Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status
aboutsummaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
* Implement support for pam_loginuid as needed for bug #342345pambase-20101024Diego Elio Pettenò2010-10-243-0/+7
|
* Add support for building minimal PAM chains.pambase-20100925pambase-20100903Diego Elio Pettenò2010-09-033-8/+20
| | | | | | When setting the MINIMAL flag on, the generated PAM chains will not use tally, motd, mail or lastlog modules, making th elogin quiet and skipping over the update of the login files.
* Also protect account and password from pam_krb5 bad jumps.pambase-20100819Diego Elio 'Flameeyes' Pettenò2010-08-191-0/+4
| | | | Thanks to Simon Alman for reporting, in bug #333393
* Make sure that there is a space between password and session.pambase-20100724Diego Elio 'Flameeyes' Pettenò2010-07-241-1/+1
|
* Fix kerberos authentication.Diego Elio 'Flameeyes' Pettenò2010-07-241-1/+3
|
* Don't define UNIX_AUTHTOK to use_authtok if no former module is called.pambase-20100723Diego Elio 'Flameeyes' Pettenò2010-07-231-1/+1
|
* Add support for pam_krb5 module for Kerberos authentication.Diego Elio 'Flameeyes' Pettenò2010-07-234-4/+55
| | | | | | | | This implements drop-in support for Kerberos (pam_krb5) in Gentoo systems; if the kerberos USE flag has been enabled, it'll use pam_krb5 for login, ignoring pam_unix, but no other module in the chain. It requires Linux-PAM.
* Improve handling of services and the session chain.pambase-20100310Diego Elio 'Flameeyes' Pettenò2010-03-103-27/+20
| | | | | | | | | | | | The system-services stack will now provide auth (always permitted) and account (use system-auth stack) chains, so that services like fcron can use it. Session handling is instead split out of system-auth and system-services into not a stack but an included file providing the session chain for both of them, this allows to edit a single file in pambase and provide the two session chains, that might very well be separated (indeed, services don't use pam_ssh).
* Don't change the default path of the tally module, since the two use ↵pambase-20090620.1Diego Elio 'Flameeyes' Pettenò2009-06-201-2/+2
| | | | different paths.
* Pass the Linux-PAM version down the stack.pambase-20090620Diego Elio 'Flameeyes' Pettenò2009-06-201-1/+1
|
* Improve handling of the tally module.Diego Elio 'Flameeyes' Pettenò2009-06-202-5/+10
| | | | | | | | | | | The pam_tally module, only provided by Linux-PAM for us, is replaced in newer instances with the pam_tally2 module which is wordsize-independent. For this reason, make the configuration choose the best tally module between the two depending on the version of the Linux-PAM package. Also drop the DEBUG indication: the module does not support the debug option.
* Fix pam_nologin on Gentoo/FreeBSD 7.1.pambase-20090515Diego Elio 'Flameeyes' Pettenò2009-05-151-7/+4
|
* Move the ConsoleKit module to the generic login stack.pambase-20090430Diego Elio 'Flameeyes' Pettenò2009-04-302-3/+3
| | | | | | | Instead of only enabling it for local login, enable it for _any_ kind of interactive login session, included ssh and other sessions. See bug #260842 for details about the change.
* Merge commit 'old/master'pambase-20081028Diego 'Flameeyes' Pettenò2008-10-283-5/+16
|\
| * Add support for using SHA512 hashihg for shadow passwords.pambase-20080801Diego 'Flameeyes' Pettenò2008-08-013-1/+13
| | | | | | | | | | | | | | Instead of only supporting MD5-hashed passwords, make it possible to use SHA512-hashed passwords, which should be stronger. This requires glibc 2.7 and Linux-PAM 1.0.1. If the SHA512 hasher is not supported by libcrypt, Linux-PAM will fallback to MD5 like before.
| * Prettify.pambase-20080730Diego 'Flameeyes' Pettenò2008-07-301-2/+2
| |
| * Disable support for session chain in pam_unix for the whole of FreeBSD.Diego 'Flameeyes' Pettenò2008-07-301-2/+1
| | | | | | | | | | | | The pam_unix module from FreeBSD 6.2 also does not support the session chain; thus disable it for the whole FreeBSD case rather than just for FreeBSD 7.
* | Add a system-services stack.Diego 'Flameeyes' Pettenò2008-10-283-1/+15
|/ | | | | | The system-services stack provides a session chain for services to have the same session settings as standard user logins. This includes limits (on Linux), temporary directories, namespaces and so on.
* Add an optional never-failing pam_permit at the end of system-auth's session.Diego 'Flameeyes' Pettenò2008-07-231-1/+1
| | | | | | | | | On Gentoo/FreeBSD 7 the session entries for system-auth are all disabled (unless you enable pam_mktemp), and thus everything including it will fail. To avoid this, make sure there is always at least one entry at the end of the session chain.
* Remove try_first_pass from pam_cracklib.Diego 'Flameeyes' Pettenò2008-07-231-1/+1
| | | | | | | The try_first_pass option is not supported (any longer) by the pam_cracklib module shipped with Linux-PAM. This change will close bug #231819 as reported by Brian Claywell.
* Fix #if vs #ifdef for pam_ssh and Gentoo/FreeBSD.pambase-20080723.1Diego 'Flameeyes' Pettenò2008-07-231-3/+3
|
* Make it optional for pam_nologin to support auth.pambase-20080723Diego 'Flameeyes' Pettenò2008-07-233-2/+9
| | | | | | | | | In FreeBSD 7, the pam_nologin module changed from being an authentication module to an account module. In Linux-PAM it's both. For this reasn make it optional for the two types of chains to be used with pam_nologin. This should close bug #232669 entirely.
* Rename chain support to SUPPORT_$MODULE_$CHAINDiego 'Flameeyes' Pettenò2008-07-234-6/+6
| | | | This way it's more likely to understand which module supports what.
* Rename NOLOGIN_SUPPORTS_ACCOUNT in HAVE_PAM_NOLOGIN_ACCOUNT.Diego 'Flameeyes' Pettenò2008-07-232-2/+2
| | | | Temporarily to try making it look nicer.
* Only enable session support for pam_unix when available.Diego 'Flameeyes' Pettenò2008-07-233-8/+17
| | | | | | This fixes bug #232669 for what concern pam_unix. The pam_unix module shipped with FreeBSD 7 has no support for session management so cannot be used for that.
* Add support for pam_ssh module.Diego 'Flameeyes' Pettenò2008-07-212-0/+10
| | | | | | The pam_ssh module allows you to type in your SSH key passphrase to login in the system, and also spawns an ssh-agent that has the passphrase cached in.
* Make sure gnome-keyring is always ran after system-auth has completed.pambase-20080318Diego 'Flameeyes' Pettenò2008-03-181-7/+7
|
* Don't fall to pam_deny to avoid further modules to be executed.Diego 'Flameeyes' Pettenò2008-03-181-4/+2
| | | | If we want to chainload other auth methods we can do it in pambase now.
* Remove stray #end.Diego 'Flameeyes' Pettenò2008-03-121-2/+0
|
* Check value, not definition of HAVE_CRACKLIB.pambase-20080306.2Diego 'Flameeyes' Pettenò2008-03-061-1/+1
|
* Use authentication token even when using pam_passwdqc.Diego 'Flameeyes' Pettenò2008-03-061-1/+1
|
* Don't check just definition.Diego 'Flameeyes' Pettenò2008-03-062-2/+2
|
* Define to 1 all the symbols in PAMFLAGS.Diego 'Flameeyes' Pettenò2008-03-061-3/+3
|
* Add pam_mktemp optional support to default session.Diego 'Flameeyes' Pettenò2008-03-062-0/+7
|
* Define empty the DEBUG for pam_nologin.pambase-20080306.1Diego 'Flameeyes' Pettenò2008-03-061-0/+1
|
* Tag the release when doing make dist.pambase-20080306Diego 'Flameeyes' Pettenò2008-03-051-0/+1
|
* Add optional support for pam_passwdqc.Diego 'Flameeyes' Pettenò2008-03-052-0/+7
|
* Use pam_nologin in account chain when supported.Diego 'Flameeyes' Pettenò2008-03-052-0/+4
| | | | This means only Linux-PAM at the moment.
* FreeBSD's pam_nologin module supports the debug option, so use it when ↵Diego 'Flameeyes' Pettenò2008-03-052-1/+8
| | | | available (and debug was requested).
* pam_nologin does not accept debug option on Linux-PAM at least.Diego 'Flameeyes' Pettenò2008-03-051-1/+1
|
* Allow to skip over git calls.pambase-20080305Diego 'Flameeyes' Pettenò2008-03-051-2/+6
| | | | This should fix bug #212395.
* Don't use pam_motd and pam_mail with OpenPAM.pambase-20080301Diego 'Flameeyes' Pettenò2008-03-012-2/+6
|
* Don't use pam_shells unconditionally as FreeBSD modules don't provide it. ↵pambase-2008022420080224Diego 'Flameeyes' Pettenò2008-02-242-0/+3
| | | | See bug #211123.
* Add support for optional GNOME Keyring module.pambase-2008022120080221Diego 'Flameeyes' Pettenò2008-02-212-0/+13
|
* Cleanup whitespace.Diego 'Flameeyes' Pettenò2008-02-211-7/+7
|
* Add option to use ConsoleKit in local logins.Diego 'Flameeyes' Pettenò2008-02-212-0/+7
|
* Ignore the two new files.pambase-20080219.120080219.1Diego 'Flameeyes' Pettenò2008-02-191-0/+2
|
* Add separated pamd files for local and remote login.Diego 'Flameeyes' Pettenò2008-02-193-1/+9
| | | | This way stuff like ConsoleKit (or the now-defunct pam_console) can be added to local logins, and extra requirements can be added for remote logins.
* Add pam_motd and pam_mail to system-login.Diego 'Flameeyes' Pettenò2008-02-191-1/+5
| | | | It would be ignored on FreeBSD, and even for graphical logins.
* Add support for FreeBSD's pam_login_access module (like pam_access).pambase-2008021920080219Diego 'Flameeyes' Pettenò2008-02-192-0/+9
|