Date: Fri, 13 Nov 2009 11:19:26 +0000 (UTC) From: Dag-Erling Smorgrav <des@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r199248 - head/lib/libpam/modules/pam_unix Message-ID: <200911131119.nADBJQvf064512@svn.freebsd.org>
index | next in thread | raw e-mail
Author: des Date: Fri Nov 13 11:19:26 2009 New Revision: 199248 URL: http://svn.freebsd.org/changeset/base/199248 Log: Note that nullok should not be used by processes that can't access the password database. PR: bin/126650, misc/140514 MFC after: 1 week Modified: head/lib/libpam/modules/pam_unix/pam_unix.8 Modified: head/lib/libpam/modules/pam_unix/pam_unix.8 ============================================================================== --- head/lib/libpam/modules/pam_unix/pam_unix.8 Fri Nov 13 09:57:50 2009 (r199247) +++ head/lib/libpam/modules/pam_unix/pam_unix.8 Fri Nov 13 11:19:26 2009 (r199248) @@ -105,6 +105,17 @@ sufficient. If the password database has no password for the entity being authenticated, then this option will forgo password prompting, and silently allow authentication to succeed. +.Pp +.Sy NOTE: +If +.Nm +is invoked by a process that does not have the privileges required to +access the password database (in most cases, this means root +privileges), the +.Cm nullok +option may cause +.Nm +to allow any user to log in with any password. .It Cm local_pass Use only the local password database, even if NIS is in use. This will cause an authentication failure if the system is configuredhome | help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200911131119.nADBJQvf064512>