src/etc/pam.d, branch release/7.0.0_cvs FreeBSD source tree This commit was manufactured by cvs2svn to create tag 2008-02-24T05:45:17+00:00 cvs2svn cvs2svn@FreeBSD.org 2008-02-24T05:45:17+00:00 a9c219fa3cec18ef9f30edec6fa106bf0e2d423d 'RELENG_7_0_0_RELEASE'. This commit was manufactured to restore the state of the 7.0-RELEASE image. 
'RELENG_7_0_0_RELEASE'.

This commit was manufactured to restore the state of the 7.0-RELEASE image.
Add PAM support to cron(8). Now cron(8) will skip commands scheduled 2007-06-17T17:25:53+00:00 Yaroslav Tykhiy ytykhiy@gmail.com 2007-06-17T17:25:53+00:00 997c6eefd8ed7f0f81862dc3727d17fd23046629 by unavailable accounts, e.g., those locked, expired, not allowed in at the moment by nologin(5), or whatever, depending on cron's pam.conf(5). This applies to personal crontabs only, /etc/crontab is unaffected. In other words, now the account management policy will apply to commands scheduled by users via crontab(1) so that a user can no longer use cron(8) to set up a delayed backdoor and run commands during periods when the admin doesn't want him to. The PAM check is done just before running a command, not when loading a crontab, because accounts can get locked, expired, and re-enabled any time with no changes to their crontabs. E.g., imagine that you provide a system with payed access, or better a cluster of such systems with centralized account management via PAM. When a user pays for some days of access, you set his expire field respectively. If the account expires before its owner pays more, its crontab commands won't run until the next payment is made. Then it'll be enough to set the expire field in future for the commands to run again. And so on. Document this change in the cron(8) manpage, which includes adding a FILES section and touching the document date. X-Security: should benefit as users have access to cron(8) by default 
by unavailable accounts, e.g., those locked, expired, not allowed in at
the moment by nologin(5), or whatever, depending on cron's pam.conf(5).
This applies to personal crontabs only, /etc/crontab is unaffected.

In other words, now the account management policy will apply to
commands scheduled by users via crontab(1) so that a user can no
longer use cron(8) to set up a delayed backdoor and run commands
during periods when the admin doesn't want him to.

The PAM check is done just before running a command, not when loading
a crontab, because accounts can get locked, expired, and re-enabled
any time with no changes to their crontabs.  E.g., imagine that you
provide a system with payed access, or better a cluster of such
systems with centralized account management via PAM.  When a user
pays for some days of access, you set his expire field respectively.
If the account expires before its owner pays more, its crontab
commands won't run until the next payment is made.  Then it'll be
enough to set the expire field in future for the commands to run
again.  And so on.

Document this change in the cron(8) manpage, which includes adding
a FILES section and touching the document date.

X-Security: should benefit as users have access to cron(8) by default
Add PAM support to atrun(8). 2007-06-15T12:02:16+00:00 Yaroslav Tykhiy ytykhiy@gmail.com 2007-06-15T12:02:16+00:00 553284d74ab44b40d5d2ab8cf9a7cb326aa913d2 






Locked out and expired accounts shouldn't be accessible via remote
2007-06-15T11:33:13+00:00

Yaroslav Tykhiy
ytykhiy@gmail.com

2007-06-15T11:33:13+00:00

b1cf245735f43f214605eedbf2f0988c82fe8186

mailbox protocols.  Add pam_unix to the `account' function class, too,
for imap and pop3 to actually implement this policy.





mailbox protocols.  Add pam_unix to the `account' function class, too,
for imap and pop3 to actually implement this policy.







Split the FILES list across multiple lines as in rc.d/Makefile
2007-06-15T11:22:10+00:00

Yaroslav Tykhiy
ytykhiy@gmail.com

2007-06-15T11:22:10+00:00

24228577571b4d9da713fcab2e4d0573d9938d19

so that the change history stays easily readable as the number
of PAM-aware services grows.





so that the change history stays easily readable as the number
of PAM-aware services grows.







Now pam_nologin(8) will provide an account management function
2007-06-10T18:57:20+00:00

Yaroslav Tykhiy
ytykhiy@gmail.com

2007-06-10T18:57:20+00:00

9cd40e64b4fb4a559eb67a266f768143086bc5d9

instead of an authentication function.  There are a design reason
and a practical reason for that.  First, the module belongs in
account management because it checks availability of the account
and does no authentication.  Second, there are existing and potential
PAM consumers that skip PAM authentication for good or for bad.
E.g., sshd(8) just prefers internal routines for public key auth;
OTOH, cron(8) and atrun(8) do implicit authentication when running
a job on behalf of its owner, so their inability to use PAM auth
is fundamental, but they can benefit from PAM account management.

Document this change in the manpage.

Modify /etc/pam.d files accordingly, so that pam_nologin.so is listed
under the "account" function class.

Bump __FreeBSD_version (mostly for ports, as this change should be
invisible to C code outside pam_nologin.)

PR:		bin/112574
Approved by:	des, re





instead of an authentication function.  There are a design reason
and a practical reason for that.  First, the module belongs in
account management because it checks availability of the account
and does no authentication.  Second, there are existing and potential
PAM consumers that skip PAM authentication for good or for bad.
E.g., sshd(8) just prefers internal routines for public key auth;
OTOH, cron(8) and atrun(8) do implicit authentication when running
a job on behalf of its owner, so their inability to use PAM auth
is fundamental, but they can benefit from PAM account management.

Document this change in the manpage.

Modify /etc/pam.d files accordingly, so that pam_nologin.so is listed
under the "account" function class.

Bump __FreeBSD_version (mostly for ports, as this change should be
invisible to C code outside pam_nologin.)

PR:		bin/112574
Approved by:	des, re







Remove rexecd(8), a server that implements a particularly insecure
2005-06-10T20:52:36+00:00

Jacques Vidrine
nectar@FreeBSD.org

2005-06-10T20:52:36+00:00

a8e0b2e8abb8ccc18102c82d7acf5fa58546751c

method of executing commands remotely.  There are no rexec clients in
the FreeBSD tree, and the client function rexec(3) is present only in
libcompat.  It has been documented as "obsolete" since 4.3BSD, and its
use has been discouraged in the man page for over 10 years.





method of executing commands remotely.  There are no rexec clients in
the FreeBSD tree, and the client function rexec(3) is present only in
libcompat.  It has been documented as "obsolete" since 4.3BSD, and its
use has been discouraged in the man page for over 10 years.







X logins should be recorded in lastlog / wtmp / utmp.  I have no idea why
2005-04-28T07:59:09+00:00

Dag-Erling Smørgrav
des@FreeBSD.org

2005-04-28T07:59:09+00:00

394fc87351112dacf2be7fe2f322133fa4defcaa

this wasn't there already...  it makes much more sense this way.

MFC after:	2 weeks





this wasn't there already...  it makes much more sense this way.

MFC after:	2 weeks







Start the dreaded NOFOO -> NO_FOO conversion.
2004-12-21T08:47:35+00:00

Ruslan Ermilov
ru@FreeBSD.org

2004-12-21T08:47:35+00:00

e653b48c80fb85b2a10372d664a4b55dbdc51dae

OK'ed by:	core





OK'ed by:	core







For variables that are only checked with defined(), don't provide
2004-10-24T15:33:08+00:00

Ruslan Ermilov
ru@FreeBSD.org

2004-10-24T15:33:08+00:00

a35d88931c87cfe6bd38f01d7bad22140b3b38f3

any fake value.





any fake value.