| Age | Commit message (Collapse) | Author |
|---|
|
|
|
RFC-4862 requires that IPv6 operation on an interface be disabled when
DAD fails on a link-local address. The kernel IPv6 code supports this
feature, but doesn't enable it by default. This change provides a
configurable parameter to control this behavior, but, like the
kenrnel, disables it by default.
|
|
The sshd file format has optional options; copy them to a
placeholder node and generate to authorized_keys
Better error message when wrong number of arguments.
|
|
Bug 5350
Need some changes to support DSA keys (Protocol V2).
Also add support for options in key file.
|
|
Bug 4754
Want correct host-name for DHCP to work right later under interfaces.
Want timezone correct so that any services started that print time
information have correct data.
|
|
Need ability to open file of new user (to load authorized key).
So move sudo to template.
|
|
Fix help text (Bug 5254) and allow IPV6 static mapping (Bug 5298)
|
|
Bug 5285
|
|
Bug 5286
|
|
If user exists in NSS (LDAP, TACACS+) but not on local machine,
then it can not be changed with CLI. useradd will fail (user exists),
and usermod will fail (can't find user in passwd file).
Bug 5249
|
|
Bug 5269
This prevents user from doing something harmful like making a user
named quagga or cron and putting vbash on that account.
|
|
|
|
Values > 30 are likely to cause login timeout, so don't allow them.
|
|
Move them under user/node.tag/authorization
|
|
New syntax:
system login user vyatta authentication public-key user@remote type ssh-rsa
|
|
|
|
Add public key support
Convert allow-root and password-authentication from boolean nodes to
regular nodes.
|
|
First, we need to set the global IPv6 parameter under "all" when
"disable-forwarding" is deleted because this is the parameter that
actually controls whether the stack will forward IPv6 packets.
Second, if router advertisements were configured while global IPv6
forwarding was disabled, we need to re-start the daemon when global
IPv6 forwarding is re-enabled.
|
|
Now a flag file indicates that IPv6 forwarding is disabled on a specific
interface.
|
|
|
|
|
|
|
|
|
|
Added the parameter "system ipv6 disable". If set, the module
parameter "disable_ipv6=1" will be passed to the IPv6 module. This
inhibits assignment of IPv6 addresses on any interfaces, effectively
preventing any IPv6 communication. But it leaves the IPv6 module
loaded so that applications that depend upon its existence will not
fail.
|
|
Some changes to group interface:
* don't allow vyattaop the new group used for operators
* check for allowed syntax
* add missing continuation on syntax check
|
|
Enforce syntax checks on encrypted password field to prevent user errors.
But can't check salt field because it is optional and default
config.boot doesn't use one!
Bug: 4077
|
|
This reverts commit a0fe319ce069e15646077a635bc970b961124540.
|
|
Enforce syntax checks on encrypted password field to prevent user
errors.
Bug: 4077
|
|
handled.
In order to correctly handle cases where parameters are changed after a repository
configuration has been set up, we need to do the work in an "end" field instead
of a "create" field. The "create" field is only executed when the node itself
is created, not when nodes below it are modified.
(cherry picked from commit e500a9e4494649e0ecb523d36b28452f2e9dd326)
|
|
A couple more places where update should be replaced with create
because multiple values allowed.
(cherry picked from commit a6c4d64593bf647e61133ef9d9383428b0ac5807)
|
|
|
|
Use a wrapper script in vyatta_update_login.pl and per login method
objects for the update.
|
|
1. Don't start NTP server at boot (network not configed yet)
2. Start NTP as needed based on vyatta config
|
|
This reverts commit 5a5ca056ba439d2ff3fec19e97fb7111f9fe9819.
|
|
Bug 4051
set system syslog console
needs to default to:
set system syslog console facility all level err
|
|
Had incorrect grep expressions, and don't need to use sudo
unless changing values.
|
|
On boot if ntp.conf contains proper server, there is no need
to restart ntpd.
|
|
Since quagga uses local7, make it a real facility.
Allow local7 for compatiablity.
Bug 4263
|
|
1. User and Radius separate scripts
2. Tacacs (incomplete) moved to separate package
|
|
|
|
The dynamic option is the default in current versions and generates
bogus message.
Bug: 4264
|
|
|
|
Template change only. TACACS+ support is still not complete
but this shows the syntax for configuration.
|
|
The new code was requiring full pathname, but old version was
using /var/log/user/<filename> so make new code work like old code.
|
|
Do most of the work in the rewritten vyatta_update_syslog code.
Handle multiple facilities for same target without causing duplicate
log messages.
Never restart syslog daemon, just reload it and only if the configuration
has changed.
|
|
|
|
Makes global facility change work.
Still need to rework the syslog templates and parsing.
|
|
|
|
"Atleast" is not an English word, it should be "At least"
|
|
This reverts commit fd605ab5d4ce4aa4015089042afd90f6e5c6ba59.
|
