PERFORCE change 87949 for review
Todd Miller
millert at FreeBSD.org
Fri Dec 9 15:51:30 GMT 2005
http://perforce.freebsd.org/chv.cgi?CH=87949
Change 87949 by millert at millert_ibook on 2005/12/09 15:50:48
Add pam_sedarwin. We need to be able to prompt the user
for the role to choose from in keyboard-interactive mode
but this has to happen *after* actual system authentication
which makes things a bit messy.
Affected files ...
.. //depot/projects/trustedbsd/sedarwin7/src/darwin/pam/pam.d/sshd#4 edit
Differences ...
==== //depot/projects/trustedbsd/sedarwin7/src/darwin/pam/pam.d/sshd#4 (text+ko) ====
@@ -1,9 +1,11 @@
# login: auth account password session
auth required pam_nologin.so
-auth sufficient pam_securityserver.so
-auth sufficient pam_unix.so
+auth success=1default=2 pam_securityserver.so
+auth success=okdefault=1 pam_unix.so
+auth default=done pam_sedarwin.so
auth required pam_deny.so
account required pam_permit.so
password required pam_deny.so
session required pam_permit.so
session required pam_lctx.so
+session required pam_sedarwin.so
To Unsubscribe: send mail to majordomo at trustedbsd.org
with "unsubscribe trustedbsd-cvs" in the body of the message
More information about the trustedbsd-cvs
mailing list