| /freebsd/contrib/pam-krb5/tests/fakepam/ |
| H A D | README | 1 PAM Testing Framework
5 The files in this directory provide a shim PAM library that's used for
6 testing and a test framework used to exercise a PAM module.
9 of the PAM module interface so that PAM modules can be tested without
10 such problems as needing configuration files in /etc/pam.d or needing
11 changes to the system configuration to run a testing PAM module
12 instead of the normal system PAM modules.
14 The goal of this library is that all PAM code should be able to be
16 rather than the regular PAM library. The testing code can then call
17 pam_start and pam_end as defined in the fakepam/pam.h header file and
[all …]
|
| H A D | script.h | 2 * PAM interaction script API.
4 * Provides an interface that loads a PAM interaction script from a file and
5 * runs through that script, calling the internal PAM module functions and
6 * checking their results. This allows automation of PAM testing through
41 #include <portable/pam.h>
45 /* A test callback called after PAM functions are run but before pam_end. */
50 /* Configuration for the PAM interaction script API. */
56 const char *authtok; /* Stored as AUTHTOK before PAM. */
57 const char *oldauthtok; /* Stored as OLDAUTHTOK before PAM. */
58 script_callback callback; /* Called after PAM, before pam_end. */
|
| /freebsd/sys/contrib/openzfs/tests/zfs-tests/tests/functional/pam/ |
| H A D | pam_mount_recursively.ksh | 24 . $STF_SUITE/tests/functional/pam/utilities.kshlib
35 log_must zfs create -o mountpoint="$TESTDIR/mrec" "$TESTPOOL/mrec/pam"
37 -o keylocation=prompt "$TESTPOOL/mrec/pam/${username}"
38 log_must zfs create "$TESTPOOL/mrec/pam/${username}/deep"
39 log_must zfs create "$TESTPOOL/mrec/pam/${username}/deep/deeper"
40 log_must zfs create -o mountpoint=none "$TESTPOOL/mrec/pam/${username}/deep/none"
41 log_must zfs create -o canmount=noauto "$TESTPOOL/mrec/pam/${username}/deep/noauto"
42 log_must zfs create -o canmount=off "$TESTPOOL/mrec/pam/${username}/deep/off"
43 log_must zfs unmount "$TESTPOOL/mrec/pam/${username}"
44 log_must zfs unload-key "$TESTPOOL/mrec/pam/${username}"
[all …]
|
| H A D | pam_recursive.ksh | 24 . $STF_SUITE/tests/functional/pam/utilities.kshlib
35 log_must zfs create -o mountpoint="$TESTDIR/rec" "$TESTPOOL/pampam/pam"
37 -o keylocation=prompt "$TESTPOOL/pampam/pam/${username}"
38 log_must zfs unmount "$TESTPOOL/pampam/pam/${username}"
39 log_must zfs unload-key "$TESTPOOL/pampam/pam/${username}"
43 log_must [ "$(get_prop keystatus "$TESTPOOL/pampam/pam/${username}")" = "$1" ]
46 log_mustnot ismounted "$TESTPOOL/pampam/pam/${username}"
52 log_must ismounted "$TESTPOOL/pampam/pam/${username}"
57 log_mustnot ismounted "$TESTPOOL/pampam/pam/${username}"
61 genconfig "homes=$TESTPOOL/pampam/pam prop_mountpoint runstatedir=${runstatedir}"
|
| H A D | pam_short_password.ksh | 29 . $STF_SUITE/tests/functional/pam/utilities.kshlib
44 log_mustnot ismounted "$TESTPOOL/pam/${username}"
47 genconfig "homes=$TESTPOOL/pam runstatedir=${runstatedir}"
52 log_must ismounted "$TESTPOOL/pam/${username}"
61 log_mustnot ismounted "$TESTPOOL/pam/${username}"
67 log_mustnot ismounted "$TESTPOOL/pam/${username}"
74 log_must ismounted "$TESTPOOL/pam/${username}"
81 log_mustnot ismounted "$TESTPOOL/pam/${username}"
84 echo "short" | zfs load-key "$TESTPOOL/pam/${username}"
86 zfs unload-key "$TESTPOOL/pam/${username}"
|
| H A D | pam_nounmount.ksh | 24 . $STF_SUITE/tests/functional/pam/utilities.kshlib
30 log_mustnot ismounted "$TESTPOOL/pam/${username}"
33 genconfig "homes=$TESTPOOL/pam runstatedir=${runstatedir} nounmount"
36 log_must ismounted "$TESTPOOL/pam/${username}"
42 log_must ismounted "$TESTPOOL/pam/${username}"
47 log_must ismounted "$TESTPOOL/pam/${username}"
52 log_must ismounted "$TESTPOOL/pam/${username}"
53 log_must zfs unmount "$TESTPOOL/pam/${username}"
54 log_must zfs unload-key "$TESTPOOL/pam/${username}"
|
| H A D | pam_change_unmounted.ksh | 24 . $STF_SUITE/tests/functional/pam/utilities.kshlib
30 log_mustnot ismounted "$TESTPOOL/pam/${username}"
33 genconfig "homes=$TESTPOOL/pam runstatedir=${runstatedir}"
37 log_mustnot ismounted "$TESTPOOL/pam/${username}"
42 log_must ismounted "$TESTPOOL/pam/${username}"
47 log_must ismounted "$TESTPOOL/pam/${username}"
48 log_must ismounted "$TESTPOOL/pam/${username}"
53 log_mustnot ismounted "$TESTPOOL/pam/${username}"
|
| /freebsd/contrib/pam-krb5/ |
| H A D | NEWS | 1 User-Visible pam-krb5 Changes
3 pam-krb5 4.11 (2021-10-17)
7 is closing the PAM session after a fork to free memory resources, but
12 Stop attempting to guess the correct PAM module installation path on
23 pam-krb5 4.10 (2021-03-20)
42 pam-krb5 4.9 (2020-03-30)
57 the memory used by PAM responses before freeing. This reduces the
77 * Fix misplaced va_end in the pam-util putil_log_failure function.
90 pam-krb5 4.8 (2017-12-30)
131 * Add portability defines for macOS's PAM implementation.
[all …]
|
| H A D | README.md | 1 # pam-krb5
4 status](https://github.com/rra/pam-krb5/workflows/build/badge.svg)](https://github.com/rra/pam-krb5…
18 pam-krb5 is a Kerberos PAM module for either MIT Kerberos or Heimdal. It
22 expected PAM features. It works correctly with OpenSSH, even with
24 supports extensive configuration either by PAM options or in krb5.conf or
30 pam-krb5 provides a Kerberos PAM module that supports authentication, user
33 can be configured through either options in the PAM configuration itself
35 around PAM implementation flaws in commonly-used PAM-enabled applications
39 This is not the Kerberos PAM module maintained on Sourceforge and used on
46 Kerberos PAM module), see
[all …]
|
| H A D | README | 1 pam-krb5 4.11
2 (PAM module for Kerberos authentication)
14 pam-krb5 is a Kerberos PAM module for either MIT Kerberos or Heimdal.
18 standard expected PAM features. It works correctly with OpenSSH, even
20 and supports extensive configuration either by PAM options or in
26 pam-krb5 provides a Kerberos PAM module that supports authentication,
29 changing. It can be configured through either options in the PAM
31 and it tries to work around PAM implementation flaws in commonly-used
32 PAM-enabled applications such as OpenSSH and xdm. It supports both
36 This is not the Kerberos PAM module maintained on Sourceforge and used
[all …]
|
| H A D | Makefile.am | 1 # Automake makefile for pam-krb5.
23 tests/data/krb5-pam.conf tests/data/krb5.conf tests/data/perl.conf \
35 noinst_LTLIBRARIES = pam-util/libpamutil.la portable/libportable.la
37 portable/krb5.h portable/macros.h portable/pam.h portable/stdbool.h \
40 pam_util_libpamutil_la_SOURCES = pam-util/args.c pam-util/args.h \
41 pam-util/logging.c pam-util/logging.h pam-util/options.c \
42 pam-util/options.h pam-util/vector.c pam-util/vector.h
59 module_pam_krb5_la_LIBADD = pam-util/libpamutil.la portable/libportable.la \
66 pod2man --release="$(VERSION)" --center=pam-krb5 -s 5 \
92 tests/module/long-t tests/module/no-cache-t tests/module/pam-user-t \
[all …]
|
| H A D | TODO | 1 pam-krb5 To-Do List
3 PAM API:
7 available in the PAM data) and trying a regular authentication first to
14 these into one PAM conversation call for better GUI presentation
21 password. This will fix failure to store passwords in the PAM data
28 pam-krb5 is run as a non-root user and hence doesn't have access to the
30 developed for a different PAM authentication module, and it would be
44 * Support disabling of user canonicalization so that the PAM user is
71 the PAM context is currently too complicated. It should be possible to
78 PAM module configuration.
[all …]
|
| H A D | configure.ac | 1 dnl Autoconf configuration for pam-krb5.
13 AC_INIT([pam-krb5], [4.11], [eagle@eyrie.org])
45 dnl Probe for the functionality of the PAM libraries and their include file
46 dnl naming. Mac OS X puts them in pam/* instead of security/*.
47 AC_SEARCH_LIBS([pam_set_data], [pam])
51 [AC_CHECK_HEADERS([pam/pam_modutil.h])])
53 [AC_CHECK_HEADERS([pam/pam_appl.h], [],
54 [AC_MSG_ERROR([No PAM header files found])])])
56 [AC_CHECK_HEADERS([pam/pam_ext.h])])
60 [The name of the PAM module, used by the pam_vsyslog replacement.])
[all …]
|
| /freebsd/contrib/pam-krb5/docs/ |
| H A D | docknot.yaml | 1 # Package metadata for pam-krb5.
16 name: pam-krb5
19 synopsis: PAM module for Kerberos authentication
42 installation path for PAM modules varies considerably between systems.
46 PAM directory. On Debian's amd64 architecture,
61 tarname: pam-krb5
62 version: pam-krb5
65 github: rra/pam-krb5
66 web: https://www.eyrie.org/~eagle/software/pam-krb5/
68 browse: https://git.eyrie.org/?p=kerberos/pam-krb5.git
[all …]
|
| H A D | pam_krb5.pod | 5 logout pam-krb5 preauth 0.8rc1 screensaver screensavers sshd localname
11 pam_krb5 - Kerberos PAM module
22 The Kerberos service module for PAM, typically installed at
23 F</lib/security/pam_krb5.so>, provides functionality for the four PAM
26 dynamically loaded by the PAM subsystem as necessary, based on the system
27 PAM configuration. PAM is a system for plugging in external
30 user session on that system. For details on how to configure PAM on your
31 system, see the PAM man page, often pam(7).
40 former takes the username from the PAM session, prompts for the user's
53 After doing the initial authentication, the Kerberos PAM module will
[all …]
|
| /freebsd/lib/libpam/modules/pam_krb5/ |
| H A D | pam-krb5.8 | 64 pam_krb5 \- Kerberos PAM module
75 The Kerberos service module for PAM, typically installed at
76 \&\fI/lib/security/pam_krb5.so\fR, provides functionality for the four PAM
79 dynamically loaded by the PAM subsystem as necessary, based on the system
80 PAM configuration. PAM is a system for plugging in external
83 user session on that system. For details on how to configure PAM on your
84 system, see the PAM man page, often \fBpam\fR\|(7).
90 former takes the username from the PAM session, prompts for the user's
103 After doing the initial authentication, the Kerberos PAM module will
107 local key and that the PAM module be running as a user that can read the
[all …]
|
| H A D | Makefile | 29 SRCDIR= ${SRCTOP}/contrib/pam-krb5
32 ${SRCDIR}/pam-util \
49 pam-util_options.c \
60 MAN= pam-krb5.8
61 MLINKS= pam-krb5.8 pam_krb5.8
70 CLEANFILES= pam-util_options.c module_options.c
72 pam-util_options.c: .PHONY
73 cp ${SRCDIR}/pam-util/options.c pam-util_options.c
|
| /freebsd/crypto/openssh/ |
| H A D | auth-pam.c | 48 /* Based on FreeBSD: src/crypto/openssh/auth2-pam-freebsd.c,v 1.11 2003/03/31 13:48:18 des */
67 #include <pam/pam_appl.h>
89 #include "auth-pam.h"
159 return; /* handler called after PAM cleanup, shouldn't happen */ in sshpam_sigchld_handler()
162 /* PAM thread has not exitted, privsep slave must have */ in sshpam_sigchld_handler()
253 /* Some PAM implementations don't implement this */
261 * env vars (e.g. KRB5CCNAME) from the PAM environment. in pam_getenvlist()
279 * This wraps pam_chauthtok and sets/restore the real uid so PAM will do
289 fatal("PAM: sshpam_authctxt not initialized"); in sshpam_chauthtok_ruid()
308 fatal("%s: PAM authctxt not initialized", __func__); in sshpam_password_change_required()
[all …]
|
| H A D | INSTALL | 58 PAM:
60 OpenSSH can utilise Pluggable Authentication Modules (PAM) if your
61 system supports it. PAM is standard most Linux distributions, Solaris,
64 Information about the various PAM implementations are available:
66 Solaris PAM: http://www.sun.com/software/solaris/pam/
67 Linux PAM: http://www.kernel.org/pub/linux/libs/pam/
166 If you are using PAM, you may need to manually install a PAM control
167 file as "/etc/pam.d/sshd" (or wherever your system prefers to keep
168 them). Note that the service name used to start PAM is __progname,
171 executable, your PAM configuration may need to be modified.
[all …]
|
| /freebsd/crypto/openssh/.github/workflows/ |
| H A D | selfhosted.yml | 67 - { target: openindiana, config: pam, host: libvirt-hipri }
69 - { target: sol10, config: pam, host: libvirt-hipri }
71 - { target: sol11, config: pam-krb5, host: libvirt-hipri }
74 - { target: centos7, config: pam, host: libvirt }
75 - { target: debian-i386, config: pam, host: libvirt }
77 - { target: dfly48, config: pam ,host: libvirt }
78 - { target: dfly58, config: pam, host: libvirt }
79 - { target: dfly60, config: pam, host: libvirt }
80 - { target: dfly62, config: pam, host: libvirt }
81 - { target: dfly64, config: pam, host: libvirt }
[all …]
|
| /freebsd/contrib/pam-krb5/portable/ |
| H A D | pam.h | 2 * Portability wrapper around PAM header files.
4 * This header file includes the various PAM headers, wherever they may be
5 * found on the system, and defines replacements for PAM functions that may
30 /* Linux PAM 1.1.0 requires sys/types.h before security/pam_modutil.h. */
40 # include <pam/pam_appl.h>
41 # include <pam/pam_modules.h>
46 # include <pam/pam_ext.h>
51 # include <pam/pam_modutil.h>
61 /* Solaris 8 has deficient PAM. */
92 * Some PAM implementations support building the module static and exporting
[all …]
|
| /freebsd/contrib/pam-krb5/module/ |
| H A D | public.c | 2 * The public APIs of the pam-afs-session PAM module.
27 #include <portable/pam.h>
31 #include <pam-util/args.h>
32 #include <pam-util/logging.h>
36 * The main PAM interface for authorization checking.
55 * PAM configuration, but it's not common for the user to do so and that's in pam_sm_acct_mgmt()
56 * not how other krb5 PAM modules work. If we don't do this, root logins in pam_sm_acct_mgmt()
75 * The main PAM interface for authentication. We also do authorization checks
101 * The main PAM interface, in the auth stack, for establishing credentials
153 * Linux PAM library, at least for applications that call pam_setcred in pam_sm_setcred()
[all …]
|
| /freebsd/contrib/openpam/doc/man/ |
| H A D | pam.man | 2 The Pluggable Authentication Modules (PAM) library abstracts a number
7 In PAM parlance, the application that uses PAM to authenticate a user
16 user and perform whatever task he requested is a PAM transaction; the
20 The functionality embodied by PAM is divided into six primitives
24 The PAM library expects the application to provide a conversation
35 function initializes the PAM library and returns a handle which must
44 and can be called at any time to terminate a PAM transaction.
95 function returns a pointer to a string describing the specified PAM
|
| /freebsd/contrib/pam-krb5/pam-util/ |
| H A D | args.h | 2 * Standard structure for PAM data.
4 * The PAM utility functions often need an initial argument that encapsulates
5 * the PAM handle, some configuration information, and possibly a Kerberos
8 * The individual PAM modules should provide a definition of the pam_config
9 * struct appropriate to that module. None of the PAM utility functions need
47 #include <portable/pam.h>
50 /* Opaque struct from the PAM utility perspective. */
54 pam_handle_t *pamh; /* Pointer back to the PAM handle. */
55 struct pam_config *config; /* Per-module PAM configuration. */
|
| /freebsd/sys/contrib/openzfs/config/ |
| H A D | user-pam.m4 | 2 AC_ARG_ENABLE([pam],
3 AS_HELP_STRING([--enable-pam],
10 [install pam module in dir [[$libdir/security]]]),
15 [install pam-config files in dir [DATADIR/pam-configs]]),
17 [pamconfigsdir='${datadir}/pam-configs'])
33 DEFINE_PAM='--with pam'
|