From owner-freebsd-current  Mon Jan 21  6:21: 9 2002
Delivered-To: freebsd-current@freebsd.org
Received: from nagual.pp.ru (pobrecita.freebsd.ru [194.87.13.42])
	by hub.freebsd.org (Postfix) with ESMTP id 01F2F37B41B
	for <current@FreeBSD.ORG>; Mon, 21 Jan 2002 06:20:49 -0800 (PST)
Received: (from ache@localhost)
	by nagual.pp.ru (8.11.6/8.11.6) id g0LEKeJ36581;
	Mon, 21 Jan 2002 17:20:40 +0300 (MSK)
	(envelope-from ache)
Date: Mon, 21 Jan 2002 17:20:38 +0300
From: "Andrey A. Chernov" <ache@nagual.pp.ru>
To: des@ofug.org, mark@grondar.za, current@FreeBSD.ORG
Subject: Step6, corresponding /etc/pam.d/* fixes for review
Message-ID: <20020121142038.GA36519@nagual.pp.ru>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.3.24i
Sender: owner-freebsd-current@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-current.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-current>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-current>
X-Loop: FreeBSD.ORG

This fixes reflects pam_opieaccess addition. 

Few comments:

ftpd: fallback was a hack and not needed now with new pam_opieaccess

login: I believe that there is no authtok change service provided by 
pam_opie module, so remove 
#password      sufficient      pam_opie.so     no_warn
line


--- ftpd.bak	Sat Jan 19 21:29:49 2002
+++ ftpd	Mon Jan 21 17:11:27 2002
@@ -9,10 +9,9 @@
 #auth		sufficient	pam_kerberosIV.so	no_warn
 #auth		sufficient	pam_krb5.so	no_warn
 #auth           sufficient      pam_ssh.so      no_warn try_first_pass
-# Uncomment either pam_opie or pam_unix, but not both of them.
-# pam_unix can't be simple chained with pam_opie, ftpd provides proper fallback
-auth		required	pam_opie.so	no_warn
-#auth		required	pam_unix.so	no_warn try_first_pass
+#auth		sufficient	pam_opie.so	no_warn
+#auth		requisite	pam_opieaccess.so	no_warn
+auth		required	pam_unix.so	no_warn	try_first_pass
 
 # account
 #account	required	pam_kerberosIV.so
--- login.bak	Sat Jan 19 21:29:49 2002
+++ login	Mon Jan 21 17:11:27 2002
@@ -6,10 +6,11 @@
 
 # auth
 auth		required	pam_nologin.so	no_warn
-#auth		sufficient	pam_opie.so	no_warn
 #auth		sufficient	pam_kerberosIV.so	no_warn try_first_pass
 #auth		sufficient	pam_krb5.so	no_warn try_first_pass
 #auth		required	pam_ssh.so	no_warn try_first_pass
+#auth		sufficient	pam_opie.so	no_warn
+#auth		requisite	pam_opieaccess.so	no_warn
 auth		required	pam_unix.so	no_warn try_first_pass
 
 # account
@@ -24,7 +25,6 @@
 session		required	pam_unix.so
 
 # password
-#password	sufficient	pam_opie.so	no_warn
 #password	sufficient	pam_kerberosIV.so	no_warn try_first_pass
 #password	sufficient	pam_krb5.so	no_warn try_first_pass
 password	required	pam_unix.so	no_warn try_first_pass
--- su.bak	Sat Jan 19 21:29:49 2002
+++ su	Mon Jan 21 17:11:27 2002
@@ -9,13 +9,15 @@
 auth		requisite	pam_wheel.so	no_warn auth_as_self noroot_ok
 #auth		sufficient	pam_kerberosIV.so	no_warn
 #auth		sufficient	pam_krb5.so	no_warn try_first_pass auth_as_self
-#auth		required	pam_opie.so	no_warn
 #auth		required	pam_ssh.so	no_warn try_first_pass
+#auth		sufficient	pam_opie.so	no_warn
+#auth		requisite	pam_opieaccess.so	no_warn
 auth		required	pam_unix.so	no_warn try_first_pass nullok
 #auth		sufficient	pam_rootok.so	no_warn
 ##auth		sufficient	pam_kerberosIV.so	no_warn
 ##auth		sufficient	pam_krb5.so	no_warn
-#auth		required	pam_opie.so	no_warn auth_as_self
+##auth		sufficient	pam_opie.so	no_warn	auth_as_self
+##auth		requisite	pam_opieaccess.so	no_warn
 #auth		required	pam_unix.so	no_warn try_first_pass auth_as_self
 
 # account

-- 
Andrey A. Chernov
http://ache.pp.ru/

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-current" in the body of the message