login.conf(5): Document priority's special value 'inherit'

Reviewed by: emaste, yuripv (older version)
Approved by: emaste (mentor)
MFC after: 3 days
Sponsored by: Kumacom SAS
Differential Revision: https://reviews.freebsd.org/D40691

login.conf(5): Document priority's default and possible values

Priority is reset to 0 if not explicitly specified.

While here, be more explicit about what "Initial priority (nice) level"
means and document that it is possible to set real-time or idle class'
priorities with this capability.

Reviewed by: emaste
Approved by: emaste (mentor)
MFC after: 3 days
Sponsored by: Kumacom SAS
Differential Revision: https://reviews.freebsd.org/D40689

login.conf(5): Default values: Rename column, elaborate on absence of such

Column "Notes" in fact only contains default values for capabilities, so
make this clear by renaming it to "Default".

Add a small introductory text mentioning it, and what an absence of
default value means (inheritance).

PR: 271748
Reviewed by: emaste
Approved by: emaste (mentor)
MFC after: 3 days
Sponsored by: Kumacom SAS
Differential Revision: https://reviews.freebsd.org/D40347

login.conf(5): Document umask's special value 'inherit'

Reviewed by: emaste
Approved by: emaste (mentor)
MFC after: 3 days
Sponsored by: Kumacom SAS
Differential Revision: https://reviews.freebsd.org/D40688

login.conf(5): umask has no default value

The umask is simply left unchanged if no explicit value is specified in
the login class capabilities database.

PR: 271747
Reviewed by: emaste
Approved by: emaste (mentor)
MFC after: 3 days
Sponsored by: Kumacom SAS
Differential Revision: https://reviews.freebsd.org/D40345

Remove $FreeBSD$: two-line nroff pattern

Remove /^\.\\"\n\.\\"\s*\$FreeBSD\$$\n/

login.conf: document how to specify env var values with commas

As of f32db406504e quotes may be used to specify login class
capabilities that include commas. This is true in general but is
particularly relevant for setenv, a comma-separated list of environment
variables and values, so mention it there.

PR: 236204
Sponsored by: The FreeBSD Foundation

login.conf.5: Mark passwordtime as implemented

login.conf.5 listed passwordtime in RESERVED CAPABILITIES, which is a
section for capabilities not implemented in the base system. However,
passwordtime has been implemented in the base for several years now.

PR: 246099
Reported by: avg
Reviewed by: 0mp
MFC after: 3 days

libutil: Document function HISTORY within the manpages

Reviewed by: bcr (mentor)
Approved by: bcr (mentor)
MFC after: 7 days
Differential Revision: https://reviews.freebsd.org/D24795

login.conf(5): split MAIL env var out into a "mail" capability

This allows it to be easily suppressed in, e.g., the "daemon" class where it
will not be properly expanded.

This is a part of D21481.

Submitted by: Andrew Gierth <andrew_tao173.riddles.org.uk>

Fix handling of umtxp resource limit in sh(1)/ulimit(1), limits(1), add
login.conf(5) support.

Reviewed by: jilles
Sponsored by: The FreeBSD Foundation
Differential revision: https://reviews.freebsd.org/D5610

Mention in login.conf.5 which fields may be infinite and how to specifify infinity.
The number of ways to indicate this confuses people.

PR: docs/100196
Reported by: "Dr. Markus Waldeck" <waldeck@gmx.de>
Reported by: Jamie Landeg Jones <jamie.landeg.jones@gmail.com>

All man pages refer to FreeBSD so there is no need to mention "In .Fx"

Switch the default password hash from md5 to sha512.

MFC after: 1 week

Document that we also support sha256 and sha512.

MFC after: 1 week

General mdoc(7) and typo fixes.

PR: 167804
Submitted by: Nobuyuki Koganemaru (kogane!jp.freebsd.org)
MFC after: 3 days

mdoc: terminate quoted strings.

mandoc complains loudly when <TAB>s are misused in columnated lists. Fix
this syntax violation and while I'm here also convert <TAB> to Ta and adjust
quotation marks in order to prevent this problem in the future.

This string should be quoted.

Noticed by: brueffer

mdoc: terminate quoted strings.

Reviewed by: brueffer

Add missing "swapuse" resource limit.

A new jail(8) with a configuration file, to replace the work currently done
by /etc/rc.d/jail.

Create the altix project branch. The altix project will add support
for the SGI Altix 350 to FreeBSD/ia64. The hardware used for porting
is a two-module system, consisting of a base compute module and a
CPU expansion module. SGI's NUMAFlex architecture can be an excellent
platform to test CPU affinity and NUMA-aware features in FreeBSD.

- Import the HEAD csup code which is the basis for the cvsmode work.

Integrate the new MPSAFE TTY layer to the FreeBSD operating system.

The last half year I've been working on a replacement TTY layer for the
FreeBSD kernel. The new TTY layer was designed to improve the following:

- Improved driver model:

The old TTY layer has a driver model that is not abstract enough to
make it friendly to use. A good example is the output path, where the
device drivers directly access the output buffers. This means that an
in-kernel PPP implementation must always convert network buffers into
TTY buffers.

If a PPP implementation would be built on top of the new TTY layer
(still needs a hooks layer, though), it would allow the PPP
implementation to directly hand the data to the TTY driver.

- Improved hotplugging:

With the old TTY layer, it isn't entirely safe to destroy TTY's from
the system. This implementation has a two-step destructing design,
where the driver first abandons the TTY. After all threads have left
the TTY, the TTY layer calls a routine in the driver, which can be
used to free resources (unit numbers, etc).

The pts(4) driver also implements this feature, which means
posix_openpt() will now return PTY's that are created on the fly.

- Improved performance:

One of the major improvements is the per-TTY mutex, which is expected
to improve scalability when compared to the old Giant locking.
Another change is the unbuffered copying to userspace, which is both
used on TTY device nodes and PTY masters.

Upgrading should be quite straightforward. Unlike previous versions,
existing kernel configuration files do not need to be changed, except
when they reference device drivers that are listed in UPDATING.

Obtained from: //depot/projects/mpsafetty/...
Approved by: philip (ex-mentor)
Discussed: on the lists, at BSDCan, at the DevSummit
Sponsored by: Snow B.V., the Netherlands
dcons(4) fixed by: kan

Add support for a new login capability, cpumask which allows login
sessions to be pinned to cpus by login class.

Fix markup in previous revision.

Add information on how to escape a literal colon in a value or name.

PR: 101262

Recognize the existence of `auth' and `auth-type'
capabilities but tell they do nothing in the base system.

This is a late responce to
http://docs.freebsd.org/cgi/mid.cgi?ED759F1DC5ADD74592DD063B1EDEDAF803ACD2B5
.

Obtained from: OpenBSD (wording; with minor corrections)

Document how the backoff delay is calculated.

Submitted by: markus
MFC after: 3 days

Fix grammatical issue.

Submitted by: ceri

Use ~/.login_conf when discussing a user's local file.

Suggested by: ru

Reword previous commit to be a bit more correct and provide more information.

Inspiried by: ru

Make it more obvious that cap_mkdb(1) is required to rebuild the database.

PR: 76981
Submitted by: Lowell Gilbert <freebsd-bugs-local@be-well.ilk.org>

Spell FTP correctly - in this case, it is used as the name of the protocol,
not the program. Also, bump the document date.

Reminded by: our resident mdoc guard (ru)

Add Giorgos's description of the ftp-chroot login.conf option.

Reported by: Bill Moran <wmoran@potentialtech.com>
Submitted by: keramida
MFC after: 2 weeks

Mechanically kill hard sentence breaks.

Backout last commit. It is redundant in -CURRENT.

Pointed out by: David Schultz

Note that the idletime setting is not enforced.

PR: docs/40952
MFC After: 3 days

Document the login-backoff and login-retries capabilities.

PR: docs/51397
MFC After: 3 days

Re-document unimplemented capabilities that were removed in the last
revision of this file, but note that they are not supported in the
base system.

Requested by: ache
Reviewed by: ache, mike (mentor)

- Document the fact that we now use pam_passwdqc(8) to check
password quality, not login.conf(5).
- Move warnexpire and warnpasswd from the ``Accounting Limits''
section to ``Authentication'', and nix everything else in the
former section. The accounting knobs are not available in
the base system, and the subset of them available in ports
should be documented in the ports' manpages.

PR: 47960
Reviewed by: mike (mentor), doc

Document the `label' capability.

Approved by: re
Sponsored by: DARPA, Network Associates Labs
Obtained from: TrustedBSD Project

Use "deprecated" instead of "depreciated" where appropriate.

mdoc(7) police: spelling.

Add documentation for vmemoryuse

o Document 'nocheckmail' login capability.

Although the 'bool' type is referenced in the list of capabilities, it
is not defined in the capability type list. Provide a definition for
'bool', if a slightly less than elegant one. Note that this definition
does not include the complete scope of available behavior defined
in cgetcap(3), and could probably be improved.

1) Back out ~/.login_conf disable
2) Pick only "me" class from ~/.login_conf as documented

Disable per-user .login_conf support due to incorrect merging of local
and globaly settings. An alternative implementation will be developed.

Reported by: Przemyslaw Frasunek <venglin@freebsd.lublin.pl>

Remove whitespace at EOL.

mdoc(7) police: removed HISTORY info from the .Os call.

mdoc(7) police: remove extraneous .Pp before and/or after .Sh.

Sort.

Add the "prompt" and "passwd_prompt" fields to /etc/login.conf,
which makes lgoin more like getty in its ability to be configured.

Submitted by: tlambert (code only)

Updates for Blowfish password hashing.

Prepare for mdoc(7)NG.

Prepare for mdoc(7)NG.

mdoc(7) police: use the new features of the Nm macro.

Use Fx macro wherever possible.

Document passwd_format further.

Make sbsize a size instead of a number. This allows the usual suffixes
to be applied to the value given. This does not break installed
/etc/login.conf files, since un-suffixed numbers are interpreted as
they were before.

PR: 19750
Submitted by: Paul Herman <pherman@frenchfries.net>

document sbsize limit.

Add xref to cap_mkdb(1).

PR: docs/17544
Submitted by: Christ J. Clark <cjc@cc942873-a.ewndsr1.nj.home.com>

Remove single-space hard sentence breaks. These degrade the quality
of the typeset output, tend to make diffs harder to read and provide
bad examples for new-comers to mdoc.

Document mixpasswordcase here as well as in passwd.1

Do not set the default terminal type to "su", leave it empty.

PR: bin/5084
Reviewed by: asmodai, davidn, sef

mdoc(7)'fy

Reviewed by: mpp

$Id$ -> $FreeBSD$

Axe LOGIN_CAP_AUTH.

PR: 10115
Reported by: Gene Skonicki <gene@cif.rochester.edu>
Requested by: jdp

Change references from "passwordperiod" to "passwordtime", since
"passwordtime" is what passwd(1) has actually been using. I suspect
passwordperiod was the original intent. I can't figure-out which,
if either, BSDi uses. If anyone knows...

Change tty-related capability names to match the implementation ("ttys.",
not "tty.").

Correctly document h and m modifiers to the time format.

PR: 5739
Submitted by: Matthew Cashdollar <mattc@rfcnet.com>

Add passwd(5) to "SEE ALSO".

ISSUES:
An example and better explansion on how to specify a user's login
class in /etc/master passwd is needed.
(As I don't seem to be specifiying it right, I can't do it).

Remove login_progok()
Suggested by: guido

Add full support for determining if a user
is restricted from running a given program.

Add prog.deny as a list capability for
denying execution of certain programs.

Typo police.

Revert $FreeBSD$ to $Id$

1MB is 1048576 bytes, not 1038476 bytes. (I can see that the original
committer wasn't using the MicroSlop Natural keyboard though! :)

Sort cross references.

Make the long-awaited change from $Id$ to $FreeBSD$

This will make a number of things easier in the future, as well as (finally!)
avoiding the Id-smashing problem which has plagued developers for so long.

Boy, I'm glad we're not using sup anymore. This update would have been
insane otherwise.

Minor mdoc style fixes.

Man page police.

Consistency check: refs to ~/.login.conf should be ~/.login_conf.

Add missing manpage for login.conf.