summaryrefslogtreecommitdiff
path: root/lib/Vyatta/Login
AgeCommit message (Collapse)Author
2010-05-24Don't enable PAM Radius by defaultStephen Hemminger
The pam-config mechanism will insert Radius pam module if it is in /usr/share/pam-configs. Therefore hold off installing file until Radius really needed.
2010-04-26Ignore comments in level fileStephen Hemminger
Standard practice to ignore lines starting with #
2010-03-17fixes commit warning when run invoked via the api--getlogin() may return an ↵Michael Larson
undefined value as the process is a child process invoked indirectly via the gui (not a normal shell logged in user generated event).
2010-03-15Better version of forcing user logoutStephen Hemminger
Use warning and hup signal to force user to log out.
2010-03-15Use userdel -f to force removal of userStephen Hemminger
This is the documented way to remove user that is still logged in. It also removes home directory, which is necessary as well.
2010-03-12Force user process to dieStephen Hemminger
Bug 5067 Use more persuasive kill to make processes exit, which allows user to be deleted.
2010-02-19Handle empty set of public keysStephen Hemminger
Bug 5362 If no keys configured; still make an empty .ssh/authorized_keys file. This handles case of keys being deleted from configuration and gives notice to user that file will be overwritten.
2010-02-17Add support for options in keyfileStephen Hemminger
The sshd file format has optional options; copy them to a placeholder node and generate to authorized_keys Better error message when wrong number of arguments.
2010-02-02Change owner of created authorized key fileStephen Hemminger
Otherwise sshd ignores it!
2010-02-02Run login update as rootStephen Hemminger
Need ability to open file of new user (to load authorized key). So move sudo to template.
2010-02-02Don't remove users home directoryStephen Hemminger
If administrator makes a goof and user account gets deleted. Then keep the old data to avoid problems.
2010-01-27Make message clearerStephen Hemminger
But I doub that anyone will ever read it...
2010-01-27Allow local user (non vbash) accountsStephen Hemminger
Don't purge non-vyatta users.
2010-01-27Don't delete non-user accountsStephen Hemminger
Only mess with user accounts in the dynamic range (1000-29999); don't delete 'nobody' for example. Also, leave home directory for possible examination.
2010-01-26Get rid of protected-users fileStephen Hemminger
Instead of white-listing special system users, just go with the Debian policy that all users with uid < 1000 are system accounts
2010-01-26Refactor user updateStephen Hemminger
Split delete and update into separate functions Always update password file because the script runs as non-root user so it is unable to read shadow file to get original password value.
2010-01-26Change function names in User.pmStephen Hemminger
Perl convention of object modules is to prefix with _
2010-01-26Reindent user account moduleStephen Hemminger
Run through perltidy
2009-12-18User deletion updateStephen Hemminger
1. Allow deleting user still logged in (Bug 5067) 2. Don't allow deleting self, because that would mean killing current process.
2009-12-09Redefine meaning of protected-userStephen Hemminger
A entry in protected-user means that the Vyatta config system should just leave it alone. This is intended for root, and other special accounts. Original code didn't work during admin anyway because of missing sudo.
2009-12-08Allow root account to not existStephen Hemminger
If root account is deleted, disable it rather than removing it from passwd file and confusing everything.
2009-12-07Fix configure of userStephen Hemminger
Previous change broke setup of root account because 'uid = 0' looks like false so useradd called when usermod was intended.
2009-12-04Fix code that generates authorized keysStephen Hemminger
This now works. loadkey vyatta scp://user@host/~/.ssh/id_rsa.pub
2009-12-04Rearrange the public-key configuration schemaStephen Hemminger
New syntax: system login user vyatta authentication public-key user@remote type ssh-rsa
2009-12-03Set modes of created authorization key (and directory)Stephen Hemminger
sshd is picky about modes (and it should be), so make sure and chmod the file.
2009-12-03Update .ssh/authorized_keys as part of the login updateStephen Hemminger
2009-12-02Simply Radius server updateStephen Hemminger
Rather than complex sed editing, just regenerate whole file.
2009-11-06Fix library includeRobert Bays
2009-11-05Move user configuration information to filesStephen Hemminger
1. Complete migration of protected-users from hardcoded in User.pm to /opt/vyatta/etc/protected-user 2. Put mapping from level to group in file.
2009-11-02Don't want/need --package option to pam-auth-updateStephen Hemminger
2009-10-30radius: add missing spaceStephen Hemminger
2009-10-30radius-server: shutup debconf dialogStephen Hemminger
Found better way to get rid of debconf warning by forcing non interactive.
2009-10-30Shut up debconf when installing pam radiusStephen Hemminger
Just get rid of silly debconf warnings when doing pam-auth-update
2009-10-27Use pam-auth-update to configure radiusStephen Hemminger
This keeps radius from fighting with tacacs+
2009-10-05add override mechanism for protected usersAn-Cheng Huang
2009-09-23Cleanup all vbash usersStephen Hemminger
This is an alternative version of the rollback for unsaved vyatta user changes. Instead of identifying users by group, assume all users whose login shell is vbash must exist in configuration.
2009-09-11Delete vyatta users not in configurationStephen Hemminger
This implements rollback for users that were added during a previous configuration (and committed), but were never saved into configuration. Bug: 4528
2009-09-11If configuration is wrong just skip user don't dieStephen Hemminger
If configuration for one user is wrong (missing passwd, level, etc) go on and complete for rest of users.
2009-09-11Add operators to vyattaop groupStephen Hemminger
Part of bug fix for password sync (Bz 4528)
2009-07-27fix undefined array refAn-Cheng Huang
(this shows up when loading a start-up config that has root password defined right after install)
2009-07-17Avoid rewriting radius config unless neededStephen Hemminger
Don't edit radius config unless something has changed. (cherry picked from commit 8d3f5b37ec3c728d56fadc596562025821169329)
2009-07-17Change API for login modulesStephen Hemminger
The login modules aren't really objects (if Perl really had objects), so just use dynamic invoke of update routine. (cherry picked from commit 37ba59896d4c9ac5c914d1901d86ed7e7d844871)
2009-07-17Make Radius server workStephen Hemminger
Translate radius-server to Vyatta::Login::RadiusServer (cherry picked from commit bf86040fef55fdb644b3670a9e1ec093e67df828)
2009-07-17Fix User Login configuratorStephen Hemminger
Missing config setup. (cherry picked from commit b148ddcccd9d4a30464423b524fc03700507cb19)
2009-06-01Change how system login update worksStephen Hemminger
Use a wrapper script in vyatta_update_login.pl and per login method objects for the update.