FreeBSD Mail Archives

Date:      Mon, 21 Jan 2002 17:20:38 +0300
From:      "Andrey A. Chernov" <ache@nagual.pp.ru>
To:        des@ofug.org, mark@grondar.za, current@FreeBSD.ORG
Subject:   Step6, corresponding /etc/pam.d/* fixes for review
Message-ID:  <20020121142038.GA36519@nagual.pp.ru>

next in thread | raw e-mail | index | archive | help

This fixes reflects pam_opieaccess addition. 

Few comments:

ftpd: fallback was a hack and not needed now with new pam_opieaccess

login: I believe that there is no authtok change service provided by 
pam_opie module, so remove 
#password      sufficient      pam_opie.so     no_warn
line


--- ftpd.bak	Sat Jan 19 21:29:49 2002
+++ ftpd	Mon Jan 21 17:11:27 2002
@@ -9,10 +9,9 @@
 #auth		sufficient	pam_kerberosIV.so	no_warn
 #auth		sufficient	pam_krb5.so	no_warn
 #auth           sufficient      pam_ssh.so      no_warn try_first_pass
-# Uncomment either pam_opie or pam_unix, but not both of them.
-# pam_unix can't be simple chained with pam_opie, ftpd provides proper fallback
-auth		required	pam_opie.so	no_warn
-#auth		required	pam_unix.so	no_warn try_first_pass
+#auth		sufficient	pam_opie.so	no_warn
+#auth		requisite	pam_opieaccess.so	no_warn
+auth		required	pam_unix.so	no_warn	try_first_pass
 
 # account
 #account	required	pam_kerberosIV.so
--- login.bak	Sat Jan 19 21:29:49 2002
+++ login	Mon Jan 21 17:11:27 2002
@@ -6,10 +6,11 @@
 
 # auth
 auth		required	pam_nologin.so	no_warn
-#auth		sufficient	pam_opie.so	no_warn
 #auth		sufficient	pam_kerberosIV.so	no_warn try_first_pass
 #auth		sufficient	pam_krb5.so	no_warn try_first_pass
 #auth		required	pam_ssh.so	no_warn try_first_pass
+#auth		sufficient	pam_opie.so	no_warn
+#auth		requisite	pam_opieaccess.so	no_warn
 auth		required	pam_unix.so	no_warn try_first_pass
 
 # account
@@ -24,7 +25,6 @@
 session		required	pam_unix.so
 
 # password
-#password	sufficient	pam_opie.so	no_warn
 #password	sufficient	pam_kerberosIV.so	no_warn try_first_pass
 #password	sufficient	pam_krb5.so	no_warn try_first_pass
 password	required	pam_unix.so	no_warn try_first_pass
--- su.bak	Sat Jan 19 21:29:49 2002
+++ su	Mon Jan 21 17:11:27 2002
@@ -9,13 +9,15 @@
 auth		requisite	pam_wheel.so	no_warn auth_as_self noroot_ok
 #auth		sufficient	pam_kerberosIV.so	no_warn
 #auth		sufficient	pam_krb5.so	no_warn try_first_pass auth_as_self
-#auth		required	pam_opie.so	no_warn
 #auth		required	pam_ssh.so	no_warn try_first_pass
+#auth		sufficient	pam_opie.so	no_warn
+#auth		requisite	pam_opieaccess.so	no_warn
 auth		required	pam_unix.so	no_warn try_first_pass nullok
 #auth		sufficient	pam_rootok.so	no_warn
 ##auth		sufficient	pam_kerberosIV.so	no_warn
 ##auth		sufficient	pam_krb5.so	no_warn
-#auth		required	pam_opie.so	no_warn auth_as_self
+##auth		sufficient	pam_opie.so	no_warn	auth_as_self
+##auth		requisite	pam_opieaccess.so	no_warn
 #auth		required	pam_unix.so	no_warn try_first_pass auth_as_self
 
 # account

-- 
Andrey A. Chernov
http://ache.pp.ru/

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-current" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020121142038.GA36519>

Header And Logo

Peripheral Links

Site Navigation

Header And Logo

Peripheral Links

Search

Site Navigation