Age | Commit message (Collapse) | Author |
|
(cherry picked from commit ac13c77d7ddd607b32f5948560bfe41cb2dcd756)
|
|
|
|
'key' is also used for L2TP and PPTP RADIUS configurations.
|
|
In order to prepare for adding a RADIUS source IP address and
synchronize the syntax with L2TP/PPTP the nodes have been renamed from:
set system login radius-server x.x.x.x
to
set system login radius server x.x.x.x
|
|
stderr is silenced to prevent useless error messages about the mail dir not being found.
|
|
|
|
|
|
|
|
|
|
|
|
The fix for bug #557 now allows the encrypted-password Authentication
node to be deleted again, but this causes the config to fail on reboot,
leaving the user login node empty.
This fix checks for an empty / missing encrypted-password node on
reboot / config reload, either creating a new node or replacing the
existing one and assigning it the value of "!". This has the same
effect as the fix for bug #336, allowing the user to be set as only
using RSA based logins.
Bug #573 http://bugzilla.vyos.net/show_bug.cgi?id=573
|
|
users.
|
|
Bug 8287
If user doesn't exist in passwd file that is fine.
|
|
The pam-config mechanism will insert Radius pam module if it is
in /usr/share/pam-configs. Therefore hold off installing file until
Radius really needed.
|
|
Standard practice to ignore lines starting with #
|
|
undefined value as the process is a child process
invoked indirectly via the gui (not a normal shell logged in user generated event).
|
|
Use warning and hup signal to force user to log out.
|
|
This is the documented way to remove user that is still logged in.
It also removes home directory, which is necessary as well.
|
|
Bug 5067
Use more persuasive kill to make processes exit, which
allows user to be deleted.
|
|
Bug 5362
If no keys configured; still make an empty .ssh/authorized_keys
file. This handles case of keys being deleted from configuration
and gives notice to user that file will be overwritten.
|
|
The sshd file format has optional options; copy them to a
placeholder node and generate to authorized_keys
Better error message when wrong number of arguments.
|
|
Otherwise sshd ignores it!
|
|
Need ability to open file of new user (to load authorized key).
So move sudo to template.
|
|
If administrator makes a goof and user account gets deleted.
Then keep the old data to avoid problems.
|
|
But I doub that anyone will ever read it...
|
|
Don't purge non-vyatta users.
|
|
Only mess with user accounts in the dynamic range (1000-29999);
don't delete 'nobody' for example. Also, leave home directory
for possible examination.
|
|
Instead of white-listing special system users, just go with the
Debian policy that all users with uid < 1000 are system accounts
|
|
Split delete and update into separate functions
Always update password file because the script runs as non-root
user so it is unable to read shadow file to get original password
value.
|
|
Perl convention of object modules is to prefix with _
|
|
Run through perltidy
|
|
1. Allow deleting user still logged in (Bug 5067)
2. Don't allow deleting self, because that would mean killing current
process.
|
|
A entry in protected-user means that the Vyatta config system should
just leave it alone. This is intended for root, and other special
accounts.
Original code didn't work during admin anyway because of missing
sudo.
|
|
If root account is deleted, disable it rather than removing it from
passwd file and confusing everything.
|
|
Previous change broke setup of root account because 'uid = 0' looks
like false so useradd called when usermod was intended.
|
|
This now works.
loadkey vyatta scp://user@host/~/.ssh/id_rsa.pub
|
|
New syntax:
system login user vyatta authentication public-key user@remote type ssh-rsa
|
|
sshd is picky about modes (and it should be), so make sure
and chmod the file.
|
|
|
|
Rather than complex sed editing, just regenerate whole file.
|
|
|
|
1. Complete migration of protected-users from hardcoded in User.pm
to /opt/vyatta/etc/protected-user
2. Put mapping from level to group in file.
|
|
|
|
|
|
Found better way to get rid of debconf warning by forcing
non interactive.
|
|
Just get rid of silly debconf warnings when doing pam-auth-update
|
|
This keeps radius from fighting with tacacs+
|
|
|
|
This is an alternative version of the rollback for unsaved vyatta
user changes. Instead of identifying users by group, assume all users
whose login shell is vbash must exist in configuration.
|
|
This implements rollback for users that were added during a previous
configuration (and committed), but were never saved into configuration.
Bug: 4528
|