summaryrefslogtreecommitdiff
path: root/auth-pam.c
AgeCommit message (Collapse)Author
2003-09-13Add extern __progname, needed if SSHD_PAM_SERVICE not definedDarren Tucker
2003-09-13 - (dtucker) [auth-pam.c] Use SSHD_PAM_SERVICE for PAM service name, patchDarren Tucker
from cjwatson at debian.org.
2003-09-02 - (djm) Bug #423: reorder setting of PAM_TTY and calling of PAM sessionDamien Miller
management (now done in do_setusercontext). Largely from michael_steffens AT hp.com
2003-09-02 - (djm) Don't initialise pam_conv structures inline. Avoids HP/UX compilerDamien Miller
error. Part of Bug #423, patch from michael_steffens AT hp.com
2003-08-26 - (dtucker) [Makefile.in acconfig.h auth-krb5.c auth-pam.c auth-pam.hDarren Tucker
configure.ac defines.h gss-serv-krb5.c session.c ssh-gss.h sshconnect1.c sshconnect2.c] Add Portable GSSAPI support, patch by Simon Wilkinson.
2003-08-25 - (djm) Bug #564: Perform PAM account checks for all authentications whenDamien Miller
UsePAM=yes; ok dtucker
2003-08-08 - (dtucker) [auth-pam.c] Don't set PAM_TTY if tty is null. ok djm@Darren Tucker
2003-07-30 - (djm) [auth-pam.c] Don't use crappy APIs like sprintf. Thanks balDamien Miller
2003-06-03 - (djm) OpenBSD CVS SyncDamien Miller
- markus@cvs.openbsd.org 2003/06/02 09:17:34 [auth2-hostbased.c auth.c auth-options.c auth-rhosts.c auth-rh-rsa.c] [canohost.c monitor.c servconf.c servconf.h session.c sshd_config] [sshd_config.5] deprecate VerifyReverseMapping since it's dangerous if combined with IP based access control as noted by Mike Harding; replace with a UseDNS option, UseDNS is on by default and includes the VerifyReverseMapping check; with itojun@, provos@, jakob@ and deraadt@ ok deraadt@, djm@ - (djm) Fix portable-specific uses of verify_reverse_mapping too
2003-06-02 - (djm) Fix segv from bad reordering in auth-pam.cDamien Miller
2003-05-18 - (djm) Return of the dreaded PAM_TTY_KLUDGE, which went missing inDamien Miller
recent merge
2003-05-16 - (djm) Guard free_pam_environment against NULL argument. Works aroundDamien Miller
HP/UX PAM problems debugged by dtucker
2003-05-14 - (djm) Die screaming if start_pam() is called when UsePAM=noDamien Miller
2003-05-14 - (djm) Add new UsePAM configuration directive to allow runtime controlDamien Miller
over usage of PAM. This allows non-root use of sshd when built with --with-pam
2003-05-10 - (djm) Merge FreeBSD PAM code: replaces PAM password auth kludge withDamien Miller
proper challenge-response module
2003-04-29 - (djm) Add back radix.o (used by AFS support), after it went missing fromDamien Miller
Makefile many moons ago - (djm) Apply "owl-always-auth" patch from Openwall/Solar Designer - (djm) Fix blibpath specification for AIX/gcc - (djm) Some systems have basename in -lgen. Fix from ayamura@ayamura.org
2003-04-09*** empty log message ***Damien Miller
2003-01-22 - (djm) Reorganise PAM & SIA password handling to eliminate some common codeDamien Miller
2002-07-28 - (stevesk) [auth-pam.c] should use PAM_MSG_MEMBER(); from solarKevin Steves
2002-07-23- (stevesk) [auth-pam.c] typo in commentKevin Steves
2002-07-23 - (stevesk) [auth-pam.[ch] session.c] pam_getenvlist() must beKevin Steves
freed by the caller; add free_pam_environment() and use it.
2002-07-21 - (stevesk) [auth-pam.[ch] ssh.h] move SSHD_PAM_SERVICE to auth-pam.hKevin Steves
2002-07-21 - (stevesk) [auth-pam.c] cast to avoid initialization type mismatchKevin Steves
warning on pam_conv struct conversation function.
2002-07-21 - (stevesk) [auth-pam.c] merge rest of solar's PAM patch;Kevin Steves
PAM_NEW_AUTHTOK_REQD remains in #if 0 for now.
2002-07-21 - (stevesk) [auth-pam.c] merge cosmetic changes from solar'sKevin Steves
openssh-3.4p1-owl-password-changing.diff
2002-07-02 - (djm) Use PAM_MSG_MEMBER for PAM_TEXT_INFO messages, use xmalloc &Damien Miller
friends consistently. Spotted by Solar Designer <solar@openwall.com>
2002-05-08 - (djm) Don't reinitialise PAM credentials before we have started PAM.Damien Miller
Report from Pekka Savola <pekkas@netcore.fi>
2002-04-26 - (djm) Disable PAM password expiry until a complete fix for bug #188 existsDamien Miller
2002-04-23 - (djm) Make privsep work with PAM (still experimental)Damien Miller
2002-04-04 - (stevesk) [auth-pam.c auth-pam.h auth-passwd.c auth-sia.c auth-sia.hKevin Steves
auth1.c auth2.c] PAM, OSF_SIA password auth cleanup; from djm.
2002-02-05 - (djm) Cleanup after sync:Damien Miller
- :%s/reverse_mapping_check/verify_reverse_mapping/g
2001-11-09 - (stevesk) auth-pam.c: use do_pam_authenticate(PAM_DISALLOW_NULL_AUTHTOK)Kevin Steves
if permit_empty_passwd == 0 so null password check cannot be bypassed. jayaraj@amritapuri.com OpenBSD bug 2168
2001-10-28 - (stevesk) Fix compile problem with PAM password change fixKevin Steves
2001-10-28 - (djm) Fix for PAM password changes being echoed (from stevesk)Damien Miller
2001-10-28 - (djm) Avoid bug in Solaris PAM libsDamien Miller
2001-04-23 - (stevesk) auth-pam.c: use PERMIT_NO_PASSWDKevin Steves
2001-04-23 - (stevesk) pam_start() doesn't use DNS now for sshd -u0.Kevin Steves
2001-04-20 - (stevesk) set the default PAM service name to __progname insteadKevin Steves
of the hard-coded value "sshd"; from Mark D. Roth <roth@feep.net>
2001-03-27 - (djm) Reestablish PAM credentials (which can be supplemental groupDamien Miller
memberships) after initgroups() blows them away. Report and suggested fix from Nalin Dahyabhai <nalin@redhat.com>
2001-03-21 - (djm) Don't loop forever when changing password via PAM. PatchDamien Miller
from Solar Designer <solar@openwall.com>
2001-03-21 - (djm) Make sure pam_retval is initialised on call to pam_end. PatchDamien Miller
from Solar Designer <solar@openwall.com>
2001-03-01 - (djm) Force standard PAM conversation function in a few more places.Damien Miller
Patch from Redhat 2.5.1p1-2 RPM, probably Nalin Dahyabhai <nalin@redhat.com>
2001-02-27whitspaceDamien Miller
2001-02-15 - (djm) Clean up PAM namespace. Suggested by Darren MoffatDamien Miller
<Darren.Moffat@eng.sun.com>
2001-02-14 - (djm) Don't try to close PAM session or delete credentials if theDamien Miller
session has not been open or credentials not set. Based on patch from Andrew Bartlett <abartlet@pcug.org.au>
2001-02-11Oops - missed a bit of previous diffDamien Miller
2001-02-11 - (djm) Set PAM_RHOST earlier, patch from Andrew BartlettDamien Miller
<abartlet@pcug.org.au>
2001-02-07 - (djm) Much KNF on PAM codeDamien Miller
- (djm) Revise auth-pam.c conversation function to be a little more readable. - (djm) Revise kbd-int PAM conversation function to fold all text messages to before first prompt. Fixes hangs if last pam_message did not require a reply. - (djm) Fix password changing when using PAM kbd-int authentication
2001-02-05 - stevesk@cvs.openbsd.org 2001/02/04 08:32:27Kevin Steves
[many files; did this manually to our top-level source dir] unexpand and remove end-of-line whitespace; ok markus@
2001-02-04NB: big update - may break stuff. Please test!Damien Miller
- (djm) OpenBSD CVS sync: - markus@cvs.openbsd.org 2001/02/03 03:08:38 [auth-options.c auth-rh-rsa.c auth-rhosts.c auth.c canohost.c] [canohost.h servconf.c servconf.h session.c sshconnect1.c sshd.8] [sshd_config] make ReverseMappingCheck optional in sshd_config; ok djm@,dugsong@ - markus@cvs.openbsd.org 2001/02/03 03:19:51 [ssh.1 sshd.8 sshd_config] Skey is now called ChallengeResponse - markus@cvs.openbsd.org 2001/02/03 03:43:09 [sshd.8] use no-pty option in .ssh/authorized_keys* if you need a 8-bit clean channel. note from Erik.Anggard@cygate.se (pr/1659) - stevesk@cvs.openbsd.org 2001/02/03 10:03:06 [ssh.1] typos; ok markus@ - djm@cvs.openbsd.org 2001/02/04 04:11:56 [scp.1 sftp-server.c ssh.1 sshd.8 sftp-client.c sftp-client.h] [sftp-common.c sftp-common.h sftp-int.c sftp-int.h sftp.1 sftp.c] Basic interactive sftp client; ok theo@ - (djm) Update RPM specs for new sftp binary - (djm) Update several bits for new optional reverse lookup stuff. I think I got them all.