diff options
author | deraadt@openbsd.org <deraadt@openbsd.org> | 2015-08-06 14:53:21 +0000 |
---|---|---|
committer | Damien Miller <djm@mindrot.org> | 2015-08-11 18:57:29 +1000 |
commit | 1dc8d93ce69d6565747eb44446ed117187621b26 (patch) | |
tree | 68e850b1c037c7d744836000527320d11b143168 /auth.c | |
parent | 90a95a4745a531b62b81ce3b025e892bdc434de5 (diff) |
upstream commit
add prohibit-password as a synonymn for without-password,
since the without-password is causing too many questions. Harden it to ban
all but pubkey, hostbased, and GSSAPI auth (when the latter is enabled) from
djm, ok markus
Upstream-ID: d53317d7b28942153e6236d3fd6e12ceb482db7a
Diffstat (limited to 'auth.c')
-rw-r--r-- | auth.c | 6 |
1 files changed, 4 insertions, 2 deletions
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: auth.c,v 1.111 2015/05/01 04:17:51 djm Exp $ */ | 1 | /* $OpenBSD: auth.c,v 1.112 2015/08/06 14:53:21 deraadt Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 2000 Markus Friedl. All rights reserved. | 3 | * Copyright (c) 2000 Markus Friedl. All rights reserved. |
4 | * | 4 | * |
@@ -352,7 +352,9 @@ auth_root_allowed(const char *method) | |||
352 | case PERMIT_YES: | 352 | case PERMIT_YES: |
353 | return 1; | 353 | return 1; |
354 | case PERMIT_NO_PASSWD: | 354 | case PERMIT_NO_PASSWD: |
355 | if (strcmp(method, "password") != 0) | 355 | if (strcmp(method, "publickey") == 0 || |
356 | strcmp(method, "hostbased") == 0 || | ||
357 | strcmp(method, "gssapi-with-mic")) | ||
356 | return 1; | 358 | return 1; |
357 | break; | 359 | break; |
358 | case PERMIT_FORCED_ONLY: | 360 | case PERMIT_FORCED_ONLY: |