Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/trunk]: src Major cleanup of PAM service configuration files.
details: https://anonhg.NetBSD.org/src/rev/a266de0da326
branches: trunk
changeset: 574370:a266de0da326
user: thorpej <thorpej%NetBSD.org@localhost>
date: Sun Feb 27 03:40:14 2005 +0000
description:
Major cleanup of PAM service configuration files.
diffstat:
distrib/sets/lists/etc/mi | 3 ++-
etc/pam.d/Makefile | 7 +++----
etc/pam.d/display_manager | 20 ++++++++++++++++++++
etc/pam.d/ftpd | 14 +++++++-------
etc/pam.d/gdm | 14 ++++----------
etc/pam.d/imap | 7 ++-----
etc/pam.d/kde | 14 ++++----------
etc/pam.d/login | 6 +++---
etc/pam.d/other | 14 +++-----------
etc/pam.d/passwd | 6 ++----
etc/pam.d/pop3 | 7 ++-----
etc/pam.d/rexecd | 3 +--
etc/pam.d/rsh | 3 +--
etc/pam.d/sshd | 5 +----
etc/pam.d/su | 4 ++--
etc/pam.d/system | 6 +-----
etc/pam.d/telnetd | 19 +++++--------------
etc/pam.d/xdm | 14 ++++----------
18 files changed, 67 insertions(+), 99 deletions(-)
diffs (truncated from 389 to 300 lines):
diff -r 6d8ad297f62d -r a266de0da326 distrib/sets/lists/etc/mi
--- a/distrib/sets/lists/etc/mi Sun Feb 27 02:41:51 2005 +0000
+++ b/distrib/sets/lists/etc/mi Sun Feb 27 03:40:14 2005 +0000
@@ -1,4 +1,4 @@
-# $NetBSD: mi,v 1.149 2005/02/22 14:40:00 peter Exp $
+# $NetBSD: mi,v 1.150 2005/02/27 03:40:14 thorpej Exp $
./.cshrc etc-util-etc
./.profile etc-util-etc
./dev/MAKEDEV etc-sys-etc
@@ -84,6 +84,7 @@
./etc/obsolete/misc etc-obsolete obsolete
./etc/obsolete/text etc-obsolete obsolete
./etc/pam.d/README etc-sys-etc
+./etc/pam.d/display_manager etc-sys-etc
./etc/pam.d/ftpd etc-sys-etc
./etc/pam.d/gdm etc-sys-etc
./etc/pam.d/imap etc-sys-etc
diff -r 6d8ad297f62d -r a266de0da326 etc/pam.d/Makefile
--- a/etc/pam.d/Makefile Sun Feb 27 02:41:51 2005 +0000
+++ b/etc/pam.d/Makefile Sun Feb 27 03:40:14 2005 +0000
@@ -1,8 +1,7 @@
-# $NetBSD: Makefile,v 1.6 2005/01/10 11:23:53 tron Exp $
-# $FreeBSD: src/etc/pam.d/Makefile,v 1.11 2004/10/24 15:32:24 ru Exp $
+# $NetBSD: Makefile,v 1.7 2005/02/27 03:40:14 thorpej Exp $
-CONFIGFILES= README ftpd gdm imap kde login other passwd pop3 \
- rexecd rsh sshd su system telnetd xdm
+CONFIGFILES= README display_manager ftpd gdm imap kde login other passwd \
+ pop3 rexecd rsh sshd su system telnetd xdm
FILESDIR= /etc/pam.d
FILESMODE= 644
FILESMODE_README=444
diff -r 6d8ad297f62d -r a266de0da326 etc/pam.d/display_manager
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/etc/pam.d/display_manager Sun Feb 27 03:40:14 2005 +0000
@@ -0,0 +1,20 @@
+# $NetBSD: display_manager,v 1.1 2005/02/27 03:40:14 thorpej Exp $
+#
+# PAM configuration for the display manager services. Specific display
+# manager service configurations can include this one.
+#
+
+# auth
+auth required pam_nologin.so no_warn
+auth sufficient pam_krb5.so no_warn try_first_pass
+auth sufficient pam_ssh.so no_warn try_first_pass
+auth required pam_unix.so no_warn try_first_pass
+
+# account
+account required pam_krb5.so
+account required pam_unix.so
+
+# session
+# XXX pam_lastlog.so?
+session optional pam_ssh.so
+session required pam_permit.so
diff -r 6d8ad297f62d -r a266de0da326 etc/pam.d/ftpd
--- a/etc/pam.d/ftpd Sun Feb 27 02:41:51 2005 +0000
+++ b/etc/pam.d/ftpd Sun Feb 27 03:40:14 2005 +0000
@@ -1,19 +1,19 @@
-# $NetBSD: ftpd,v 1.4 2005/02/20 01:46:42 christos Exp $
-# $FreeBSD: src/etc/pam.d/ftpd,v 1.18 2003/04/30 21:57:54 markm Exp $
+# $NetBSD: ftpd,v 1.5 2005/02/27 03:40:14 thorpej Exp $
#
# PAM configuration for the "ftpd" service
#
# auth
+# This looks very much like "system", but lacks the "nullok" option on
+# pam_unix.
auth required pam_nologin.so no_warn
-#auth sufficient pam_opie.so no_warn no_fake_prompts
-#auth requisite pam_opieaccess.so no_warn allow_local
-auth sufficient pam_krb5.so no_warn
-auth sufficient pam_ssh.so no_warn try_first_pass
+auth sufficient pam_krb5.so no_warn try_first_pass
auth required pam_unix.so no_warn try_first_pass
# account
-account required pam_krb5.so
+# Even though this is identical to "system", we open code it here because
+# we open code the auth stack.
+account required pam_krb5.so
account required pam_unix.so
# session
diff -r 6d8ad297f62d -r a266de0da326 etc/pam.d/gdm
--- a/etc/pam.d/gdm Sun Feb 27 02:41:51 2005 +0000
+++ b/etc/pam.d/gdm Sun Feb 27 03:40:14 2005 +0000
@@ -1,19 +1,13 @@
-# $NetBSD: gdm,v 1.3 2005/01/08 08:43:03 christos Exp $
-# $FreeBSD: src/etc/pam.d/gdm,v 1.7 2003/04/30 21:57:54 markm Exp $
+# $NetBSD: gdm,v 1.4 2005/02/27 03:40:14 thorpej Exp $
#
# PAM configuration for the "gdm" service
#
# auth
-auth required pam_nologin.so no_warn
-auth sufficient pam_krb5.so no_warn try_first_pass
-auth sufficient pam_ssh.so no_warn try_first_pass
-auth required pam_unix.so no_warn try_first_pass
+auth include display_manager
# account
-account required pam_krb5.so
-account required pam_unix.so
+account include display_manager
# session
-session optional pam_ssh.so
-session required pam_permit.so
+session include display_manager
diff -r 6d8ad297f62d -r a266de0da326 etc/pam.d/imap
--- a/etc/pam.d/imap Sun Feb 27 02:41:51 2005 +0000
+++ b/etc/pam.d/imap Sun Feb 27 03:40:14 2005 +0000
@@ -1,11 +1,8 @@
-# $NetBSD: imap,v 1.3 2005/01/08 08:43:03 christos Exp $
-# $FreeBSD: src/etc/pam.d/imap,v 1.5 2003/03/08 09:50:11 markm Exp $
+# $NetBSD: imap,v 1.4 2005/02/27 03:40:14 thorpej Exp $
#
# PAM configuration for the "imap" service
#
# auth
auth required pam_nologin.so no_warn
-auth sufficient pam_krb5.so no_warn try_first_pass
-auth sufficient pam_ssh.so no_warn try_first_pass
-auth required pam_unix.so no_warn try_first_pass
+auth include system
diff -r 6d8ad297f62d -r a266de0da326 etc/pam.d/kde
--- a/etc/pam.d/kde Sun Feb 27 02:41:51 2005 +0000
+++ b/etc/pam.d/kde Sun Feb 27 03:40:14 2005 +0000
@@ -1,19 +1,13 @@
-# $NetBSD: kde,v 1.3 2005/01/08 08:43:03 christos Exp $
-# $FreeBSD: src/etc/pam.d/kde,v 1.6 2003/04/30 21:57:54 markm Exp $
+# $NetBSD: kde,v 1.4 2005/02/27 03:40:14 thorpej Exp $
#
# PAM configuration for the "kde" service
#
# auth
-auth required pam_nologin.so no_warn
-auth sufficient pam_krb5.so no_warn try_first_pass
-auth sufficient pam_ssh.so no_warn try_first_pass
-auth required pam_unix.so no_warn try_first_pass
+auth include display_manager
# account
-account required pam_krb5.so
-account required pam_unix.so
+account include display_manager
# session
-session optional pam_ssh.so
-session required pam_permit.so
+session include display_manager
diff -r 6d8ad297f62d -r a266de0da326 etc/pam.d/login
--- a/etc/pam.d/login Sun Feb 27 02:41:51 2005 +0000
+++ b/etc/pam.d/login Sun Feb 27 03:40:14 2005 +0000
@@ -1,16 +1,16 @@
-# $NetBSD: login,v 1.3 2005/01/23 09:48:38 manu Exp $
-# $FreeBSD: src/etc/pam.d/login,v 1.16 2003/06/14 12:35:05 des Exp $
+# $NetBSD: login,v 1.4 2005/02/27 03:40:14 thorpej Exp $
#
# PAM configuration for the "login" service
#
# auth
auth sufficient pam_self.so no_warn
+auth required pam_nologin.so no_warn
auth include system
-auth required pam_nologin.so no_warn
# account
account requisite pam_securetty.so
+account required pam_login_access.so
account include system
# session
diff -r 6d8ad297f62d -r a266de0da326 etc/pam.d/other
--- a/etc/pam.d/other Sun Feb 27 02:41:51 2005 +0000
+++ b/etc/pam.d/other Sun Feb 27 03:40:14 2005 +0000
@@ -1,24 +1,16 @@
-# $NetBSD: other,v 1.3 2005/01/08 08:43:03 christos Exp $
-# $FreeBSD: src/etc/pam.d/other,v 1.10 2003/04/30 21:57:54 markm Exp $
+# $NetBSD: other,v 1.4 2005/02/27 03:40:14 thorpej Exp $
#
# PAM configuration for the "other" service
#
# auth
auth required pam_nologin.so no_warn
-#auth sufficient pam_opie.so no_warn no_fake_prompts
-#auth requisite pam_opieaccess.so no_warn allow_local
-auth sufficient pam_krb5.so no_warn try_first_pass
-auth sufficient pam_ssh.so no_warn try_first_pass
-auth required pam_unix.so no_warn try_first_pass
+auth include system
# account
-account required pam_krb5.so
-account required pam_login_access.so
-account required pam_unix.so
+account include system
# session
-session optional pam_ssh.so
session required pam_permit.so
# password
diff -r 6d8ad297f62d -r a266de0da326 etc/pam.d/passwd
--- a/etc/pam.d/passwd Sun Feb 27 02:41:51 2005 +0000
+++ b/etc/pam.d/passwd Sun Feb 27 03:40:14 2005 +0000
@@ -1,5 +1,4 @@
-# $NetBSD: passwd,v 1.2 2004/12/12 08:54:34 christos Exp $
-# $FreeBSD: src/etc/pam.d/passwd,v 1.3 2003/04/24 12:22:42 des Exp $
+# $NetBSD: passwd,v 1.3 2005/02/27 03:40:14 thorpej Exp $
#
# PAM configuration for the "passwd" service
#
@@ -7,5 +6,4 @@
# passwd(1) does not use the auth, account or session services.
# password
-#password requisite pam_passwdqc.so enforce=users
-password required pam_unix.so no_warn try_first_pass nullok
+password include system
diff -r 6d8ad297f62d -r a266de0da326 etc/pam.d/pop3
--- a/etc/pam.d/pop3 Sun Feb 27 02:41:51 2005 +0000
+++ b/etc/pam.d/pop3 Sun Feb 27 03:40:14 2005 +0000
@@ -1,11 +1,8 @@
-# $NetBSD: pop3,v 1.3 2005/01/08 08:43:03 christos Exp $
-# $FreeBSD: src/etc/pam.d/pop3,v 1.5 2003/03/08 09:50:11 markm Exp $
+# $NetBSD: pop3,v 1.4 2005/02/27 03:40:14 thorpej Exp $
#
# PAM configuration for the "pop3" service
#
# auth
#auth required pam_nologin.so no_warn
-auth sufficient pam_krb5.so no_warn try_first_pass
-auth sufficient pam_ssh.so no_warn try_first_pass
-auth required pam_unix.so no_warn try_first_pass
+auth include system
diff -r 6d8ad297f62d -r a266de0da326 etc/pam.d/rexecd
--- a/etc/pam.d/rexecd Sun Feb 27 02:41:51 2005 +0000
+++ b/etc/pam.d/rexecd Sun Feb 27 03:40:14 2005 +0000
@@ -1,5 +1,4 @@
-# $NetBSD: rexecd,v 1.2 2004/12/12 08:54:34 christos Exp $
-# $FreeBSD: src/etc/pam.d/rexecd,v 1.2 2003/02/10 00:50:03 des Exp $
+# $NetBSD: rexecd,v 1.3 2005/02/27 03:40:14 thorpej Exp $
#
# PAM configuration for the "rexecd" service
#
diff -r 6d8ad297f62d -r a266de0da326 etc/pam.d/rsh
--- a/etc/pam.d/rsh Sun Feb 27 02:41:51 2005 +0000
+++ b/etc/pam.d/rsh Sun Feb 27 03:40:14 2005 +0000
@@ -1,5 +1,4 @@
-# $NetBSD: rsh,v 1.2 2004/12/12 08:54:34 christos Exp $
-# $FreeBSD: src/etc/pam.d/rsh,v 1.5 2003/02/10 00:50:03 des Exp $
+# $NetBSD: rsh,v 1.3 2005/02/27 03:40:14 thorpej Exp $
#
# PAM configuration for the "rsh" service
#
diff -r 6d8ad297f62d -r a266de0da326 etc/pam.d/sshd
--- a/etc/pam.d/sshd Sun Feb 27 02:41:51 2005 +0000
+++ b/etc/pam.d/sshd Sun Feb 27 03:40:14 2005 +0000
@@ -1,13 +1,10 @@
-# $NetBSD: sshd,v 1.3 2005/01/08 08:43:03 christos Exp $
-# $FreeBSD: src/etc/pam.d/sshd,v 1.15 2003/04/30 21:57:54 markm Exp $
+# $NetBSD: sshd,v 1.4 2005/02/27 03:40:14 thorpej Exp $
#
# PAM configuration for the "sshd" service
#
# auth
auth required pam_nologin.so no_warn
-#auth sufficient pam_opie.so no_warn no_fake_prompts
-#auth requisite pam_opieaccess.so no_warn allow_local
auth sufficient pam_krb5.so no_warn try_first_pass
auth sufficient pam_ssh.so no_warn try_first_pass
auth required pam_unix.so no_warn try_first_pass
diff -r 6d8ad297f62d -r a266de0da326 etc/pam.d/su
--- a/etc/pam.d/su Sun Feb 27 02:41:51 2005 +0000
+++ b/etc/pam.d/su Sun Feb 27 03:40:14 2005 +0000
@@ -1,5 +1,4 @@
-# $NetBSD: su,v 1.3 2005/02/01 22:56:14 christos Exp $
-# $FreeBSD: src/etc/pam.d/su,v 1.16 2003/07/09 18:40:49 des Exp $
+# $NetBSD: su,v 1.4 2005/02/27 03:40:14 thorpej Exp $
#
# PAM configuration for the "su" service
#
@@ -12,6 +11,7 @@
auth include system
# account
+account required pam_login_access.so
account include system
Home |
Main Index |
Thread Index |
Old Index