HEADS UP: a change to pam_nologin(8)
Yar Tikhiy
yar at comp.chem.msu.su
Sat Jun 9 15:33:24 UTC 2007
Hi all,
As per discussion with re@ and the PAM maintainer, des@, I'm about
to commit a change to pam_nologin(8) that will require changes to
pam.d files. Using old pam.d files will result in nologin(5) just
ignored, which is of concern only to multi-user system admins, who
are an endangered minority in these days of thinking toasters (sigh!)
Here's the paragraph for UPDATING:
20070610:
The pam_nologin(8) module ceases to provide an authentication
function and starts providing an account management function.
Consequent changes to /etc/pam.d should be brought in using
mergemaster(8). Third-party files in /usr/local/etc/pam.d may
need manual editing as follows. Locate this line (or similar):
auth required pam_nologin.so no_warn
and change it according to this example:
account required pam_nologin.so no_warn
That is, the first word needs to be changed from "auth" to
"account". The new line can be moved to the account section
within the file for clarity. Not updating pam.conf(5) files
will result in nologin(5) ignored by the respective services.
If no objections are raised at the last minute, I'll send a separate
heads-up message to the ports folks with details on how this change
is going to affect ports.
--
Yar
More information about the freebsd-current
mailing list