From owner-freebsd-security@FreeBSD.ORG Sat Sep 17 05:30:49 2011 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 5E47D106566B for ; Sat, 17 Sep 2011 05:30:49 +0000 (UTC) (envelope-from jhellenthal@gmail.com) Received: from mail-iy0-f182.google.com (mail-iy0-f182.google.com [209.85.210.182]) by mx1.freebsd.org (Postfix) with ESMTP id 2047D8FC08 for ; Sat, 17 Sep 2011 05:30:48 +0000 (UTC) Received: by iadk27 with SMTP id k27so4908444iad.13 for ; Fri, 16 Sep 2011 22:30:48 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=sender:date:from:to:cc:subject:message-id:references:mime-version :content-type:content-disposition:content-transfer-encoding :in-reply-to; bh=s7xhLV8odH3MbCqPtTrjjqLvG7WFENexYlatRgdQLV0=; b=JxoHp8AyFDMdlH9omiN6P5tZKoBg3JcTlfYh0IOqYij0dGIF3xxxAa2iqDctE2BrCg R6Ghac4zgNFlqrJNyaN/EIaWbLmKUydVC326t5FYSmc/SzOooF9Lz2FCoABF4f7ne/1N dSqIdxMXwMoDEEr8U9ij6bZke2DlUbzwj47Ak= Received: by 10.42.97.8 with SMTP id l8mr410425icn.3.1316237079711; Fri, 16 Sep 2011 22:24:39 -0700 (PDT) Received: from DataIX.net ([99.190.81.85]) by mx.google.com with ESMTPS id g16sm12663383ibs.8.2011.09.16.22.24.37 (version=TLSv1/SSLv3 cipher=OTHER); Fri, 16 Sep 2011 22:24:38 -0700 (PDT) Sender: Jason Hellenthal Received: from DataIX.net (localhost [127.0.0.1]) by DataIX.net (8.14.5/8.14.5) with ESMTP id p8H5OZK5033020 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Sat, 17 Sep 2011 01:24:35 -0400 (EDT) (envelope-from jhell@DataIX.net) Received: (from jhell@localhost) by DataIX.net (8.14.5/8.14.5/Submit) id p8H5OYls033019; Sat, 17 Sep 2011 01:24:34 -0400 (EDT) (envelope-from jhell@DataIX.net) Date: Sat, 17 Sep 2011 01:24:34 -0400 From: Jason Hellenthal To: Brandon Gooch Message-ID: <20110917052434.GA32989@DataIX.net> References: <86boukbk8s.fsf@ds4.des.no> <20110917051827.GA27245@DataIX.net> MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: <20110917051827.GA27245@DataIX.net> Cc: Dag-Erling =?iso-8859-1?Q?Sm=F8rgrav?= , freebsd-security@freebsd.org Subject: Re: PAM modules X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 17 Sep 2011 05:30:49 -0000 On Sat, Sep 17, 2011 at 01:18:27AM -0400, Jason Hellenthal wrote: > > +1 for LDAP > > On Fri, Sep 16, 2011 at 10:25:16PM -0500, Brandon Gooch wrote: > > On Sep 16, 2011 10:21 AM, "Dag-Erling Smørgrav" wrote: > > > > > > We currently have a number of PAM modules in ports, and while some of > > > them are specific to certain third-party software, many aren't. I > > > believe we would benefit from importing at least some of these into > > > base. My question is: which ones? > > > > > > DES > > > -- > > > Dag-Erling Smørgrav - des@des.no > > > > +1 for LDAP > > > > -Brandon > > _______________________________________________ > > freebsd-security@freebsd.org mailing list > > http://lists.freebsd.org/mailman/listinfo/freebsd-security > > To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org" Do not mean to reply to my own post but seems these offer the most IMHO benefit to the project and end-users. security/pam_jail A PAM module dropping users in jails after login security/pam_krb5 A Pluggable Authentication Module for Kerberos5 security/pam_ldap A pam module for authenticating with LDAP security/pam_mkhomedir Create HOME with a PAM module on demand security/pam_p11 A PAM module using crypto tokens for auth authenticate against Unix PAM security/pam_pwdfile A pam module for authenticating with flat passwd files security/pam_require A PAM module for restricting access based on unix group or username security/pam_smb NetBIOS domain logon PAM module security/pam_ssh_agent_auth PAM module which permits authentication via ssh-agent sysutils/pam_mount A PAM that can mount volumes for a user session