is much more flexible than LOGIN_CAP_AUTH, and will serve as a superior replacement for it.
|
#
41068 |
|
10-Nov-1998 |
jdp |
Fix a const-related compiler warning.
|
#
40102 |
|
09-Oct-1998 |
markm |
Use KJH's auth.conf parser to turn on/off Kerberos in userland.
|
#
38374 |
|
17-Aug-1998 |
jkoshy |
Remove hardcoded constant in favour of login.conf value.
PR: 6529 Submitted by: Dan Lukes <dan@obluda.cz>
|
#
37980 |
|
31-Jul-1998 |
bde |
Backed out rev.1.31. It was a workaround for bugs in rev.1.4 of libc/gen/getpass.c. The old behaviour of blocking SIGINT and not changing SIGQUIT was restored in rev.1.5 of getpass.c. The change here completely restores the old behaviour of not supporting killing login with keyboard signals (only) at the password prompt. There is no reason to support this, since login can be exited normally by typing a couple of ^D's. Login certainly shouldn't dump core in response to user input. Previously, SIGQUIT killed login immediately but SIGINT killed it only after the password was entered.
PR: 7444
|
#
37812 |
|
22-Jul-1998 |
jdp |
Fix a couple of little bugs that prevented login.c from compiling if LOGIN_CAP_AUTH was defined. This is kind of silly, because LOGIN_CAP_AUTH doesn't work anyway, is not defined currently, probably will never be defined, and IMHO should not be defined. But I'm sure you'll sleep better tonight, knowing that these bugs are gone.
|
#
36559 |
|
01-Jun-1998 |
amurai |
Trim a domain part for wtmp as same as showed by "netstat -r". Here is a some example for avoiding a confusion.
It asssumes a logged host domain is "spec.co.jp". All example is longer than UT_HOSTNAMELEN value.
1) turbo.tama.spec.co.jp: 192.19.0.2 -> trubo.tama 2) turbo.tama.foo.co.jp : 192.19.0.2 -> 192.19.0.2 3) specgw.spec.co.jp : 202.32.13.1 -> specgw
Submitted by: Atsushi Murai <amurai@spec.co.jp>
|
#
35559 |
|
30-Apr-1998 |
peter |
*blush*, typo during last minute editing..
|
#
35557 |
|
30-Apr-1998 |
peter |
Change euid while reading the user's .login_cap file in case the homedir is on a NFS partion without root read access. Also, flip euid again for the duration of the chdir() to the homedir for the same reason.
PR: 5145 Submitted by: Joel.Faedi@esial.u-nancy.fr Also tested by: A Joseph Koshy <koshy@india.hp.com>
|
#
33332 |
|
13-Feb-1998 |
ache |
Fix very rare but dangerous bug: for some DES passwords crypt(real_password, salt) is equal to crypt("", salt); It means that this user (and not only he) can login without entering password at all, just pressing Return. So if empty password entered and crypted password is not empty, invalidate any crypt result by assigning ":"
|
#
33123 |
|
05-Feb-1998 |
guido |
Reset SGINT and SIGQUIT handling to default when asking for passwords. Otherwise, when pressing the INT ke at the password prompt, the password will be displayed. Now login will be killed.
Probably the same will have to be done for the LOGIN_CAP_AUTH case. I have not done that. Reviewed by: Joerg Wunsch
|
#
30564 |
|
19-Oct-1997 |
joerg |
Fix a fatal typo.
PR: bin/4801 Submitted by: mishania@demos.su (Mikhail A. Sokolov)
|
#
29922 |
|
28-Sep-1997 |
markm |
Changes for KTH KerberosIV. Also quieten -Wall a bit.
|
#
27605 |
|
22-Jul-1997 |
charnier |
= -> ==, strcpy -> strncpy from OpenBSD. update man page. Add usage(). Obtained from: OpenBSD
|
#
26021 |
|
22-May-1997 |
pst |
Restore backwards compatible default behavior for requirehome
|
#
25671 |
|
10-May-1997 |
davidn |
login_getclass() -> login_getpwclass(). auth_rmfiles() was being called in error without LOGIN_CAP_AUTH defined.
|
#
24894 |
|
13-Apr-1997 |
davidn |
Use isdialuptty() rather than hard-coded heuristic.
|
#
24485 |
|
01-Apr-1997 |
davidn |
Submitted by: Sergei Chechetkin <csl@whale.sunbay.crimea.ua>
Fix incorrect bracket nesting. Closes PR#3144.
|
#
24360 |
|
29-Mar-1997 |
imp |
compare return value from getopt against -1 rather than EOF, per the final posix standard on the topic.
|
#
24321 |
|
27-Mar-1997 |
davidn |
Fix for logic in no-password accounts.
|
#
24251 |
|
25-Mar-1997 |
davidn |
Don't bypass password prompt for root logins on insecure tty if the root password is empty.
|
#
24222 |
|
24-Mar-1997 |
davidn |
strdup() value of term to correctly preserve contents. Rearrange validation logic so that it works correctly when compiled with kerberos support. Closes PR#3056.
|
#
23985 |
|
18-Mar-1997 |
davidn |
Submitted by: Paul Traina <root@shockwave.com> (partially)
Cleanup of #ifdef's for LOGIN_CAP.
Fixed bug in empty shell (closes PR#2550).
Refused root logins now displays standard "Login incorrect" and exhibits identical backoff behaviour to a failed login.
Cleaned up logging of refused logins.
Use #defines for login retries and backoff. Also implemented definable variables if LOGIN_CAP is defined, with "login-retries" and "login-backoff" as capabilities in the default class (closes PR#2805).
TERM from previous environment is no longer truncated.
|
#
23246 |
|
01-Mar-1997 |
wosch |
Include copyright message from <sys/copyright.h>
|
#
23148 |
|
27-Feb-1997 |
ache |
Back out "shell" / pw_shell change, I was confused by the same variable name (with different functionality)
|
#
23146 |
|
27-Feb-1997 |
ache |
Fix few bogons with pw_shell / shell variables values mismatch introduced by LOGIN_CAP
|
#
21950 |
|
22-Jan-1997 |
jkh |
Don't dereference NULL pwd on non-existant username (I wonder how long THAT has been in here!).
|
#
21942 |
|
22-Jan-1997 |
davidn |
Fix handling of empty shell field in passwd file (use /bin/sh); problem was caused by introduction of login classes. Closes PR bin/2550. Added references to login.conf to manpage, crossreference to login.conf(5).
|
#
21528 |
|
11-Jan-1997 |
davidn |
Makes login login_cap-savvy.
Note that LOGIN_CAP_AUTH code (login authentication) is not (yet) enabled and requires /usr/libexec/login_<style> authentication program support to be added at a later date. The Makefile contains a macro LC_AUTH to turn it on and prevent unnecessarily linking against skey/krb libs and the addition of klogin.c module.
All other aspects of login_cap support are fully functional.
|
#
16423 |
|
17-Jun-1996 |
ache |
Write numerical address instead of hostname for hostnames > UT_HOSTSIZE to keep valid information in utmp and lastlog
|
#
9987 |
|
07-Aug-1995 |
wollman |
Delete bogus referneces to timezone code internal header file `tzfile.h', which is no longer bogusly installed in /usr/include.
|
#
8874 |
|
30-May-1995 |
rgrimes |
Remove trailing whitespace.
|
#
7893 |
|
16-Apr-1995 |
rgrimes |
Fix spelling error that keeps this from compiling with KERBEROS & SKEY defined.
Submitted by: Mark Murray <mark@grondar.za>
|
#
7800 |
|
13-Apr-1995 |
wollman |
Disallow Kerberos when S/Key is required. Fixes PR #339.
Submitted by: Paul Traina <pst@Shockwave.com>
|
#
5627 |
|
14-Jan-1995 |
wollman |
Modify klogin to:
1) Don't spit out an error message if Kerberos is installed but not yet set up.
2) Don't attempt to verify the ticket you got back, as workstations are not intended to have srvtab files of their own.
Both behaviors can be re-enabled with KLOGIN_PARANOID.
|
#
4878 |
|
30-Nov-1994 |
ugen |
Patch of password expired bug. Now password changed for right user and no longer possible to skip password change. I hope it will be ok....
|
#
3702 |
|
18-Oct-1994 |
pst |
Include most of the logdaemon v4.4 S/key changes
|
#
3205 |
|
29-Sep-1994 |
pst |
Install support for skey and login.access
|
#
2532 |
|
06-Sep-1994 |
jkh |
Problem: Accounts that have "pw_change" set, are supposed to change their passwords by the date specified in "pw_change". If they have not changed their passwords by that date, currently they get "LOCKED OUT" of the system. This is not the correct behavior, the user should be prompt (forced?) to change their password at this time. If the behavior of "pw_change" was meant to be a LOCKOUT, then you should use "pw_expire".
Solution: Instead of locking out the user, prompt them to change their password.
Reviewed by: jkh Submitted by: rls
|
#
2224 |
|
22-Aug-1994 |
guido |
Implemnet fbtab ala SunOS (thanks to WZV, see login_fbtab.c) Reviewed by: Submitted by: guido
|
#
1591 |
|
27-May-1994 |
rgrimes |
This commit was generated by cvs2svn to compensate for changes in r1590, which included commits to RCS files with non-trunk default branches.
|
#
1590 |
|
27-May-1994 |
rgrimes |
BSD 4.4 Lite Usr.bin Sources
|