HEADS UP: a change to pam_nologin(8)

Yar Tikhiy yar at comp.chem.msu.su
Sat Jun 9 15:33:24 UTC 2007

Hi all,

As per discussion with re@ and the PAM maintainer, des@, I'm about
to commit a change to pam_nologin(8) that will require changes to
pam.d files.  Using old pam.d files will result in nologin(5) just
ignored, which is of concern only to multi-user system admins, who
are an endangered minority in these days of thinking toasters (sigh!)

Here's the paragraph for UPDATING:

        The pam_nologin(8) module ceases to provide an authentication
        function and starts providing an account management function.  
        Consequent changes to /etc/pam.d should be brought in using
        mergemaster(8).  Third-party files in /usr/local/etc/pam.d may  
        need manual editing as follows.  Locate this line (or similar):

                auth    required        pam_nologin.so  no_warn

        and change it according to this example:

                account required        pam_nologin.so  no_warn

        That is, the first word needs to be changed from "auth" to   
        "account".  The new line can be moved to the account section
        within the file for clarity.  Not updating pam.conf(5) files
	will result in nologin(5) ignored by the respective services.

If no objections are raised at the last minute, I'll send a separate
heads-up message to the ports folks with details on how this change
is going to affect ports.


More information about the freebsd-current mailing list