From owner-cvs-src@FreeBSD.ORG Sun Jun 10 18:57:21 2007 Return-Path: X-Original-To: cvs-src@FreeBSD.org Delivered-To: cvs-src@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id BFC2216A400; Sun, 10 Jun 2007 18:57:21 +0000 (UTC) (envelope-from yar@FreeBSD.org) Received: from repoman.freebsd.org (repoman.freebsd.org [69.147.83.41]) by mx1.freebsd.org (Postfix) with ESMTP id B07B413C48A; Sun, 10 Jun 2007 18:57:21 +0000 (UTC) (envelope-from yar@FreeBSD.org) Received: from repoman.freebsd.org (localhost [127.0.0.1]) by repoman.freebsd.org (8.13.8/8.13.8) with ESMTP id l5AIvLoi034059; Sun, 10 Jun 2007 18:57:21 GMT (envelope-from yar@repoman.freebsd.org) Received: (from yar@localhost) by repoman.freebsd.org (8.13.8/8.13.8/Submit) id l5AIvLOF034055; Sun, 10 Jun 2007 18:57:21 GMT (envelope-from yar) Message-Id: <200706101857.l5AIvLOF034055@repoman.freebsd.org> From: Yar Tikhiy Date: Sun, 10 Jun 2007 18:57:20 +0000 (UTC) To: src-committers@FreeBSD.org, cvs-src@FreeBSD.org, cvs-all@FreeBSD.org X-FreeBSD-CVS-Branch: HEAD Cc: Subject: cvs commit: src UPDATING src/sys/sys param.h src/etc/pam.d ftpd gdm imap kde login other pop3 rsh sshd telnetd xdm src/lib/libpam/modules/pam_nologin pam_nologin.8 pam_nologin.c X-BeenThere: cvs-src@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: CVS commit messages for the src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 10 Jun 2007 18:57:21 -0000 yar 2007-06-10 18:57:20 UTC FreeBSD src repository Modified files: . UPDATING sys/sys param.h etc/pam.d ftpd gdm imap kde login other pop3 rsh sshd telnetd xdm lib/libpam/modules/pam_nologin pam_nologin.8 pam_nologin.c Log: Now pam_nologin(8) will provide an account management function instead of an authentication function. There are a design reason and a practical reason for that. First, the module belongs in account management because it checks availability of the account and does no authentication. Second, there are existing and potential PAM consumers that skip PAM authentication for good or for bad. E.g., sshd(8) just prefers internal routines for public key auth; OTOH, cron(8) and atrun(8) do implicit authentication when running a job on behalf of its owner, so their inability to use PAM auth is fundamental, but they can benefit from PAM account management. Document this change in the manpage. Modify /etc/pam.d files accordingly, so that pam_nologin.so is listed under the "account" function class. Bump __FreeBSD_version (mostly for ports, as this change should be invisible to C code outside pam_nologin.) PR: bin/112574 Approved by: des, re Revision Changes Path 1.493 +18 -0 src/UPDATING 1.19 +1 -1 src/etc/pam.d/ftpd 1.8 +1 -1 src/etc/pam.d/gdm 1.6 +3 -1 src/etc/pam.d/imap 1.7 +1 -1 src/etc/pam.d/kde 1.17 +1 -1 src/etc/pam.d/login 1.11 +1 -1 src/etc/pam.d/other 1.6 +3 -1 src/etc/pam.d/pop3 1.6 +1 -1 src/etc/pam.d/rsh 1.16 +1 -1 src/etc/pam.d/sshd 1.8 +1 -1 src/etc/pam.d/telnetd 1.11 +1 -1 src/etc/pam.d/xdm 1.6 +10 -11 src/lib/libpam/modules/pam_nologin/pam_nologin.8 1.12 +2 -10 src/lib/libpam/modules/pam_nologin/pam_nologin.c 1.300 +1 -1 src/sys/sys/param.h