Date: Fri, 13 Nov 2009 11:19:26 +0000 (UTC) From: Dag-Erling Smorgrav <des@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r199248 - head/lib/libpam/modules/pam_unix Message-ID: <200911131119.nADBJQvf064512@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: des Date: Fri Nov 13 11:19:26 2009 New Revision: 199248 URL: http://svn.freebsd.org/changeset/base/199248 Log: Note that nullok should not be used by processes that can't access the password database. PR: bin/126650, misc/140514 MFC after: 1 week Modified: head/lib/libpam/modules/pam_unix/pam_unix.8 Modified: head/lib/libpam/modules/pam_unix/pam_unix.8 ============================================================================== --- head/lib/libpam/modules/pam_unix/pam_unix.8 Fri Nov 13 09:57:50 2009 (r199247) +++ head/lib/libpam/modules/pam_unix/pam_unix.8 Fri Nov 13 11:19:26 2009 (r199248) @@ -105,6 +105,17 @@ sufficient. If the password database has no password for the entity being authenticated, then this option will forgo password prompting, and silently allow authentication to succeed. +.Pp +.Sy NOTE: +If +.Nm +is invoked by a process that does not have the privileges required to +access the password database (in most cases, this means root +privileges), the +.Cm nullok +option may cause +.Nm +to allow any user to log in with any password. .It Cm local_pass Use only the local password database, even if NIS is in use. This will cause an authentication failure if the system is configured
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200911131119.nADBJQvf064512>