| Age | Commit message (Collapse) | Author |
|---|
|
Remove the comment from the plaintext-password node regarding empty
encrypted password values as you can't set them as empty.
|
|
You can't create a user without a password, but once this user is
created, you can then delete the encrypted password. However, deleting
the encrypted password from the config doesn't actually remove the
password on the system and in addition breaks the config on reboot,
resulting in the system login node being entirely absent.
This fix ensures that the encrypted password is set to "!" when the
config node is deleted, removing the password login capability for this
account but still allowing SSH RSA key login.
Bug #336 http://bugzilla.vyos.net/show_bug.cgi?id=336
|
|
Signed-off-by: Daniil Baturin <daniil@baturin.org>
|
|
|
|
Fix password change script save function to work as it does in
vyattacfg.
Fix empty substitution on 'plaintext-password ""' causing script error.
|
|
Don't allow default password to persist after first boot.
Due to the numerous ways a user can get a vyatta system this required
a lot of changes.
1. Don't allow a user to set a password to 'vyatta' after first login,
but allow it on the initial boot otherwise the system will have no
user.
2. Don't allow the password to be set to vyatta in installer.
3. Force password change on first login. under the following
conditions:
3.a. User is an admin level user. Operators do not have the abillity
to change the config so they can't change passwords. Allow 'vyatta' to
be the password until an admin logs in.
3.b. This is not the livecd, its silly to force a password change
before install.
|
|
Bug 6058
Put consitent checking port range on snmp, ssh, and telnet
|
|
|
|
For all nodes that do 'syntax:expression: $VAR(@) in' add allowed
tag to show possible values
|
|
|
|
Previous change did not format val-help tag correctly
|
|
|
|
|
|
Per current policy remove verb from all help messages in th is package
|
|
Avoid password checks on delete.
Bug 5418
|
|
Do username validation in perl script. This allows for checking
for what is allowed, versus what is recommended. For compatiablity
we allow things like upper case user names which but this is not
recommended so these names produce a warning.
|
|
The sshd file format has optional options; copy them to a
placeholder node and generate to authorized_keys
Better error message when wrong number of arguments.
|
|
Bug 5350
Need some changes to support DSA keys (Protocol V2).
Also add support for options in key file.
|
|
Need ability to open file of new user (to load authorized key).
So move sudo to template.
|
|
If user exists in NSS (LDAP, TACACS+) but not on local machine,
then it can not be changed with CLI. useradd will fail (user exists),
and usermod will fail (can't find user in passwd file).
Bug 5249
|
|
Bug 5269
This prevents user from doing something harmful like making a user
named quagga or cron and putting vbash on that account.
|
|
Values > 30 are likely to cause login timeout, so don't allow them.
|
|
Move them under user/node.tag/authorization
|
|
New syntax:
system login user vyatta authentication public-key user@remote type ssh-rsa
|
|
|
|
Add public key support
Convert allow-root and password-authentication from boolean nodes to
regular nodes.
|
|
|
|
|
|
Some changes to group interface:
* don't allow vyattaop the new group used for operators
* check for allowed syntax
* add missing continuation on syntax check
|
|
Enforce syntax checks on encrypted password field to prevent user errors.
But can't check salt field because it is optional and default
config.boot doesn't use one!
Bug: 4077
|
|
This reverts commit a0fe319ce069e15646077a635bc970b961124540.
|
|
Enforce syntax checks on encrypted password field to prevent user
errors.
Bug: 4077
|
|
Use a wrapper script in vyatta_update_login.pl and per login method
objects for the update.
|
|
1. User and Radius separate scripts
2. Tacacs (incomplete) moved to separate package
|
|
|
|
Template change only. TACACS+ support is still not complete
but this shows the syntax for configuration.
|
|
This reverts commit fd605ab5d4ce4aa4015089042afd90f6e5c6ba59.
|
|
Getting cumbersome with one big script.
|
|
|
|
|
|
The template will go back in when vyatta_login_user.pl needs it.
|
|
This is a workaround for bug 3313. The problem is that MD5
uses up what little space there for TCP options in header.
|
|
Rewrite the scripts that manage user accounts to:
1) use Posix standard useradd, userdel scripts rather than modifying
passwd/group files directly.
2) add home-directory field to account management
3) support adding accounts to additional groups
Note: this code should now also work with NIS since it has no direct
access to /etc/passwd.
|
|
-help strings standardized in vyatta-cfg-system
|
|
|
|
|
|
|
|
|
|
|
|
|
