svn commit: r199248 - head/lib/libpam/modules/pam_unix
Dag-Erling Smorgrav
des at FreeBSD.org
Fri Nov 13 11:19:26 UTC 2009
Author: des
Date: Fri Nov 13 11:19:26 2009
New Revision: 199248
URL: http://svn.freebsd.org/changeset/base/199248
Log:
Note that nullok should not be used by processes that can't access the
password database.
PR: bin/126650, misc/140514
MFC after: 1 week
Modified:
head/lib/libpam/modules/pam_unix/pam_unix.8
Modified: head/lib/libpam/modules/pam_unix/pam_unix.8
==============================================================================
--- head/lib/libpam/modules/pam_unix/pam_unix.8 Fri Nov 13 09:57:50 2009 (r199247)
+++ head/lib/libpam/modules/pam_unix/pam_unix.8 Fri Nov 13 11:19:26 2009 (r199248)
@@ -105,6 +105,17 @@ sufficient.
If the password database has no password for the entity being
authenticated, then this option will forgo password prompting, and
silently allow authentication to succeed.
+.Pp
+.Sy NOTE:
+If
+.Nm
+is invoked by a process that does not have the privileges required to
+access the password database (in most cases, this means root
+privileges), the
+.Cm nullok
+option may cause
+.Nm
+to allow any user to log in with any password.
.It Cm local_pass
Use only the local password database, even if NIS is in use.
This will cause an authentication failure if the system is configured
More information about the svn-src-head
mailing list