Age | Commit message (Collapse) | Author | |
---|---|---|---|
2018-03-03 | upstream: switch over to the new authorized_keys options API and | djm@openbsd.org | |
remove the legacy one. Includes a fairly big refactor of auth2-pubkey.c to retain less state between key file lines. feedback and ok markus@ OpenBSD-Commit-ID: dece6cae0f47751b9892080eb13d6625599573df | |||
2016-10-15 | Remove do_pam_set_tty which is dead code. | Darren Tucker | |
The callers of do_pam_set_tty were removed in 2008, so this is now dead code. bz#2604, pointed out by jjelen at redhat.com. | |||
2016-08-17 | Remove obsolete CVS $Id from source files. | Darren Tucker | |
Since -portable switched to git the CVS $Id tags are no longer being updated and are becoming increasingly misleading. Remove them. | |||
2016-08-16 | add --with-pam-service to specify PAM service name | Damien Miller | |
Saves messing around with CFLAGS to do it. | |||
2016-07-18 | Handle PAM_MAXTRIES from modules. | Darren Tucker | |
bz#2249: handle the case where PAM returns PAM_MAXTRIES by ceasing to offer password and keyboard-interative authentication methods. Should prevent "sshd ignoring max retries" warnings in the log. ok djm@ It probably won't trigger with keyboard-interactive in the default configuration because the retry counter is stored in module-private storage which goes away with the sshd PAM process (see bz#688). On the other hand, those cases probably won't log a warning either. | |||
2004-09-11 | - (dtucker) [auth-pam.c auth-pam.h session.c] Bug #890: Send output from | Darren Tucker | |
failing PAM session modules to user then exit, similar to the way /etc/nologin is handled. ok djm@ | |||
2004-05-30 | - (dtucker) [auth-pam.c auth-pam.h auth-passwd.c]: Bug #874: Re-add PAM | Darren Tucker | |
support for PasswordAuthentication=yes. ok djm@ | |||
2004-03-08 | - (dtucker) [auth-pam.c auth-pam.h auth1.c auth2.c monitor.c monitor_wrap.c | Darren Tucker | |
monitor_wrap.h] Bug #808: Ensure force_pwchange is correctly initialized even if keyboard-interactive is not used by the client. Prevents segfaults in some cases where the user's password is expired (note this is not considered a security exposure). ok djm@ | |||
2004-02-10 | - (dtucker) [auth-pam.c auth-pam.h session.c] Bug #14: Use do_pwchange to | Darren Tucker | |
change expired PAM passwords for SSHv1 connections without privsep. pam_chauthtok is still used when privsep is disabled. ok djm@ | |||
2003-11-17 | - (djm) Export environment variables from authentication subprocess to | Damien Miller | |
parent. Part of Bug #717 | |||
2003-10-07 | - (dtucker) [auth-pam.c auth-pam.h session.c] Make PAM use the new static | Darren Tucker | |
cleanup functions. With & ok djm@ | |||
2003-09-02 | - (djm) Bug #423: reorder setting of PAM_TTY and calling of PAM session | Damien Miller | |
management (now done in do_setusercontext). Largely from michael_steffens AT hp.com | |||
2003-08-26 | - (dtucker) [Makefile.in acconfig.h auth-krb5.c auth-pam.c auth-pam.h | Darren Tucker | |
configure.ac defines.h gss-serv-krb5.c session.c ssh-gss.h sshconnect1.c sshconnect2.c] Add Portable GSSAPI support, patch by Simon Wilkinson. | |||
2003-08-25 | - (djm) Bug #564: Perform PAM account checks for all authentications when | Damien Miller | |
UsePAM=yes; ok dtucker | |||
2003-05-19 | - (djm) Sync auth-pam.h with what we actually implement | Damien Miller | |
2003-05-10 | - (djm) Merge FreeBSD PAM code: replaces PAM password auth kludge with | Damien Miller | |
proper challenge-response module | |||
2002-07-23 | - (stevesk) [auth-pam.[ch] session.c] pam_getenvlist() must be | Kevin Steves | |
freed by the caller; add free_pam_environment() and use it. | |||
2002-07-21 | - (stevesk) [auth-pam.[ch] ssh.h] move SSHD_PAM_SERVICE to auth-pam.h | Kevin Steves | |
2002-07-21 | - (stevesk) [auth-pam.h] unneeded include | Kevin Steves | |
2002-07-21 | - (stevesk) [auth-pam.h] license | Kevin Steves | |
2002-04-04 | - (stevesk) [auth-pam.c auth-pam.h auth-passwd.c auth-sia.c auth-sia.h | Kevin Steves | |
auth1.c auth2.c] PAM, OSF_SIA password auth cleanup; from djm. | |||
2001-03-27 | - (djm) Reestablish PAM credentials (which can be supplemental group | Damien Miller | |
memberships) after initgroups() blows them away. Report and suggested fix from Nalin Dahyabhai <nalin@redhat.com> | |||
2001-02-15 | - (djm) Clean up PAM namespace. Suggested by Darren Moffat | Damien Miller | |
<Darren.Moffat@eng.sun.com> | |||
2001-02-09 | - (djm) Add CVS Id's to files that we have missed | Damien Miller | |
2001-02-07 | - (djm) Much KNF on PAM code | Damien Miller | |
- (djm) Revise auth-pam.c conversation function to be a little more readable. - (djm) Revise kbd-int PAM conversation function to fold all text messages to before first prompt. Fixes hangs if last pam_message did not require a reply. - (djm) Fix password changing when using PAM kbd-int authentication | |||
2001-01-19 | - (djm) Merge patch from Tim Waugh (via Nalin Dahyabhai <nalin@redhat.com>) | Damien Miller | |
to fix NULL pointer deref and fake authloop breakage in PAM code. | |||
2000-12-03 | - (djm) Added patch from Nalin Dahyabhai <nalin@redhat.com> to enable | Damien Miller | |
PAM authentication using KbdInteractive. - (djm) Added another TODO | |||
2000-10-14 | function prototype and definition consistency cleanup. | Kevin Steves | |
2000-10-14 | - (stevesk) ~/.hushlogin shouldn't cause required password change to | Kevin Steves | |
be bypassed. | |||
2000-09-16 | - (djm) Add Steve VanDevender's <stevev@darkwing.uoregon.edu> PAM | Damien Miller | |
password change patch. - (djm) Bring licenses on my stuff in line with OpenBSD's | |||
2000-01-27 | Add const to suppress compiler warning | Damien Miller | |
1999-12-30 | - Removed most of the pam code into its own file auth-pam.[ch]. This | Damien Miller | |
cleaned up sshd.c up significantly. - Several other cleanups |