head	1.13;
access;
symbols
	RELENG_8_4:1.13.0.2
	RELENG_9_1_0_RELEASE:1.12.2.1.4.2
	RELENG_9_1:1.12.2.1.0.4
	RELENG_9_1_BP:1.12.2.1
	RELENG_8_3_0_RELEASE:1.11.10.1.8.1
	RELENG_8_3:1.11.10.1.0.8
	RELENG_8_3_BP:1.11.10.1
	RELENG_9_0_0_RELEASE:1.12.2.1.2.1
	RELENG_9_0:1.12.2.1.0.2
	RELENG_9_0_BP:1.12.2.1
	RELENG_9:1.12.0.2
	RELENG_9_BP:1.12
	RELENG_7_4_0_RELEASE:1.11.14.1
	RELENG_8_2_0_RELEASE:1.11.10.1.6.1
	RELENG_7_4:1.11.0.14
	RELENG_7_4_BP:1.11
	RELENG_8_2:1.11.10.1.0.6
	RELENG_8_2_BP:1.11.10.1
	RELENG_8_1_0_RELEASE:1.11.10.1.4.1
	RELENG_8_1:1.11.10.1.0.4
	RELENG_8_1_BP:1.11.10.1
	RELENG_7_3_0_RELEASE:1.11.12.1
	RELENG_7_3:1.11.0.12
	RELENG_7_3_BP:1.11
	RELENG_8_0_0_RELEASE:1.11.10.1.2.1
	RELENG_8_0:1.11.10.1.0.2
	RELENG_8_0_BP:1.11.10.1
	RELENG_8:1.11.0.10
	RELENG_8_BP:1.11
	RELENG_7_2_0_RELEASE:1.11.8.1
	RELENG_7_2:1.11.0.8
	RELENG_7_2_BP:1.11
	RELENG_7_1_0_RELEASE:1.11.6.1
	RELENG_6_4_0_RELEASE:1.10.12.1
	RELENG_7_1:1.11.0.6
	RELENG_7_1_BP:1.11
	RELENG_6_4:1.10.0.12
	RELENG_6_4_BP:1.10
	RELENG_7_0_0_RELEASE:1.11
	RELENG_6_3_0_RELEASE:1.10
	RELENG_7_0:1.11.0.4
	RELENG_7_0_BP:1.11
	RELENG_6_3:1.10.0.10
	RELENG_6_3_BP:1.10
	RELENG_7:1.11.0.2
	RELENG_7_BP:1.11
	RELENG_6_2_0_RELEASE:1.10
	RELENG_6_2:1.10.0.8
	RELENG_6_2_BP:1.10
	RELENG_5_5_0_RELEASE:1.9.2.1
	RELENG_5_5:1.9.2.1.0.2
	RELENG_5_5_BP:1.9.2.1
	RELENG_6_1_0_RELEASE:1.10
	RELENG_6_1:1.10.0.6
	RELENG_6_1_BP:1.10
	RELENG_6_0_0_RELEASE:1.10
	RELENG_6_0:1.10.0.4
	RELENG_6_0_BP:1.10
	RELENG_6:1.10.0.2
	RELENG_6_BP:1.10
	RELENG_5_4_0_RELEASE:1.9
	RELENG_5_4:1.9.0.6
	RELENG_5_4_BP:1.9
	RELENG_5_3_0_RELEASE:1.9
	RELENG_5_3:1.9.0.4
	RELENG_5_3_BP:1.9
	RELENG_5:1.9.0.2
	RELENG_5_BP:1.9
	RELENG_5_2_1_RELEASE:1.8
	RELENG_5_2_0_RELEASE:1.8
	RELENG_5_2:1.8.0.4
	RELENG_5_2_BP:1.8
	RELENG_5_1_0_RELEASE:1.8
	RELENG_5_1:1.8.0.2
	RELENG_5_1_BP:1.8
	RELENG_5_0_0_RELEASE:1.4
	RELENG_5_0:1.4.0.2
	RELENG_5_0_BP:1.4;
locks; strict;
comment	@# @;


1.13
date	2012.11.17.01.49.03;	author svnexp;	state Exp;
branches
	1.13.2.1;
next	1.12;

1.12
date	2009.10.05.09.28.54;	author des;	state Exp;
branches
	1.12.2.1;
next	1.11;

1.11
date	2007.06.10.18.57.20;	author yar;	state Exp;
branches
	1.11.2.1
	1.11.6.1
	1.11.8.1
	1.11.10.1
	1.11.12.1
	1.11.14.1;
next	1.10;

1.10
date	2005.04.28.07.59.09;	author des;	state Exp;
branches
	1.10.2.1
	1.10.12.1;
next	1.9;

1.9
date	2004.02.20.21.59.51;	author des;	state Exp;
branches
	1.9.2.1;
next	1.8;

1.8
date	2003.04.30.21.57.54;	author markm;	state Exp;
branches;
next	1.7;

1.7
date	2003.03.08.09.50.11;	author markm;	state Exp;
branches;
next	1.6;

1.6
date	2003.02.16.13.02.03;	author des;	state Exp;
branches;
next	1.5;

1.5
date	2003.02.10.00.50.03;	author des;	state Exp;
branches;
next	1.4;

1.4
date	2002.05.02.05.00.40;	author des;	state Exp;
branches;
next	1.3;

1.3
date	2002.04.18.17.40.27;	author des;	state Exp;
branches;
next	1.2;

1.2
date	2001.12.05.21.26.00;	author des;	state Exp;
branches;
next	1.1;

1.1
date	2001.12.05.21.06.21;	author des;	state Exp;
branches;
next	;

1.13.2.1
date	2012.11.17.01.49.03;	author svnexp;	state dead;
branches;
next	1.13.2.2;

1.13.2.2
date	2013.03.28.13.02.42;	author svnexp;	state Exp;
branches;
next	;

1.12.2.1
date	2011.09.23.00.51.37;	author kensmith;	state Exp;
branches
	1.12.2.1.2.1
	1.12.2.1.4.1;
next	1.12.2.2;

1.12.2.2
date	2012.11.17.11.36.11;	author svnexp;	state Exp;
branches;
next	;

1.12.2.1.2.1
date	2011.11.11.04.20.22;	author kensmith;	state Exp;
branches;
next	1.12.2.1.2.2;

1.12.2.1.2.2
date	2012.11.17.08.36.11;	author svnexp;	state Exp;
branches;
next	;

1.12.2.1.4.1
date	2012.08.05.23.54.33;	author kensmith;	state Exp;
branches;
next	1.12.2.1.4.2;

1.12.2.1.4.2
date	2012.11.17.08.47.00;	author svnexp;	state Exp;
branches;
next	;

1.11.2.1
date	2012.11.17.08.01.18;	author svnexp;	state Exp;
branches;
next	;

1.11.6.1
date	2008.11.25.02.59.29;	author kensmith;	state Exp;
branches;
next	;

1.11.8.1
date	2009.04.15.03.14.26;	author kensmith;	state Exp;
branches;
next	;

1.11.10.1
date	2009.08.03.08.13.06;	author kensmith;	state Exp;
branches
	1.11.10.1.2.1
	1.11.10.1.4.1
	1.11.10.1.6.1
	1.11.10.1.8.1;
next	1.11.10.2;

1.11.10.2
date	2012.11.17.10.35.56;	author svnexp;	state Exp;
branches;
next	;

1.11.10.1.2.1
date	2009.10.25.01.10.29;	author kensmith;	state Exp;
branches;
next	;

1.11.10.1.4.1
date	2010.06.14.02.09.06;	author kensmith;	state Exp;
branches;
next	;

1.11.10.1.6.1
date	2010.12.21.17.09.25;	author kensmith;	state Exp;
branches;
next	;

1.11.10.1.8.1
date	2012.03.03.06.15.13;	author kensmith;	state Exp;
branches;
next	1.11.10.1.8.2;

1.11.10.1.8.2
date	2012.11.17.08.24.38;	author svnexp;	state Exp;
branches;
next	;

1.11.12.1
date	2010.02.10.00.26.20;	author kensmith;	state Exp;
branches;
next	;

1.11.14.1
date	2010.12.21.17.10.29;	author kensmith;	state Exp;
branches;
next	1.11.14.2;

1.11.14.2
date	2012.11.17.08.16.37;	author svnexp;	state Exp;
branches;
next	;

1.10.2.1
date	2012.11.17.07.39.04;	author svnexp;	state Exp;
branches;
next	;

1.10.12.1
date	2008.10.02.02.57.24;	author kensmith;	state Exp;
branches;
next	;

1.9.2.1
date	2005.05.12.08.36.40;	author des;	state Exp;
branches;
next	;


desc
@@


1.13
log
@Switching exporter and resync
@
text
@#
# $FreeBSD: head/etc/pam.d/xdm 197769 2009-10-05 09:28:54Z des $
#
# PAM configuration for the "xdm" service
#

# auth
#auth		sufficient	pam_krb5.so		no_warn try_first_pass
#auth		sufficient	pam_ssh.so		no_warn try_first_pass
auth		required	pam_unix.so		no_warn try_first_pass

# account
account		required	pam_nologin.so
#account	required	pam_krb5.so
account		required	pam_unix.so

# session
#session	required	pam_ssh.so		want_agent
session		required	pam_lastlog.so		no_fail

# password
password	required	pam_deny.so
@


1.13.2.1
log
@file xdm was added on branch RELENG_8_4 on 2013-03-28 13:02:42 +0000
@
text
@d1 22
@


1.13.2.2
log
@## SVN ## Exported commit - http://svnweb.freebsd.org/changeset/base/248810
## SVN ## CVS IS DEPRECATED: http://wiki.freebsd.org/CvsIsDeprecated
@
text
@a0 22
#
# $FreeBSD: releng/8.4/etc/pam.d/xdm 170510 2007-06-10 18:57:20Z yar $
#
# PAM configuration for the "xdm" service
#

# auth
#auth		sufficient	pam_krb5.so		no_warn try_first_pass
#auth		sufficient	pam_ssh.so		no_warn try_first_pass
auth		required	pam_unix.so		no_warn try_first_pass

# account
account		required	pam_nologin.so
#account 	required	pam_krb5.so
account		required	pam_unix.so

# session
#session 	required	pam_ssh.so		want_agent
session		required	pam_lastlog.so		no_fail

# password
password	required	pam_deny.so
@


1.12
log
@SVN rev 197769 on 2009-10-05 09:28:54Z by des

tabify

MFC after:	3 weeks
@
text
@d2 1
a2 1
# $FreeBSD$
@


1.12.2.1
log
@SVN rev 225736 on 2011-09-23 00:51:37Z by kensmith

Copy head to stable/9 as part of 9.0-RELEASE release cycle.

Approved by:	re (implicit)
@
text
@@


1.12.2.2
log
@## SVN ##
## SVN ## Exported commit - http://svnweb.freebsd.org/changeset/base/ 242902
## SVN ## CVS IS DEPRECATED: http://wiki.freebsd.org/CvsIsDeprecated
## SVN ##
## SVN ## ------------------------------------------------------------------------
## SVN ## r242902 | dteske | 2012-11-11 23:29:45 +0000 (Sun, 11 Nov 2012) | 10 lines
## SVN ##
## SVN ## Fix a regression introduced by SVN r211417 that saw the breakage of a feature
## SVN ## documented in usr.sbin/sysinstall/help/shortcuts.hlp (reproduced below):
## SVN ##
## SVN ## If /usr/sbin/sysinstall is linked to another filename, say
## SVN ## `/usr/local/bin/configPackages', then the basename will be used
## SVN ## as an implicit command name.
## SVN ##
## SVN ## Reviewed by:	adrian (co-mentor)
## SVN ## Approved by:	adrian (co-mentor)
## SVN ##
## SVN ## ------------------------------------------------------------------------
## SVN ##
@
text
@d2 1
a2 1
# $FreeBSD: stable/9/etc/pam.d/xdm 197769 2009-10-05 09:28:54Z des $
@


1.12.2.1.4.1
log
@SVN rev 239080 on 2012-08-05 23:54:33Z by kensmith

Copy stable/9 to releng/9.1 as part of the 9.1-RELEASE release process.

Approved by:	re (implicit)
@
text
@@


1.12.2.1.4.2
log
@Switch importer
@
text
@d2 1
a2 1
# $FreeBSD: releng/9.1/etc/pam.d/xdm 197769 2009-10-05 09:28:54Z des $
@


1.12.2.1.2.1
log
@SVN rev 227445 on 2011-11-11 04:20:22Z by kensmith

Copy stable/9 to releng/9.0 as part of the FreeBSD 9.0-RELEASE release
cycle.

Approved by:	re (implicit)
@
text
@@


1.12.2.1.2.2
log
@Switch importer
@
text
@d2 1
a2 1
# $FreeBSD: releng/9.0/etc/pam.d/xdm 197769 2009-10-05 09:28:54Z des $
@


1.11
log
@Now pam_nologin(8) will provide an account management function
instead of an authentication function.  There are a design reason
and a practical reason for that.  First, the module belongs in
account management because it checks availability of the account
and does no authentication.  Second, there are existing and potential
PAM consumers that skip PAM authentication for good or for bad.
E.g., sshd(8) just prefers internal routines for public key auth;
OTOH, cron(8) and atrun(8) do implicit authentication when running
a job on behalf of its owner, so their inability to use PAM auth
is fundamental, but they can benefit from PAM account management.

Document this change in the manpage.

Modify /etc/pam.d files accordingly, so that pam_nologin.so is listed
under the "account" function class.

Bump __FreeBSD_version (mostly for ports, as this change should be
invisible to C code outside pam_nologin.)

PR:		bin/112574
Approved by:	des, re
@
text
@d14 1
a14 1
#account 	required	pam_krb5.so
d18 1
a18 1
#session 	required	pam_ssh.so		want_agent
@


1.11.2.1
log
@Switch importer
@
text
@d2 1
a2 1
# $FreeBSD: stable/7/etc/pam.d/xdm 170510 2007-06-10 18:57:20Z yar $
@


1.11.14.1
log
@SVN rev 216618 on 2010-12-21 17:10:29Z by kensmith

Copy stable/7 to releng/7.4 in preparation for FreeBSD-7.4 release.

Approved by:	re (implicit)
@
text
@@


1.11.14.2
log
@Switch importer
@
text
@d2 1
a2 1
# $FreeBSD: releng/7.4/etc/pam.d/xdm 170510 2007-06-10 18:57:20Z yar $
@


1.11.12.1
log
@SVN rev 203736 on 2010-02-10 00:26:20Z by kensmith

Copy stable/7 to releng/7.3 as part of the 7.3-RELEASE process.

Approved by:	re (implicit)
@
text
@@


1.11.10.1
log
@SVN rev 196045 on 2009-08-03 08:13:06Z by kensmith

Copy head to stable/8 as part of 8.0 Release cycle.

Approved by:	re (Implicit)
@
text
@@


1.11.10.2
log
@## SVN ##
## SVN ## Exported commit - http://svnweb.freebsd.org/changeset/base/ 242909
## SVN ## CVS IS DEPRECATED: http://wiki.freebsd.org/CvsIsDeprecated
## SVN ##
## SVN ## ------------------------------------------------------------------------
## SVN ## r242909 | dim | 2012-11-12 07:47:19 +0000 (Mon, 12 Nov 2012) | 20 lines
## SVN ##
## SVN ## MFC r242625:
## SVN ##
## SVN ## Remove duplicate const specifiers in many drivers (I hope I got all of
## SVN ## them, please let me know if not).  Most of these are of the form:
## SVN ##
## SVN ## static const struct bzzt_type {
## SVN ##       [...list of members...]
## SVN ## } const bzzt_devs[] = {
## SVN ##       [...list of initializers...]
## SVN ## };
## SVN ##
## SVN ## The second const is unnecessary, as arrays cannot be modified anyway,
## SVN ## and if the elements are const, the whole thing is const automatically
## SVN ## (e.g. it is placed in .rodata).
## SVN ##
## SVN ## I have verified this does not change the binary output of a full kernel
## SVN ## build (except for build timestamps embedded in the object files).
## SVN ##
## SVN ## Reviewed by:	yongari, marius
## SVN ##
## SVN ## ------------------------------------------------------------------------
## SVN ##
@
text
@d2 1
a2 1
# $FreeBSD: stable/8/etc/pam.d/xdm 170510 2007-06-10 18:57:20Z yar $
@


1.11.10.1.8.1
log
@SVN rev 232438 on 2012-03-03 06:15:13Z by kensmith

Copy stable/8 to releng/8.3 as part of 8.3-RELEASE release cycle.

Approved by:	re (implicit)
@
text
@@


1.11.10.1.8.2
log
@Switch importer
@
text
@d2 1
a2 1
# $FreeBSD: releng/8.3/etc/pam.d/xdm 170510 2007-06-10 18:57:20Z yar $
@


1.11.10.1.6.1
log
@SVN rev 216617 on 2010-12-21 17:09:25Z by kensmith

Copy stable/8 to releng/8.2 in preparation for FreeBSD-8.2 release.

Approved by:	re (implicit)
@
text
@@


1.11.10.1.4.1
log
@SVN rev 209145 on 2010-06-14 02:09:06Z by kensmith

Copy stable/8 to releng/8.1 in preparation for 8.1-RC1.

Approved by:	re (implicit)
@
text
@@


1.11.10.1.2.1
log
@SVN rev 198460 on 2009-10-25 01:10:29Z by kensmith

Copy stable/8 to releng/8.0 as part of 8.0-RELEASE release procedure.

Approved by:	re (implicit)
@
text
@@


1.11.8.1
log
@SVN rev 191087 on 2009-04-15 03:14:26Z by kensmith

Create releng/7.2 from stable/7 in preparation for 7.2-RELEASE.

Approved by:	re (implicit)
@
text
@@


1.11.6.1
log
@SVN rev 185281 on 2008-11-25 02:59:29Z by kensmith

Create releng/7.1 in preparation for moving into RC phase of 7.1 release
cycle.

Approved by:	re (implicit)
@
text
@@


1.10
log
@X logins should be recorded in lastlog / wtmp / utmp.  I have no idea why
this wasn't there already...  it makes much more sense this way.

MFC after:	2 weeks
@
text
@a7 1
auth		required	pam_nologin.so		no_warn
d13 1
@


1.10.2.1
log
@Switch importer
@
text
@d2 1
a2 1
# $FreeBSD: stable/6/etc/pam.d/xdm 145613 2005-04-28 07:59:09Z des $
@


1.10.12.1
log
@SVN rev 183531 on 2008-10-02 02:57:24Z by kensmith

Create releng/6.4 from stable/6 in preparation for 6.4-RC1.

Approved by:	re (implicit)
@
text
@@


1.9
log
@the default password policy for xdm should be pam_deny, since it is
incapable of holding a meaningful conversation.
@
text
@d19 1
a19 1
session		required	pam_permit.so
@


1.9.2.1
log
@MFC: (1.10) record xdm logins in lastlog / wtmp / utmp.
@
text
@d19 1
a19 1
session		required	pam_lastlog.so		no_fail
@


1.8
log
@The PAM module pam_krb5 does not have "session" capabilities.
Don't give examples of such use, this is bogus.
@
text
@d20 3
@


1.7
log
@Initiate KerberosIV de-orbit burn. Disconnect the /etc configs.
@
text
@a17 1
#session 	required	pam_krb5.so
@


1.6
log
@Add the want_agent option to the commented-out "session" pam_ssh entry.
@
text
@a8 1
#auth		sufficient	pam_kerberosIV.so	no_warn try_first_pass
a13 1
#account 	required	pam_kerberosIV.so
a17 1
#session 	required	pam_kerberosIV.so
@


1.5
log
@Major cleanup & homogenization.
@
text
@d22 1
a22 1
#session 	required	pam_ssh.so
@


1.4
log
@xdm plays horrid tricks with PAM, and dumps core if it's allowed to call
pam_lastlog, so add a dummy session chain to avoid using the one from
pam.d/other.  I assume gdm does something similar, so give it a dummy
session chain as well.

Sponsored by:	DARPA, NAI Labs.
@
text
@d2 1
a2 1
# $FreeBSD: src/etc/pam.d/xdm,v 1.3 2002/04/18 17:40:27 des Exp $
d8 1
a8 1
auth		required	pam_nologin.so	no_warn
d10 3
a12 3
#auth		sufficient	pam_krb5.so	no_warn try_first_pass
#auth		sufficient	pam_ssh.so	no_warn try_first_pass
auth		required	pam_unix.so	no_warn try_first_pass
d15 2
a16 2
#account	required	pam_kerberosIV.so
#account	required	pam_krb5.so
d20 3
a22 3
#session	required	pam_kerberosIV.so
#session	required	pam_krb5.so
#session	required	pam_ssh.so
a23 3

# password
password	required	pam_deny.so
@


1.3
log
@Don't list pam_unix in the session chain, since it does not provide any
session management services.

Sponsored by:	DARPA, NAI Labs
@
text
@d2 1
a2 1
# $FreeBSD: src/etc/pam.d/xdm,v 1.2 2001/12/05 21:26:00 des Exp $
d23 1
@


1.2
log
@Awright, egg on my face.  I should have taken more time with this.  The
conversion script generated the wrong format, so the configuration files
didn't actually work.  Good thing I hadn't thrown the switch yet...

Sponsored by:	DARPA, NAI Labs (but the f***ups are all mine)
@
text
@d2 1
a2 1
# $FreeBSD$
a22 1
session		required	pam_unix.so
@


1.1
log
@pam.d-style configuration, auto-generated from pam.conf.

Sponsored by:	DARPA, NAI Labs
@
text
@d8 5
a12 5
xdm	auth	required	pam_nologin.so	no_warn
#xdm	auth	sufficient	pam_kerberosIV.so	no_warn try_first_pass
#xdm	auth	sufficient	pam_krb5.so	no_warn try_first_pass
#xdm	auth	sufficient	pam_ssh.so	no_warn try_first_pass
xdm	auth	required	pam_unix.so	no_warn try_first_pass
d15 3
a17 3
#xdm	account	required	pam_kerberosIV.so
#xdm	account	required	pam_krb5.so
xdm	account	required	pam_unix.so
d20 4
a23 4
#xdm	session	required	pam_kerberosIV.so
#xdm	session	required	pam_krb5.so
#xdm	session	required	pam_ssh.so
xdm	session	required	pam_unix.so
d26 1
a26 1
xdm	password required	pam_deny.so
@

