Date: Sat, 9 Jun 2007 19:22:47 +0400 From: Yar Tikhiy <yar@comp.chem.msu.su> To: current@freebsd.org Subject: HEADS UP: a change to pam_nologin(8) Message-ID: <20070609152247.GO25127@comp.chem.msu.su>
next in thread | raw e-mail | index | archive | help
Hi all, As per discussion with re@ and the PAM maintainer, des@, I'm about to commit a change to pam_nologin(8) that will require changes to pam.d files. Using old pam.d files will result in nologin(5) just ignored, which is of concern only to multi-user system admins, who are an endangered minority in these days of thinking toasters (sigh!) Here's the paragraph for UPDATING: 20070610: The pam_nologin(8) module ceases to provide an authentication function and starts providing an account management function. Consequent changes to /etc/pam.d should be brought in using mergemaster(8). Third-party files in /usr/local/etc/pam.d may need manual editing as follows. Locate this line (or similar): auth required pam_nologin.so no_warn and change it according to this example: account required pam_nologin.so no_warn That is, the first word needs to be changed from "auth" to "account". The new line can be moved to the account section within the file for clarity. Not updating pam.conf(5) files will result in nologin(5) ignored by the respective services. If no objections are raised at the last minute, I'll send a separate heads-up message to the ports folks with details on how this change is going to affect ports. -- Yar
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20070609152247.GO25127>