Add PAM support to SRA authentication. Cribbed mostly from ftpd. This

doesn't solve the problem of root being allowed to log in, but that sort of thing is something PAM should be doing anyway.
svn path=/head/; revision=76337
2024-11-30 00:02:44 +00:00 · 2001-05-07 20:38:39 +00:00 · 2001-05-07 20:38:39 +00:00 · 76235b992b · 2020-12-20 02:59:44 +00:00
commit 76235b992b
parent 3b26be6ae1
3 changed files with 6 additions and 2 deletions
--- a/etc/pam.conf
+++ b/etc/pam.conf
@ -86,6 +86,10 @@ sshd	session	required	pam_permit.so
 # "csshd" is for challenge-based authentication with sshd (TIS auth, etc.)
 csshd	auth	required	pam_skey.so

+# SRA telnet. Non-SRA telnet uses 'login'.
+telnetd	auth	required	pam_unix.so			try_first_pass
+telnetd	account	required	pam_unix.so
+
 # Don't break startx
 xserver	auth	required	pam_permit.so

--- a/secure/libexec/telnetd/Makefile
+++ b/secure/libexec/telnetd/Makefile
@ -15,7 +15,7 @@ SRCS=		global.c slc.c state.c sys_term.c telnetd.c \

 DPADD=		${LIBUTIL} ${LIBTERMCAP} ${LIBTELNET} ${LIBCRYPTO} ${LIBMP} \
                ${LIBCRYPT}
-LDADD=		-lutil -ltermcap ${LIBTELNET} -lcrypto -lcrypt -lmp
+LDADD=		-lutil -ltermcap ${LIBTELNET} -lcrypto -lcrypt -lmp -lpam

 .include <bsd.prog.mk>

--- a/secure/usr.bin/telnet/Makefile
+++ b/secure/usr.bin/telnet/Makefile
@ -12,7 +12,7 @@ SRCS=		authenc.c commands.c main.c network.c ring.c sys_bsd.c \
 DPADD=		${LIBTERMCAP} ${LIBTELNET} ${LIBCRYPTO} ${LIBCRYPT} ${LIBMP}
 DPADD+=		${LIBIPSEC}
 LDADD=		-ltermcap ${LIBTELNET} -lcrypto -lcrypt -lmp
-LDADD+=		-lipsec
+LDADD+=		-lipsec -lpam

 .include <bsd.prog.mk>