cvs commit: src UPDATING src/sys/sys param.h src/etc/pam.d ftpd
gdm imap kde login other pop3 rsh sshd telnetd xdm
src/lib/libpam/modules/pam_nologin pam_nologin.8 pam_nologin.c
Yar Tikhiy
yar at FreeBSD.org
Sun Jun 10 18:57:21 UTC 2007
yar 2007-06-10 18:57:20 UTC
FreeBSD src repository
Modified files:
. UPDATING
sys/sys param.h
etc/pam.d ftpd gdm imap kde login other pop3 rsh
sshd telnetd xdm
lib/libpam/modules/pam_nologin pam_nologin.8 pam_nologin.c
Log:
Now pam_nologin(8) will provide an account management function
instead of an authentication function. There are a design reason
and a practical reason for that. First, the module belongs in
account management because it checks availability of the account
and does no authentication. Second, there are existing and potential
PAM consumers that skip PAM authentication for good or for bad.
E.g., sshd(8) just prefers internal routines for public key auth;
OTOH, cron(8) and atrun(8) do implicit authentication when running
a job on behalf of its owner, so their inability to use PAM auth
is fundamental, but they can benefit from PAM account management.
Document this change in the manpage.
Modify /etc/pam.d files accordingly, so that pam_nologin.so is listed
under the "account" function class.
Bump __FreeBSD_version (mostly for ports, as this change should be
invisible to C code outside pam_nologin.)
PR: bin/112574
Approved by: des, re
Revision Changes Path
1.493 +18 -0 src/UPDATING
1.19 +1 -1 src/etc/pam.d/ftpd
1.8 +1 -1 src/etc/pam.d/gdm
1.6 +3 -1 src/etc/pam.d/imap
1.7 +1 -1 src/etc/pam.d/kde
1.17 +1 -1 src/etc/pam.d/login
1.11 +1 -1 src/etc/pam.d/other
1.6 +3 -1 src/etc/pam.d/pop3
1.6 +1 -1 src/etc/pam.d/rsh
1.16 +1 -1 src/etc/pam.d/sshd
1.8 +1 -1 src/etc/pam.d/telnetd
1.11 +1 -1 src/etc/pam.d/xdm
1.6 +10 -11 src/lib/libpam/modules/pam_nologin/pam_nologin.8
1.12 +2 -10 src/lib/libpam/modules/pam_nologin/pam_nologin.c
1.300 +1 -1 src/sys/sys/param.h
More information about the cvs-src
mailing list