| Age | Commit message (Collapse) | Author |
|---|
|
Bug 5362
If no keys configured; still make an empty .ssh/authorized_keys
file. This handles case of keys being deleted from configuration
and gives notice to user that file will be overwritten.
|
|
The sshd file format has optional options; copy them to a
placeholder node and generate to authorized_keys
Better error message when wrong number of arguments.
|
|
Otherwise sshd ignores it!
|
|
Need ability to open file of new user (to load authorized key).
So move sudo to template.
|
|
If administrator makes a goof and user account gets deleted.
Then keep the old data to avoid problems.
|
|
But I doub that anyone will ever read it...
|
|
Don't purge non-vyatta users.
|
|
Only mess with user accounts in the dynamic range (1000-29999);
don't delete 'nobody' for example. Also, leave home directory
for possible examination.
|
|
Instead of white-listing special system users, just go with the
Debian policy that all users with uid < 1000 are system accounts
|
|
Split delete and update into separate functions
Always update password file because the script runs as non-root
user so it is unable to read shadow file to get original password
value.
|
|
Perl convention of object modules is to prefix with _
|
|
Run through perltidy
|
|
1. Allow deleting user still logged in (Bug 5067)
2. Don't allow deleting self, because that would mean killing current
process.
|
|
A entry in protected-user means that the Vyatta config system should
just leave it alone. This is intended for root, and other special
accounts.
Original code didn't work during admin anyway because of missing
sudo.
|
|
If root account is deleted, disable it rather than removing it from
passwd file and confusing everything.
|
|
Previous change broke setup of root account because 'uid = 0' looks
like false so useradd called when usermod was intended.
|
|
This now works.
loadkey vyatta scp://user@host/~/.ssh/id_rsa.pub
|
|
New syntax:
system login user vyatta authentication public-key user@remote type ssh-rsa
|
|
sshd is picky about modes (and it should be), so make sure
and chmod the file.
|
|
|
|
Rather than complex sed editing, just regenerate whole file.
|
|
|
|
1. Complete migration of protected-users from hardcoded in User.pm
to /opt/vyatta/etc/protected-user
2. Put mapping from level to group in file.
|
|
|
|
|
|
Found better way to get rid of debconf warning by forcing
non interactive.
|
|
Just get rid of silly debconf warnings when doing pam-auth-update
|
|
This keeps radius from fighting with tacacs+
|
|
|
|
This is an alternative version of the rollback for unsaved vyatta
user changes. Instead of identifying users by group, assume all users
whose login shell is vbash must exist in configuration.
|
|
This implements rollback for users that were added during a previous
configuration (and committed), but were never saved into configuration.
Bug: 4528
|
|
If configuration for one user is wrong (missing passwd, level, etc)
go on and complete for rest of users.
|
|
Part of bug fix for password sync (Bz 4528)
|
|
(this shows up when loading a start-up config that has root password defined right after install)
|
|
Don't edit radius config unless something has changed.
(cherry picked from commit 8d3f5b37ec3c728d56fadc596562025821169329)
|
|
The login modules aren't really objects (if Perl really had objects), so
just use dynamic invoke of update routine.
(cherry picked from commit 37ba59896d4c9ac5c914d1901d86ed7e7d844871)
|
|
Translate radius-server to Vyatta::Login::RadiusServer
(cherry picked from commit bf86040fef55fdb644b3670a9e1ec093e67df828)
|
|
Missing config setup.
(cherry picked from commit b148ddcccd9d4a30464423b524fc03700507cb19)
|
|
Use a wrapper script in vyatta_update_login.pl and per login method
objects for the update.
|
|
|
|
|
|
address on the actual interface.
|
|
|
|
If log open fails, at least print the reason why.
|
|
|
|
transition occurs on boot.
|
|
|
|
Use directory hierarchy in perl.
|
