From owner-freebsd-current@FreeBSD.ORG  Sat Jun  9 15:33:24 2007
Return-Path: <owner-freebsd-current@FreeBSD.ORG>
X-Original-To: current@freebsd.org
Delivered-To: freebsd-current@FreeBSD.ORG
Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52])
	by hub.freebsd.org (Postfix) with ESMTP id BE1BF16A41F
	for <current@freebsd.org>; Sat,  9 Jun 2007 15:33:24 +0000 (UTC)
	(envelope-from yar@comp.chem.msu.su)
Received: from comp.chem.msu.su (comp.chem.msu.su [158.250.32.97])
	by mx1.freebsd.org (Postfix) with ESMTP id 359FB13C45D
	for <current@freebsd.org>; Sat,  9 Jun 2007 15:33:23 +0000 (UTC)
	(envelope-from yar@comp.chem.msu.su)
Received: from comp.chem.msu.su (localhost [127.0.0.1])
	by comp.chem.msu.su (8.13.4/8.13.4) with ESMTP id l59FMm1G088057
	for <current@freebsd.org>; Sat, 9 Jun 2007 19:22:48 +0400 (MSD)
	(envelope-from yar@comp.chem.msu.su)
Received: (from yar@localhost)
	by comp.chem.msu.su (8.13.4/8.13.4/Submit) id l59FMmaj088056
	for current@freebsd.org; Sat, 9 Jun 2007 19:22:48 +0400 (MSD)
	(envelope-from yar)
Date: Sat, 9 Jun 2007 19:22:47 +0400
From: Yar Tikhiy <yar@comp.chem.msu.su>
To: current@freebsd.org
Message-ID: <20070609152247.GO25127@comp.chem.msu.su>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.5.9i
Cc: 
Subject: HEADS UP: a change to pam_nologin(8)
X-BeenThere: freebsd-current@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Discussions about the use of FreeBSD-current
	<freebsd-current.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-current>, 
	<mailto:freebsd-current-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-current>
List-Post: <mailto:freebsd-current@freebsd.org>
List-Help: <mailto:freebsd-current-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-current>,
	<mailto:freebsd-current-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 09 Jun 2007 15:33:24 -0000

Hi all,

As per discussion with re@ and the PAM maintainer, des@, I'm about
to commit a change to pam_nologin(8) that will require changes to
pam.d files.  Using old pam.d files will result in nologin(5) just
ignored, which is of concern only to multi-user system admins, who
are an endangered minority in these days of thinking toasters (sigh!)

Here's the paragraph for UPDATING:

20070610:
        The pam_nologin(8) module ceases to provide an authentication
        function and starts providing an account management function.  
        Consequent changes to /etc/pam.d should be brought in using
        mergemaster(8).  Third-party files in /usr/local/etc/pam.d may  
        need manual editing as follows.  Locate this line (or similar):

                auth    required        pam_nologin.so  no_warn

        and change it according to this example:

                account required        pam_nologin.so  no_warn

        That is, the first word needs to be changed from "auth" to   
        "account".  The new line can be moved to the account section
        within the file for clarity.  Not updating pam.conf(5) files
	will result in nologin(5) ignored by the respective services.

If no objections are raised at the last minute, I'll send a separate
heads-up message to the ports folks with details on how this change
is going to affect ports.

-- 
Yar