| Age | Commit message (Collapse) | Author |
|---|
|
Use:
system console device ttyS1 speed 115200
To allow top level node to be one transaction with one update
|
|
Problems found during basic testing of new serial console config
|
|
|
|
Putting it in 'system { ntp { server...' makes more sense.
|
|
Allows starting NTP server once at boot speeding up boot time
and allows specifying some NTP server options
|
|
Configuration file is /etc/rsyslog.conf and it is supports
directory of include parameters so do not need to edit
rsyslog.conf directly
|
|
In squeeze, modprobe wants config files named .conf or it will
generate warning.
|
|
Bug 6058
Put consitent checking port range on snmp, ssh, and telnet
|
|
|
|
|
|
Workaround for bug 5887
|
|
For all nodes that do 'syntax:expression: $VAR(@) in' add allowed
tag to show possible values
|
|
|
|
Use ipv4net when Address/prefix expected
Use ipv4 where Address expected
|
|
pgrep has simple flag to do what the ps | wc -l was doing.
|
|
|
|
|
|
Previous change did not format val-help tag correctly
|
|
Use ipv4,ipv6 for host mapping address which uses internal CLI syntax check.
Revise help text to match CLI standard
|
|
|
|
|
|
Per current policy remove verb from all help messages in th is package
|
|
Avoid password checks on delete.
Bug 5418
|
|
Do username validation in perl script. This allows for checking
for what is allowed, versus what is recommended. For compatiablity
we allow things like upper case user names which but this is not
recommended so these names produce a warning.
|
|
Several templates can use simplified non-expression syntax
|
|
|
|
RFC-4862 requires that IPv6 operation on an interface be disabled when
DAD fails on a link-local address. The kernel IPv6 code supports this
feature, but doesn't enable it by default. This change provides a
configurable parameter to control this behavior, but, like the
kenrnel, disables it by default.
|
|
The sshd file format has optional options; copy them to a
placeholder node and generate to authorized_keys
Better error message when wrong number of arguments.
|
|
Bug 5350
Need some changes to support DSA keys (Protocol V2).
Also add support for options in key file.
|
|
Bug 4754
Want correct host-name for DHCP to work right later under interfaces.
Want timezone correct so that any services started that print time
information have correct data.
|
|
Need ability to open file of new user (to load authorized key).
So move sudo to template.
|
|
Fix help text (Bug 5254) and allow IPV6 static mapping (Bug 5298)
|
|
Bug 5285
|
|
Bug 5286
|
|
If user exists in NSS (LDAP, TACACS+) but not on local machine,
then it can not be changed with CLI. useradd will fail (user exists),
and usermod will fail (can't find user in passwd file).
Bug 5249
|
|
Bug 5269
This prevents user from doing something harmful like making a user
named quagga or cron and putting vbash on that account.
|
|
|
|
Values > 30 are likely to cause login timeout, so don't allow them.
|
|
Move them under user/node.tag/authorization
|
|
New syntax:
system login user vyatta authentication public-key user@remote type ssh-rsa
|
|
|
|
Add public key support
Convert allow-root and password-authentication from boolean nodes to
regular nodes.
|
|
First, we need to set the global IPv6 parameter under "all" when
"disable-forwarding" is deleted because this is the parameter that
actually controls whether the stack will forward IPv6 packets.
Second, if router advertisements were configured while global IPv6
forwarding was disabled, we need to re-start the daemon when global
IPv6 forwarding is re-enabled.
|
|
Now a flag file indicates that IPv6 forwarding is disabled on a specific
interface.
|
|
|
|
|
|
|
|
|
|
Added the parameter "system ipv6 disable". If set, the module
parameter "disable_ipv6=1" will be passed to the IPv6 module. This
inhibits assignment of IPv6 addresses on any interfaces, effectively
preventing any IPv6 communication. But it leaves the IPv6 module
loaded so that applications that depend upon its existence will not
fail.
|
|
Some changes to group interface:
* don't allow vyattaop the new group used for operators
* check for allowed syntax
* add missing continuation on syntax check
|
