From owner-cvs-all Mon Jan 21 10:51:31 2002 Delivered-To: cvs-all@freebsd.org Received: from freefall.freebsd.org (freefall.FreeBSD.org [216.136.204.21]) by hub.freebsd.org (Postfix) with ESMTP id AC73437B402; Mon, 21 Jan 2002 10:51:24 -0800 (PST) Received: (from des@localhost) by freefall.freebsd.org (8.11.6/8.11.6) id g0LIpOb90937; Mon, 21 Jan 2002 10:51:24 -0800 (PST) (envelope-from des) Message-Id: <200201211851.g0LIpOb90937@freefall.freebsd.org> From: Dag-Erling Smorgrav Date: Mon, 21 Jan 2002 10:51:24 -0800 (PST) To: cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org Subject: cvs commit: src/etc/pam.d csshd ftp ftpd imap kde login other pop3 su X-FreeBSD-CVS-Branch: HEAD Sender: owner-cvs-all@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG des 2002/01/21 10:51:24 PST Modified files: etc/pam.d csshd ftp ftpd imap kde login other pop3 su Log: Enable OPIE by default, using the no_fake_prompts option to hide it from users who don't wish to use it. If the admin is worried about leaking information about which users exist and which have OPIE enabled, the no_fake_prompts option can simply be removed. Also insert the appropriate pam_opieaccess lines after pam_opie to break the chain in case the user is logging in from an untrusted host, or has a .opiealways file. The entire opieaccess / opiealways concept is slightly unpammish, but admins familiar with OPIE will expect it to work. Reviewed by: ache, markm Sponsored by: DARPA, NAI Labs Revision Changes Path 1.3 +3 -2 src/etc/pam.d/csshd 1.3 +3 -2 src/etc/pam.d/ftp 1.13 +4 -5 src/etc/pam.d/ftpd 1.3 +3 -2 src/etc/pam.d/imap 1.3 +3 -2 src/etc/pam.d/kde 1.6 +3 -3 src/etc/pam.d/login 1.3 +3 -2 src/etc/pam.d/other 1.3 +3 -2 src/etc/pam.d/pop3 1.6 +24 -12 src/etc/pam.d/su To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe cvs-all" in the body of the message