Date: Wed, 23 Jan 2002 09:42:16 -0800 (PST) From: Dag-Erling Smorgrav <des@FreeBSD.org> To: cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org Subject: cvs commit: src/lib/libpam/modules/pam_login_access Makefile pam_login_access.8 pam_login_access.c Message-ID: <200201231742.g0NHgGI96279@freefall.freebsd.org>
index | next in thread | raw e-mail
des 2002/01/23 09:42:16 PST
Added files:
lib/libpam/modules/pam_login_access Makefile
pam_login_access.8
pam_login_access.c
Log:
Add a PAM module that provides an account management component for checking
either PAM_RHOST or PAM_TTY against /etc/login.access.o
This uncovers a problem with PAM_RHOST, in that if we always set it, there
is no way to distinguish between a user logging in locally and a user
logging in using 'ssh localhost'. This will be fixed by first making sure
that all PAM modules can handle PAM_RHOST being unset (which is currently
not the case), and then modifying su(1) and login(1) to not set it for
local logins.
Sponsored by: DARPA, NAI Labs
Revision Changes Path
1.1 +35 -0 src/lib/libpam/modules/pam_login_access/Makefile (new)
1.1 +87 -0 src/lib/libpam/modules/pam_login_access/pam_login_access.8 (new)
1.1 +163 -0 src/lib/libpam/modules/pam_login_access/pam_login_access.c (new)
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe cvs-all" in the body of the message
help
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200201231742.g0NHgGI96279>