Home
last modified time | relevance | path

Searched +full:pam +full:- +full:enabled (Results 1 – 25 of 50) sorted by relevance

12

/freebsd/contrib/pam-krb5/docs/
H A Ddocknot.yaml1 # Package metadata for pam-krb5.
10 # Copyright 2017, 2020-2021 Russ Allbery <eagle@eyrie.org>
12 # SPDX-License-Identifier: BSD-3-clause or GPL-1+
16 name: pam-krb5
19 synopsis: PAM module for Kerberos authentication
22 name: BSD-3-clause-or-GPL-1+
24 - holder: Russ Allbery <eagle@eyrie.org>
25 years: 2005-2010, 2014-2015, 2017, 2020-2021
26 - holder: The Board of Trustees of the Leland Stanford Junior University
27 years: 2009-2011
[all …]
H A Dpam_krb5.pod2 KRB5CCNAME ChallengeResponseAuthentication GSS-API Heimdal KDC PKINIT
5 logout pam-krb5 preauth 0.8rc1 screensaver screensavers sshd localname
6 krb5.conf. 0.8rc1. Allbery Cusack Salomon FSFAP SPDX-License-Identifier
11 pam_krb5 - Kerberos PAM module
22 The Kerberos service module for PAM, typically installed at
23 F</lib/security/pam_krb5.so>, provides functionality for the four PAM
26 dynamically loaded by the PAM subsystem as necessary, based on the system
27 PAM configuration. PAM is a system for plugging in external
30 user session on that system. For details on how to configure PAM on your
31 system, see the PAM man page, often pam(7).
[all …]
/freebsd/contrib/pam-krb5/
H A DREADME.md1 # pam-krb5
4 status](https://github.com/rra/pam-krb5/workflows/build/badge.svg)](https://github.com/rra/pam-krb5…
6 package](https://img.shields.io/debian/v/libpam-krb5/unstable)](https://tracker.debian.org/pkg/libp…
8 Copyright 2005-2010, 2014-2015, 2017, 2020-2021 Russ Allbery
9 <eagle@eyrie.org>. Copyright 2009-2011 The Board of Trustees of the
11 <dilinger@debian.org>. Copyright 1999-2000 Frank Cusack
12 <fcusack@fcusack.com>. This software is distributed under a BSD-style
18 pam-krb5 is a Kerberos PAM module for either MIT Kerberos or Heimdal. It
20 handling, authentication of non-local accounts for network services,
22 expected PAM features. It works correctly with OpenSSH, even with
[all …]
H A DREADME1 pam-krb5 4.11
2 (PAM module for Kerberos authentication)
5 Copyright 2005-2010, 2014-2015, 2017, 2020-2021 Russ Allbery
6 <eagle@eyrie.org>. Copyright 2009-2011 The Board of Trustees of the
8 <dilinger@debian.org>. Copyright 1999-2000 Frank Cusack
9 <fcusack@fcusack.com>. This software is distributed under a BSD-style
14 pam-krb5 is a Kerberos PAM module for either MIT Kerberos or Heimdal.
16 authorization handling, authentication of non-local accounts for network
18 standard expected PAM features. It works correctly with OpenSSH, even
19 with ChallengeResponseAuthentication and PrivilegeSeparation enabled,
[all …]
H A DNEWS1 User-Visible pam-krb5 Changes
3 pam-krb5 4.11 (2021-10-17)
7 is closing the PAM session after a fork to free memory resources, but
12 Stop attempting to guess the correct PAM module installation path on
13 Linux systems when --prefix is set to /usr and instead document that
14 --libdir will probably need to be set explicitly. The previous logic
18 Update to rra-c-util 10.0:
23 pam-krb5 4.10 (2021-03-20)
25 When re-retrieving the authenticated principal from the current cache,
31 Update to rra-c-util 9.0:
[all …]
H A DTODO1 pam-krb5 To-Do List
3 PAM API:
7 available in the PAM data) and trying a regular authentication first to
14 these into one PAM conversation call for better GUI presentation
21 password. This will fix failure to store passwords in the PAM data
28 pam-krb5 is run as a non-root user and hence doesn't have access to the
30 developed for a different PAM authentication module, and it would be
35 escaped @-signs and doesn't do proper principal parsing.
44 * Support disabling of user canonicalization so that the PAM user is
49 This poses some challenges due to the two-step ticket cache mechanism
[all …]
H A DMakefile.am1 # Automake makefile for pam-krb5.
4 # Copyright 2005-2007, 2014, 2017, 2020-2021 Russ Allbery <eagle@eyrie.org>
5 # Copyright 2009, 2011-2012
8 # Copyright 1999-2000 Frank Cusack <fcusack@fcusack.com>
10 # SPDX-License-Identifier: BSD-3-clause or GPL-1+
12 ACLOCAL_AMFLAGS = -I m4
13 EXTRA_DIST = .clang-format .gitignore .github LICENSE README.md bootstrap \
14 ci/README.md ci/files/heimdal/heimdal-kdc \
16 ci/files/heimdal/krb5.conf ci/files/heimdal/pki-mapping \
19 ci/kdc-setup-heimdal ci/kdc-setup-mit ci/install ci/test \
[all …]
/freebsd/lib/libpam/modules/pam_krb5/
H A Dpam-krb5.81 .\" -*- mode: troff; coding: utf-8 -*-
58 .TH PAM_KRB5 1 2025-06-05 "perl v5.40.2" "User Contributed Perl Documentation"
64 pam_krb5 \- Kerberos PAM module
75 The Kerberos service module for PAM, typically installed at
76 \&\fI/lib/security/pam_krb5.so\fR, provides functionality for the four PAM
79 dynamically loaded by the PAM subsystem as necessary, based on the system
80 PAM configuration. PAM is a system for plugging in external
83 user session on that system. For details on how to configure PAM on your
84 system, see the PAM man page, often \fBpam\fR\|(7).
90 former takes the username from the PAM session, prompts for the user's
[all …]
/freebsd/lib/libpam/modules/pam_permit/
H A Dpam_permit.830 .Nd Promiscuous PAM module
32 .Op Ar service-name
33 .Ar module-type
34 .Ar control-flag
38 The Promiscuous authentication service module for PAM,
40 provides functionality for all the PAM categories:
46 .Ar module-type
60 PAM-enabled applications.
63 .Bl -tag -width ".Cm debug"
71 .Xr pam 3 ,
[all …]
/freebsd/crypto/openssh/
H A Dsshd_config3 # This is the sshd server system-wide configuration file. See
59 # Change to "yes" to enable built-in password authentication.
64 # Change to "no" to disable keyboard-interactive authentication. Depending on
65 # the system's configuration, this may involve passwords, challenge-response,
66 # one-time passwords or some combination of these and other methods.
67 # Keyboard interactive authentication is also used for PAM authentication.
80 # Set this to 'no' to disable PAM authentication, account processing,
81 # and session processing. If this is enabled, PAM authentication will
83 # PasswordAuthentication. Depending on your PAM configuration,
84 # PAM authentication via KbdInteractiveAuthentication may bypass
[all …]
H A DREADME.platform20 than the build host then you can add "-DBROKEN_GETADDRINFO" to CFLAGS
21 to force the previous IPv4-only behaviour.
31 --with-ssl-dir=/opt/freeware --with-zlib=/opt/freeware
33 If sshd is built with the WITH_AIXAUTHENTICATE option (which is enabled
44 ------
46 gcc, gcc-mingw-core, mingw-runtime, binutils, make, openssl,
47 openssl-devel, zlib, minres, minires-devel.
51 ------------------
52 Darwin does not provide a tun(4) driver required for OpenSSH-based
57 Point-to-Point (Layer 3) and Ethernet (Layer 2) mode using a third
[all …]
H A DINSTALL2 ----------------
6 compiler's run-time integrity checking options. Some notes about
8 - clang: -ftrapv and -sanitize=integer require the compiler-rt runtime
9 (CC=clang LDFLAGS=--rtlib=compiler-rt ./configure)
24 - LibreSSL (https://www.libressl.org/) 3.1.0 or greater
25 - OpenSSL (https://www.openssl.org) 1.1.1 or greater
27 LibreSSL/OpenSSL should be compiled as a position-independent library
28 (i.e. -fPIC, eg by configuring OpenSSL as "./config [options] -fPIC"
29 or LibreSSL as "CFLAGS=-fPIC ./configure") otherwise OpenSSH will not
30 be able to link with it. If you must use a non-position-independent
[all …]
H A DREADME.md3 …com/openssh/openssh-portable/actions/workflows/c-cpp.yml/badge.svg)](https://github.com/openssh/op…
4 …tatus](https://oss-fuzz-build-logs.storage.googleapis.com/badges/openssh.svg)](https://bugs.chromi…
5 …//scan.coverity.com/projects/21341/badge.svg)](https://scan.coverity.com/projects/openssh-portable)
7 … and ``sftp`` as well as tools for key generation (``ssh-keygen``), run-time key storage (``ssh-ag…
9-like operating systems, including Linux, OS X and Cygwin. Portable OpenSSH polyfills OpenBSD APIs…
17 * [ssh-keygen(1)](https://man.openbsd.org/ssh-keygen.1)
18 * [ssh-agent(1)](https://man.openbsd.org/ssh-agent.1)
21 * [ssh-keyscan(8)](https://man.openbsd.org/ssh-keyscan.8)
22 * [sftp-server(8)](https://man.openbsd.org/sftp-server.8)
38 …o2](https://github.com/Yubico/libfido2) and its dependencies and will be enabled automatically if …
[all …]
H A Dauth-pam.c1 /*-
7 * under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the
48 /* Based on FreeBSD: src/crypto/openssh/auth2-pam-freebsd.c,v 1.11 2003/03/31 13:48:18 des */
67 #include <pam/pam_appl.h>
72 # define sshpam_const /* Solaris, HP-UX, SunOS */
81 # define PAM_MSG_MEMBER(msg, n, member) ((msg)[(n)]->member)
89 #include "auth-pam.h"
97 #include "auth-options.h"
100 #include "ssh-gss.h"
151 static int sshpam_thread_status = -1;
[all …]
H A Dsshd_config.550 The file contains keyword-argument pairs, one per line.
61 keywords are case-insensitive and arguments are case-sensitive):
62 .Bl -tag -width Ds
77 requests a pseudo-terminal as it is required by the protocol.
102 .Xr ssh-agent 1
127 Specifies whether StreamLocal (Unix-domain socket) forwarding is permitted.
189 This option must be followed by one or more lists of comma-separated
198 .Qq publickey,password publickey,keyboard-interactive
203 keyboard-interactive authentication before public key.
210 .Cm pam .
[all …]
H A DREADME.privsep8 Privilege separation is now mandatory. During the pre-authentication
10 "sshd" user and its primary group. sshd is a pseudo-account that should
21 # useradd -g sshd -c 'sshd privsep' -d /var/empty -s /bin/false sshd
28 --with-privsep-path=xxx Path for privilege separation chroot
29 --with-privsep-user=user Specify non-privileged user for privilege separation
31 PAM-enabled OpenSSH is known to function with privsep on AIX, FreeBSD,
32 HP-UX (including Trusted Mode), Linux, NetBSD and Solaris.
34 On Cygwin, Tru64 Unix and OpenServer only the pre-authentication part
35 of privsep is supported. Post-authentication privsep is disabled
41 Given the following process listing (from HP-UX):
[all …]
H A Dauth2.c56 #include "ssh-gss.h"
113 if ((fd = open(options.banner, O_RDONLY)) == -1) in auth2_read_banner()
115 if (fstat(fd, &st) == -1) { in auth2_read_banner()
168 * loop until authctxt->success == TRUE
173 Authctxt *authctxt = ssh->authctxt; in do_authentication2()
176 if (ssh->kex->ext_info_c) in do_authentication2()
179 ssh_dispatch_run_fatal(ssh, DISPATCH_BLOCK, &authctxt->success); in do_authentication2()
180 ssh->authctxt = NULL; in do_authentication2()
186 Authctxt *authctxt = ssh->authctx in input_service_request()
[all...]
H A Dmonitor.c62 #include "openbsd-compat/sys-tree.h"
63 #include "openbsd-compat/sys-queue.h"
64 #include "openbsd-compat/openssl-compat.h"
76 #include "auth-pam.h"
78 #include "auth-options.h"
91 #include "ssh-gss.h"
100 #include "sk-api.h"
113 extern struct sshauthopt *auth_opts; /* XXX move to permanent ssh->authctxt? */
249 while (ent->f != NULL) { in monitor_permit()
250 if (ent->type == type) { in monitor_permit()
[all …]
/freebsd/contrib/pam-krb5/pam-util/
H A Dlogging.c2 * Logging functions for PAM modules.
4 * Logs errors and debugging messages from PAM modules. The debug versions
5 * only log anything if debugging was enabled; the crit and err versions
8 * The canonical version of this file is maintained in the rra-c-util package,
9 * which can be found at <https://www.eyrie.org/~eagle/software/rra-c-util/>.
13 * Copyright 2005-2007, 2009-2010, 2012-2013
34 * SPDX-License-Identifier: MIT
41 #include <portable/pam.h>
46 #include <pam-util/args.h>
47 #include <pam-util/logging.h>
[all …]
/freebsd/contrib/openpam/doc/man/
H A Dpam.conf.51 .\"-
2 .\" Copyright (c) 2005-2025 Dag-Erling Smørgrav
33 .Nm pam.conf
34 .Nd PAM policy file format
36 The PAM library searches for policies in the following files, in
38 .Bl -enum
40 .Pa /etc/pam.d/ Ns Ar service-name
42 .Pa /etc/pam.conf
44 .Pa /usr/local/etc/pam.d/ Ns Ar service-name
46 .Pa /usr/local/etc/pam.conf
[all …]
H A Dopenpam_get_feature.327 .Bl -tag -width 18n
30 This feature is enabled by default.
36 This feature is enabled by default.
40 Enabling it prevents the use of modules in non-standard
45 This feature is enabled by default.
51 .Bl -tag -width 18n
59 .Xr pam 3 ,
70 .An Dag-Erling Sm\(/orgrav Aq Mt des@des.dev .
/freebsd/contrib/openpam/
H A Dconfigure.ac21 LT_INIT([disable-static dlopen])
23 # pkg-config
34 AS_HELP_STRING([--enable-debug],
38 AC_ARG_ENABLE([unversioned-modules],
39 AS_HELP_STRING([--disable-unversioned-modules],
47 AC_ARG_WITH([modules-dir],
48 AS_HELP_STRING([--with-modules-dir=DIR],
63 AS_HELP_STRING([--with-localbase=DIR],
74 AS_HELP_STRING([--without-doc], [do not build documentation]),
79 AC_ARG_WITH([pam-unix],
[all …]
/freebsd/contrib/pam-krb5/module/
H A Doptions.c2 * Option handling for pam-krb5.
6 * parses the PAM configuration.
8 * Copyright 2005-2010, 2014, 2020 Russ Allbery <eagle@eyrie.org>
9 * Copyright 2011-2012
12 * Copyright 1999-2000 Frank Cusack <fcusack@fcusack.com>
14 * SPDX-License-Identifier: BSD-3-clause or GPL-1+
24 #include <pam-util/args.h>
25 #include <pam-util/logging.h>
26 #include <pam-util/options.h>
27 #include <pam-util/vector.h>
[all …]
/freebsd/share/mk/
H A Dsrc.opts.mk22 # The old-style YES_FOO and NO_FOO are being phased out. No new instances of them
49 # hard-wired to 'no'. "Broken" here means not working or
50 # not-appropriate and/or not supported. It doesn't imply something is
53 # time. Options are added to BROKEN_OPTIONS list on a per-arch basis.
55 # Options listed in 'REQUIRED_OPTIONS' will be hard-wired to 'yes'; this
159 PAM \
253 PAM \
262 # as MACHINE_ARCH (the non-buildworld case). Normally TARGET_ARCH is not
265 # Additional, per-target behavior should be rarely added only after much
286 # aarch64 needs arm for -m32 support.
[all …]
/freebsd/lib/libpam/modules/pam_exec/
H A Dpam_exec.c1 /*-
2 * SPDX-License-Identifier: BSD-3-Clause
5 * Copyright (c) 2017-2019 Dag-Erling Smørgrav
11 * under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the
123 * --: in parse_options()
133 options->capture_stdout = 1; in parse_options()
135 options->capture_stderr = 1; in parse_options()
137 options->return_prog_exit_status = 1; in parse_options()
139 options->expose_authtok = 1; in parse_options()
141 options->use_first_pass = 1; in parse_options()
[all …]

12