diff options
author | Dag-Erling Smørgrav <des@FreeBSD.org> | 2001-12-05 21:26:00 +0000 |
---|---|---|
committer | Dag-Erling Smørgrav <des@FreeBSD.org> | 2001-12-05 21:26:00 +0000 |
commit | 426ae370f42d92e78fd63075a4d8a31f7f1ba800 (patch) | |
tree | b87ea2392bd05516bcd4aaa0b0f503a55e0000dc | |
parent | 722b228abab037183a912c9c7ead276492bac31e (diff) | |
download | src-426ae370f42d92e78fd63075a4d8a31f7f1ba800.tar.gz src-426ae370f42d92e78fd63075a4d8a31f7f1ba800.zip |
Awright, egg on my face. I should have taken more time with this. The
conversion script generated the wrong format, so the configuration files
didn't actually work. Good thing I hadn't thrown the switch yet...
Sponsored by: DARPA, NAI Labs (but the f***ups are all mine)
Notes
Notes:
svn path=/head/; revision=87423
-rw-r--r-- | etc/pam.d/README | 4 | ||||
-rw-r--r-- | etc/pam.d/convert.pl | 8 | ||||
-rw-r--r-- | etc/pam.d/csshd | 2 | ||||
-rw-r--r-- | etc/pam.d/ftp | 26 | ||||
-rw-r--r-- | etc/pam.d/ftpd | 26 | ||||
-rw-r--r-- | etc/pam.d/gdm | 26 | ||||
-rw-r--r-- | etc/pam.d/imap | 8 | ||||
-rw-r--r-- | etc/pam.d/kde | 12 | ||||
-rw-r--r-- | etc/pam.d/login | 34 | ||||
-rw-r--r-- | etc/pam.d/other | 12 | ||||
-rw-r--r-- | etc/pam.d/pop3 | 8 | ||||
-rw-r--r-- | etc/pam.d/rsh | 8 | ||||
-rw-r--r-- | etc/pam.d/sshd | 10 | ||||
-rw-r--r-- | etc/pam.d/su | 56 | ||||
-rw-r--r-- | etc/pam.d/telnetd | 6 | ||||
-rw-r--r-- | etc/pam.d/xdm | 26 | ||||
-rw-r--r-- | etc/pam.d/xserver | 2 |
17 files changed, 139 insertions, 135 deletions
diff --git a/etc/pam.d/README b/etc/pam.d/README index 6d2c2605a919..9acbff688377 100644 --- a/etc/pam.d/README +++ b/etc/pam.d/README @@ -14,12 +14,12 @@ is a summary of the format for the pam.conf and /etc/pam.d/* files. Configuration lines take the following form: -service-name module-type control-flag module-path arguments +module-type control-flag module-path arguments Comments are introduced with a hash mark ('#'). Blank lines and lines consisting entirely of comments are ignored. -The meanings of the various fields are as follows: +The meanings of the different fields are as follows: module-type: auth: prompt for a password to authenticate that the user is diff --git a/etc/pam.d/convert.pl b/etc/pam.d/convert.pl index d1f2d99adc5d..02d410372663 100644 --- a/etc/pam.d/convert.pl +++ b/etc/pam.d/convert.pl @@ -40,6 +40,7 @@ use Fcntl; use vars qw(%SERVICES); MAIN:{ + my $line; my $service; my $type; local *FILE; @@ -47,8 +48,11 @@ MAIN:{ while (<>) { chomp(); s/\s*$//; - next unless m/^\#*(\w+)\s+(auth|account|session|password)\s+(\S.*)$/; - push(@{$SERVICES{$1}->{$2}}, $_); + next unless m/^(\#*)(\w+)\s+(auth|account|session|password)\s+(\S.*)$/; + $line = $1.$3; + $line .= "\t" x ((16 - length($line) + 7) / 8); + $line .= $4; + push(@{$SERVICES{$2}->{$3}}, $line); } foreach $service (keys(%SERVICES)) { diff --git a/etc/pam.d/csshd b/etc/pam.d/csshd index 9fd61f49c279..863160eb1f97 100644 --- a/etc/pam.d/csshd +++ b/etc/pam.d/csshd @@ -5,4 +5,4 @@ # # auth -csshd auth required pam_opie.so no_warn +auth required pam_opie.so no_warn diff --git a/etc/pam.d/ftp b/etc/pam.d/ftp index b1762e962edd..3a083ef602eb 100644 --- a/etc/pam.d/ftp +++ b/etc/pam.d/ftp @@ -5,20 +5,20 @@ # # auth -ftp auth required pam_nologin.so no_warn -#ftp auth sufficient pam_kerberosIV.so no_warn -#ftp auth sufficient pam_krb5.so no_warn -#ftp auth required pam_opie.so no_warn -#ftp auth required pam_ssh.so no_warn try_first_pass -ftp auth required pam_unix.so no_warn try_first_pass +auth required pam_nologin.so no_warn +#auth sufficient pam_kerberosIV.so no_warn +#auth sufficient pam_krb5.so no_warn +#auth required pam_opie.so no_warn +#auth required pam_ssh.so no_warn try_first_pass +auth required pam_unix.so no_warn try_first_pass # account -#ftp account required pam_kerberosIV.so -#ftp account required pam_krb5.so -ftp account required pam_unix.so +#account required pam_kerberosIV.so +#account required pam_krb5.so +account required pam_unix.so # session -#ftp session required pam_kerberosIV.so -#ftp session required pam_krb5.so -#ftp session required pam_ssh.so -ftp session required pam_unix.so +#session required pam_kerberosIV.so +#session required pam_krb5.so +#session required pam_ssh.so +session required pam_unix.so diff --git a/etc/pam.d/ftpd b/etc/pam.d/ftpd index a3a677ce2fc3..5d2784dad2b2 100644 --- a/etc/pam.d/ftpd +++ b/etc/pam.d/ftpd @@ -5,20 +5,20 @@ # # auth -ftpd auth required pam_nologin.so no_warn -#ftpd auth sufficient pam_kerberosIV.so no_warn -#ftpd auth sufficient pam_krb5.so no_warn -#ftpd auth required pam_opie.so no_warn -#ftpd auth required pam_ssh.so no_warn try_first_pass -ftpd auth required pam_unix.so no_warn try_first_pass +auth required pam_nologin.so no_warn +#auth sufficient pam_kerberosIV.so no_warn +#auth sufficient pam_krb5.so no_warn +#auth required pam_opie.so no_warn +#auth required pam_ssh.so no_warn try_first_pass +auth required pam_unix.so no_warn try_first_pass # account -#ftpd account required pam_kerberosIV.so -#ftpd account required pam_krb5.so -ftpd account required pam_unix.so +#account required pam_kerberosIV.so +#account required pam_krb5.so +account required pam_unix.so # session -#ftpd session required pam_kerberosIV.so -#ftpd session required pam_krb5.so -#ftpd session required pam_ssh.so -ftpd session required pam_unix.so +#session required pam_kerberosIV.so +#session required pam_krb5.so +#session required pam_ssh.so +session required pam_unix.so diff --git a/etc/pam.d/gdm b/etc/pam.d/gdm index e0fd313c4d1c..84088d3b08e2 100644 --- a/etc/pam.d/gdm +++ b/etc/pam.d/gdm @@ -5,22 +5,22 @@ # # auth -gdm auth required pam_nologin.so no_warn -#gdm auth sufficient pam_kerberosIV.so no_warn try_first_pass -#gdm auth sufficient pam_krb5.so no_warn try_first_pass -#gdm auth sufficient pam_ssh.so no_warn try_first_pass -gdm auth required pam_unix.so no_warn try_first_pass +auth required pam_nologin.so no_warn +#auth sufficient pam_kerberosIV.so no_warn try_first_pass +#auth sufficient pam_krb5.so no_warn try_first_pass +#auth sufficient pam_ssh.so no_warn try_first_pass +auth required pam_unix.so no_warn try_first_pass # account -#gdm account required pam_kerberosIV.so -#gdm account required pam_krb5.so -gdm account required pam_unix.so +#account required pam_kerberosIV.so +#account required pam_krb5.so +account required pam_unix.so # session -#gdm session required pam_kerberosIV.so -#gdm session required pam_krb5.so -#gdm session required pam_ssh.so -gdm session required pam_unix.so +#session required pam_kerberosIV.so +#session required pam_krb5.so +#session required pam_ssh.so +session required pam_unix.so # password -gdm password required pam_deny.so +password required pam_deny.so diff --git a/etc/pam.d/imap b/etc/pam.d/imap index 691137071ec4..cfacfb8a78f1 100644 --- a/etc/pam.d/imap +++ b/etc/pam.d/imap @@ -5,7 +5,7 @@ # # auth -#imap auth required pam_nologin.so no_warn -#imap auth required pam_opie.so no_warn -#imap auth required pam_ssh.so no_warn try_first_pass -#imap auth required pam_unix.so no_warn try_first_pass +#auth required pam_nologin.so no_warn +#auth required pam_opie.so no_warn +#auth required pam_ssh.so no_warn try_first_pass +#auth required pam_unix.so no_warn try_first_pass diff --git a/etc/pam.d/kde b/etc/pam.d/kde index 81fc590a0621..09564886fa5a 100644 --- a/etc/pam.d/kde +++ b/etc/pam.d/kde @@ -5,9 +5,9 @@ # # auth -kde auth required pam_nologin.so no_warn -#kde auth sufficient pam_opie.so no_warn -#kde auth sufficient pam_kerberosIV.so no_warn try_first_pass -#kde auth sufficient pam_krb5.so no_warn try_first_pass -#kde auth required pam_ssh.so no_warn try_first_pass -kde auth required pam_unix.so no_warn try_first_pass +auth required pam_nologin.so no_warn +#auth sufficient pam_opie.so no_warn +#auth sufficient pam_kerberosIV.so no_warn try_first_pass +#auth sufficient pam_krb5.so no_warn try_first_pass +#auth required pam_ssh.so no_warn try_first_pass +auth required pam_unix.so no_warn try_first_pass diff --git a/etc/pam.d/login b/etc/pam.d/login index 019a15a0c5fd..ab7046bc586f 100644 --- a/etc/pam.d/login +++ b/etc/pam.d/login @@ -5,26 +5,26 @@ # # auth -login auth required pam_nologin.so no_warn -#login auth sufficient pam_opie.so no_warn -#login auth sufficient pam_kerberosIV.so no_warn try_first_pass -#login auth sufficient pam_krb5.so no_warn try_first_pass -#login auth required pam_ssh.so no_warn try_first_pass -login auth required pam_unix.so no_warn try_first_pass +auth required pam_nologin.so no_warn +#auth sufficient pam_opie.so no_warn +#auth sufficient pam_kerberosIV.so no_warn try_first_pass +#auth sufficient pam_krb5.so no_warn try_first_pass +#auth required pam_ssh.so no_warn try_first_pass +auth required pam_unix.so no_warn try_first_pass # account -#login account required pam_kerberosIV.so -#login account required pam_krb5.so -login account required pam_unix.so +#account required pam_kerberosIV.so +#account required pam_krb5.so +account required pam_unix.so # session -#login session required pam_kerberosIV.so -#login session required pam_krb5.so -#login session required pam_ssh.so -login session required pam_unix.so +#session required pam_kerberosIV.so +#session required pam_krb5.so +#session required pam_ssh.so +session required pam_unix.so # password -#login password sufficient pam_opie.so no_warn -#login password sufficient pam_kerberosIV.so no_warn try_first_pass -#login password sufficient pam_krb5.so no_warn try_first_pass -login password required pam_unix.so no_warn try_first_pass +#password sufficient pam_opie.so no_warn +#password sufficient pam_kerberosIV.so no_warn try_first_pass +#password sufficient pam_krb5.so no_warn try_first_pass +password required pam_unix.so no_warn try_first_pass diff --git a/etc/pam.d/other b/etc/pam.d/other index 058a0b7877c8..f4f758c36d6c 100644 --- a/etc/pam.d/other +++ b/etc/pam.d/other @@ -5,15 +5,15 @@ # # auth -other auth required pam_nologin.so no_warn -#other auth required pam_opie.so no_warn -other auth required pam_unix.so no_warn try_first_pass +auth required pam_nologin.so no_warn +#auth required pam_opie.so no_warn +auth required pam_unix.so no_warn try_first_pass # account -other account required pam_unix.so +account required pam_unix.so # session -other session required pam_unix.so +session required pam_unix.so # password -other password required pam_deny.so +password required pam_deny.so diff --git a/etc/pam.d/pop3 b/etc/pam.d/pop3 index 32fafca6525d..0cc10fbf185f 100644 --- a/etc/pam.d/pop3 +++ b/etc/pam.d/pop3 @@ -5,7 +5,7 @@ # # auth -#pop3 auth required pam_nologin.so no_warn -#pop3 auth required pam_opie.so no_warn -#pop3 auth required pam_ssh.so no_warn try_first_pass -#pop3 auth required pam_unix.so no_warn try_first_pass +#auth required pam_nologin.so no_warn +#auth required pam_opie.so no_warn +#auth required pam_ssh.so no_warn try_first_pass +#auth required pam_unix.so no_warn try_first_pass diff --git a/etc/pam.d/rsh b/etc/pam.d/rsh index b3924153796d..2ddcacd3082e 100644 --- a/etc/pam.d/rsh +++ b/etc/pam.d/rsh @@ -5,11 +5,11 @@ # # auth -rsh auth required pam_nologin.so no_warn -rsh auth required pam_deny.so no_warn +auth required pam_nologin.so no_warn +auth required pam_deny.so no_warn # account -rsh account required pam_unix.so +account required pam_unix.so # session -rsh session required pam_permit.so +session required pam_permit.so diff --git a/etc/pam.d/sshd b/etc/pam.d/sshd index f28ff8715697..8dbb05fb0db9 100644 --- a/etc/pam.d/sshd +++ b/etc/pam.d/sshd @@ -5,14 +5,14 @@ # # auth -sshd auth required pam_nologin.so no_warn -sshd auth required pam_unix.so no_warn try_first_pass +auth required pam_nologin.so no_warn +auth required pam_unix.so no_warn try_first_pass # account -sshd account required pam_unix.so +account required pam_unix.so # session -sshd session required pam_permit.so +session required pam_permit.so # password -sshd password required pam_permit.so +password required pam_permit.so diff --git a/etc/pam.d/su b/etc/pam.d/su index 085216c3c405..8e3a9bcb8522 100644 --- a/etc/pam.d/su +++ b/etc/pam.d/su @@ -5,37 +5,37 @@ # # auth -su auth sufficient pam_rootok.so no_warn -su auth requisite pam_wheel.so no_warn auth_as_self noroot_ok -#su auth sufficient pam_kerberosIV.so no_warn -#su auth sufficient pam_krb5.so no_warn try_first_pass auth_as_self -#su auth required pam_opie.so no_warn -#su auth required pam_ssh.so no_warn try_first_pass -su auth required pam_unix.so no_warn try_first_pass nullok -#su auth sufficient pam_rootok.so no_warn -##su auth sufficient pam_kerberosIV.so no_warn -##su auth sufficient pam_krb5.so no_warn -#su auth required pam_opie.so no_warn auth_as_self -#su auth required pam_unix.so no_warn try_first_pass auth_as_self +auth sufficient pam_rootok.so no_warn +auth requisite pam_wheel.so no_warn auth_as_self noroot_ok +#auth sufficient pam_kerberosIV.so no_warn +#auth sufficient pam_krb5.so no_warn try_first_pass auth_as_self +#auth required pam_opie.so no_warn +#auth required pam_ssh.so no_warn try_first_pass +auth required pam_unix.so no_warn try_first_pass nullok +#auth sufficient pam_rootok.so no_warn +##auth sufficient pam_kerberosIV.so no_warn +##auth sufficient pam_krb5.so no_warn +#auth required pam_opie.so no_warn auth_as_self +#auth required pam_unix.so no_warn try_first_pass auth_as_self # account -#su account required pam_kerberosIV.so -#su account required pam_krb5.so -su account required pam_unix.so -##su account required pam_kerberosIV.so -##su account required pam_krb5.so -#su account required pam_unix.so +#account required pam_kerberosIV.so +#account required pam_krb5.so +account required pam_unix.so +##account required pam_kerberosIV.so +##account required pam_krb5.so +#account required pam_unix.so # session -#su session required pam_kerberosIV.so -#su session required pam_krb5.so -#su session required pam_ssh.so -su session required pam_unix.so -##su session required pam_kerberosIV.so -##su session required pam_krb5.so -##su session required pam_ssh.so -#su session required pam_unix.so +#session required pam_kerberosIV.so +#session required pam_krb5.so +#session required pam_ssh.so +session required pam_unix.so +##session required pam_kerberosIV.so +##session required pam_krb5.so +##session required pam_ssh.so +#session required pam_unix.so # password -su password required pam_permit.so -#su password required pam_permit.so +password required pam_permit.so +#password required pam_permit.so diff --git a/etc/pam.d/telnetd b/etc/pam.d/telnetd index 423de8ed62e8..dd9d5f456cd6 100644 --- a/etc/pam.d/telnetd +++ b/etc/pam.d/telnetd @@ -5,8 +5,8 @@ # # auth -telnetd auth required pam_nologin.so no_warn -telnetd auth required pam_unix.so no_warn try_first_pass +auth required pam_nologin.so no_warn +auth required pam_unix.so no_warn try_first_pass # account -telnetd account required pam_unix.so +account required pam_unix.so diff --git a/etc/pam.d/xdm b/etc/pam.d/xdm index 8528e03cdc76..19e7ba8e96b2 100644 --- a/etc/pam.d/xdm +++ b/etc/pam.d/xdm @@ -5,22 +5,22 @@ # # auth -xdm auth required pam_nologin.so no_warn -#xdm auth sufficient pam_kerberosIV.so no_warn try_first_pass -#xdm auth sufficient pam_krb5.so no_warn try_first_pass -#xdm auth sufficient pam_ssh.so no_warn try_first_pass -xdm auth required pam_unix.so no_warn try_first_pass +auth required pam_nologin.so no_warn +#auth sufficient pam_kerberosIV.so no_warn try_first_pass +#auth sufficient pam_krb5.so no_warn try_first_pass +#auth sufficient pam_ssh.so no_warn try_first_pass +auth required pam_unix.so no_warn try_first_pass # account -#xdm account required pam_kerberosIV.so -#xdm account required pam_krb5.so -xdm account required pam_unix.so +#account required pam_kerberosIV.so +#account required pam_krb5.so +account required pam_unix.so # session -#xdm session required pam_kerberosIV.so -#xdm session required pam_krb5.so -#xdm session required pam_ssh.so -xdm session required pam_unix.so +#session required pam_kerberosIV.so +#session required pam_krb5.so +#session required pam_ssh.so +session required pam_unix.so # password -xdm password required pam_deny.so +password required pam_deny.so diff --git a/etc/pam.d/xserver b/etc/pam.d/xserver index 58fa7609ab24..81d7727f9185 100644 --- a/etc/pam.d/xserver +++ b/etc/pam.d/xserver @@ -5,4 +5,4 @@ # # auth -xserver auth required pam_permit.so no_warn +auth required pam_permit.so no_warn |