| Age | Commit message (Collapse) | Author |
|---|
|
|
|
* high-level operations should not access CLI implementation details.
|
|
Do username validation in perl script. This allows for checking
for what is allowed, versus what is recommended. For compatiablity
we allow things like upper case user names which but this is not
recommended so these names produce a warning.
|
|
|
|
|
|
This reverts commit 5110c9f3af7f4d2f4b9f8c14a073a1fd70d852ac.
|
|
|
|
Rather than using BAREWORD file handles, use 3 arg open
and local variable.
|
|
If user exists in NSS (LDAP, TACACS+) but not on local machine,
then it can not be changed with CLI. useradd will fail (user exists),
and usermod will fail (can't find user in passwd file).
Bug 5249
|
|
Pass status to login update() which might be useful to handle
case when node is deleted.
|
|
|
|
Bug 4591
Consolidate check for telnet login
Don't remove /etc/securetty edit it
(cherry picked from commit c6c477f2ffb0f2fd4cf12882f22c2c44ab57cc46)
|
|
Bug 4494
(cherry picked from commit 7dc1c900184a629975b2e22e79c5dc44c494448e)
|
|
The login class manager must be called if login type is deleted.
Also skip updating if no changes to that login type.
(cherry picked from commit 1151679260e673f69bdb637fec7773b574f3c7b0)
|
|
The login modules aren't really objects (if Perl really had objects), so
just use dynamic invoke of update routine.
(cherry picked from commit 37ba59896d4c9ac5c914d1901d86ed7e7d844871)
|
|
Translate radius-server to Vyatta::Login::RadiusServer
(cherry picked from commit bf86040fef55fdb644b3670a9e1ec093e67df828)
|
|
|
|
Use a wrapper script in vyatta_update_login.pl and per login method
objects for the update.
|
|
|
|
Bug 4448
|
|
|
|
Since quagga uses local7, make it a real facility.
Allow local7 for compatiablity.
Bug 4263
|
|
1. User and Radius separate scripts
2. Tacacs (incomplete) moved to separate package
|
|
The new code was requiring full pathname, but old version was
using /var/log/user/<filename> so make new code work like old code.
|
|
Default fallback code was broken
Change to blocked out region for Vyatta config.
|
|
Do most of the work in the rewritten vyatta_update_syslog code.
Handle multiple facilities for same target without causing duplicate
log messages.
Never restart syslog daemon, just reload it and only if the configuration
has changed.
|
|
This reverts commit fd605ab5d4ce4aa4015089042afd90f6e5c6ba59.
|
|
Getting cumbersome with one big script.
|
|
|
|
Use 3 arg open.
|
|
Use of global loop variable, and open syntax.
|
|
|
|
On boot, there is no reason to add or modify a user account if already
exists in the system with same groups and settings.
|
|
|
|
Add admin level users to "disk" group so that they can execute RAID commands.
|
|
previous ones in /etc/syslog.conf
- multiple nodes configured under 'system syslog global' are appended to syslog.conf
- default '*.notice -/var/log/messages' is removed from syslog.conf if any
node is configured under 'system syslog global' and is put back when nothing
configured under 'system syslog global'
- syslog process only restarted once after making all changes in config
- added commit checks at 'system syslog <>' level nodes to specify facility
|
|
Add "admin" and "operator" level users to the "dip" group so that they
can execute CLI commands that bring up and take down PPP connections.
|
|
info in comments
- tighten check for updating resolv.conf for domain-names received from dhcp-server
|
|
|
|
|
|
'name-server' and 'domain-name-server' options
in /etc/resolv.conf received by a dhcp client for an interface
=> Modified name-server/node.def so as to have the name-server set by our CLI on the top of
/etc/resolv.conf to take priority over name-servers received from dhcp client
|
|
Manpage for useradd is incorrect, the option is -N not -n.
|
|
Change to use -n option to useradd:
A group having the same name as the user being added to the system
will be created by default (when -g is not specified). This option
will turn off this behavior. When this option is used, users by
default will be placed in whatever group is specified in the GROUP
variable of /etc/default/useradd. If no default group is defined,
group 100 (users) will be used.
|
|
Root (which uses bash) must be allowed, and probably want to
allow others as well. Better to add full shell support later
|
|
Rewrite the scripts that manage user accounts to:
1) use Posix standard useradd, userdel scripts rather than modifying
passwd/group files directly.
2) add home-directory field to account management
3) support adding accounts to additional groups
Note: this code should now also work with NIS since it has no direct
access to /etc/passwd.
|
|
Run script through perltidy to cleanup indentation
|
|
Put GPL license on this script
|
|
|
|
Replace references to VPL 1.0 with GPLv2
|
|
This is part of other permission fixes, it puts operators
into a group that can then be used for access control.
|
