| Age | Commit message (Collapse) | Author |
|---|
|
|
|
|
|
Commit 0a19e53f868 ("T1344: rename RADIUS 'secret' attribute to 'key'")
missed a consistency check in the node.def file
|
|
|
|
'key' is also used for L2TP and PPTP RADIUS configurations.
|
|
In order to prepare for adding a RADIUS source IP address and
synchronize the syntax with L2TP/PPTP the nodes have been renamed from:
set system login radius-server x.x.x.x
to
set system login radius server x.x.x.x
|
|
|
|
|
|
|
|
This reintroduces hagbard's change that has somehow gone missing.
|
|
|
|
|
|
This reverts commit 593899accdff03af23e6bb6c7189ad4ed05a4d8e.
This commit reintroduced the inability to delete a user configured on
the system, which was resolved in bug #557. Reverting this for the
time being until a better fix can be implemented.
|
|
Prevent the deletion of both the encrypted-password and public-keys
nodes for a user, ensuring that at least one of the methods is
available. Also prevent the deletion of the public keys for a user
if the encrypted password is set to "!".
Bug #574 http://bugzilla.vyos.net/show_bug.cgi?id=574
|
|
The fix for bug #557 now allows the encrypted-password Authentication
node to be deleted again, but this causes the config to fail on reboot,
leaving the user login node empty.
This fix checks for an empty / missing encrypted-password node on
reboot / config reload, either creating a new node or replacing the
existing one and assigning it the value of "!". This has the same
effect as the fix for bug #336, allowing the user to be set as only
using RSA based logins.
Bug #573 http://bugzilla.vyos.net/show_bug.cgi?id=573
|
|
Following the fix for bug #336 that prevents the deletion of the
encrypted password, which resulted in a broken config node on reboot,
it was no longer possible to delete users. This reverts the fix for
that bug.
Bug #557 http://bugzilla.vyos.net/show_bug.cgi?id=557
|
|
Remove the comment from the plaintext-password node regarding empty
encrypted password values as you can't set them as empty.
|
|
You can't create a user without a password, but once this user is
created, you can then delete the encrypted password. However, deleting
the encrypted password from the config doesn't actually remove the
password on the system and in addition breaks the config on reboot,
resulting in the system login node being entirely absent.
This fix ensures that the encrypted password is set to "!" when the
config node is deleted, removing the password login capability for this
account but still allowing SSH RSA key login.
Bug #336 http://bugzilla.vyos.net/show_bug.cgi?id=336
|
|
Signed-off-by: Daniil Baturin <daniil@baturin.org>
|
|
|
|
Fix password change script save function to work as it does in
vyattacfg.
Fix empty substitution on 'plaintext-password ""' causing script error.
|
|
Don't allow default password to persist after first boot.
Due to the numerous ways a user can get a vyatta system this required
a lot of changes.
1. Don't allow a user to set a password to 'vyatta' after first login,
but allow it on the initial boot otherwise the system will have no
user.
2. Don't allow the password to be set to vyatta in installer.
3. Force password change on first login. under the following
conditions:
3.a. User is an admin level user. Operators do not have the abillity
to change the config so they can't change passwords. Allow 'vyatta' to
be the password until an admin logs in.
3.b. This is not the livecd, its silly to force a password change
before install.
|
|
Bug 6058
Put consitent checking port range on snmp, ssh, and telnet
|
|
|
|
For all nodes that do 'syntax:expression: $VAR(@) in' add allowed
tag to show possible values
|
|
|
|
Previous change did not format val-help tag correctly
|
|
|
|
|
|
Per current policy remove verb from all help messages in th is package
|
|
Avoid password checks on delete.
Bug 5418
|
|
Do username validation in perl script. This allows for checking
for what is allowed, versus what is recommended. For compatiablity
we allow things like upper case user names which but this is not
recommended so these names produce a warning.
|
|
The sshd file format has optional options; copy them to a
placeholder node and generate to authorized_keys
Better error message when wrong number of arguments.
|
|
Bug 5350
Need some changes to support DSA keys (Protocol V2).
Also add support for options in key file.
|
|
Need ability to open file of new user (to load authorized key).
So move sudo to template.
|
|
If user exists in NSS (LDAP, TACACS+) but not on local machine,
then it can not be changed with CLI. useradd will fail (user exists),
and usermod will fail (can't find user in passwd file).
Bug 5249
|
|
Bug 5269
This prevents user from doing something harmful like making a user
named quagga or cron and putting vbash on that account.
|
|
Values > 30 are likely to cause login timeout, so don't allow them.
|
|
Move them under user/node.tag/authorization
|
|
New syntax:
system login user vyatta authentication public-key user@remote type ssh-rsa
|
|
|
|
Add public key support
Convert allow-root and password-authentication from boolean nodes to
regular nodes.
|
|
|
|
|
|
Some changes to group interface:
* don't allow vyattaop the new group used for operators
* check for allowed syntax
* add missing continuation on syntax check
|
|
Enforce syntax checks on encrypted password field to prevent user errors.
But can't check salt field because it is optional and default
config.boot doesn't use one!
Bug: 4077
|
|
This reverts commit a0fe319ce069e15646077a635bc970b961124540.
|
|
Enforce syntax checks on encrypted password field to prevent user
errors.
Bug: 4077
|
|
Use a wrapper script in vyatta_update_login.pl and per login method
objects for the update.
|
|
1. User and Radius separate scripts
2. Tacacs (incomplete) moved to separate package
|
