Age | Commit message (Collapse) | Author | |
---|---|---|---|
2023-06-24 | tacacs: T141: check upper bound on dynamically allocated user accounts | John Estabrook | |
Check upper bound as defined in Debian Policy Manual. Without this check, user 'nobody' will not be available. | |||
2023-06-22 | tacacs: T141: initial implementation | Christian Breunig | |
2023-06-21 | tacacs: T141: support calling system-login.py from vyos-router startup script | Christian Breunig | |
2023-04-04 | T5145: Add maximum number of all logins on system | Viacheslav Hletenko | |
maxsyslogins maximum number of all logins on system; user is not allowed to log-in if total number of all user logins is greater than specified number (this limit does not apply to user with uid=0) set system login max-login-session 2 | |||
2023-03-02 | login: T5039: catch error on 'my_set' for auth plaintext-password | John Estabrook | |
2023-02-27 | Merge pull request #1644 from aapostoliuk/T4790-sagitta | Viacheslav Hletenko | |
T4790: Added check of the sum of radius timeouts | |||
2023-02-25 | python: T5026: Replace deprecated Python modules crypt, spwd | sarthurdev | |
DeprecationWarning: 'crypt' is deprecated and slated for removal in Python 3.13 DeprecationWarning: 'spwd' is deprecated and slated for removal in Python 3.13 | |||
2023-02-24 | login: T1948: drop absolut path to /usr/libexec/vyos, re-use vyos.defaults | Christian Breunig | |
2023-02-04 | Revert "login: T4975: Fixed broken CLI commands" | Christian Breunig | |
This reverts commit 3a6e77d479da4321b851163490a9b79ef2cef7b8. A general solution is implemented in Commit 29a44a73 ("T4975: always sync() filesystem after commit"). | |||
2023-02-02 | login: T4975: Fixed broken CLI commands | zsdc | |
User profile files are not saved to disk after configuration is fully applied. Because of this, after a fast system reset, profile files can be empty, and CLI is broken. This fix adds a `sync()` call after the user's configuration, which should protect from data loss and fix the problem with profiles. | |||
2022-12-08 | T4790: Added check of the sum of radius timeouts | aapostoliuk | |
Added check of the sum of radius timeouts. It has to be less or eq 50 sec. Default LOGIN_TIMEOUT from /etc/login.defs minus 10 sec Added check of number of radius servers. It has to be less or eq 25. 50 sec divided by 2sec (minimum recomended login timeout) Otherwise, log in to the device can be descarded. | |||
2022-10-14 | login: 2fa: T874: remove unused code path for global 1fa settings | Christian Poessinger | |
2022-10-14 | login: 2fa: T874: fix Google authenticator issues | Christian Poessinger | |
Move default values of TOTP configuration from a global to a per user setting. This makes the entire code easier as no global configuration must be blended into the per user config dict. Also it should be possible to set the authentication window "multiple concurrent keys" individual per user. set system login user vyos authentication otp key 'gzkmajid7na2oltajs4kbuq7lq' set system login user vyos authentication plaintext-password 'vyos' | |||
2022-10-12 | Merge pull request #1555 from goodNETnick/ssh_otp | Christian Poessinger | |
system login: T874: add 2FA support for local and ssh authentication | |||
2022-10-11 | system login: T874: add 2FA support for local and ssh authentication | goodNETnick | |
2022-09-28 | login: T4715: Auto logout user after inactivity | Viacheslav Hletenko | |
Ability to terminate interactive sessions (TTY/PTS) after a period of inactivity. set system login timeout '300' | |||
2022-07-17 | login: T4536: add all accounts to frr group | Christian Poessinger | |
2022-05-01 | login: T4353: fix Jinja2 linting errors | Christian Poessinger | |
2022-04-04 | login: T4341: busy wait on userdel(8) until the account was deleted successfully | Christian Poessinger | |
2022-04-04 | login: T4341: disable user account prior to deletion | Christian Poessinger | |
2021-09-03 | login: T971 allow quoting in public-keys options | Paul Lettington | |
This patch allows the use of `"` in ssh public-key options which unlocks the ability to set the `from` option in a way that sshd will accept to limit what hosts a user can connect from. | |||
2021-09-02 | login: T3792: bugfix for usernames containing a hyphen | Christian Poessinger | |
While migrating to get_config_dict() in commit e8a1c291b1 ("login: radius: T3192: migrate to get_config_dict()") the user-name was not excluded from mangling (no_tag_node_value_mangle=True). This resulted in a username "vyos-user" from CLI to be actually created as "vyos_user" on the system. This commit also adds respective Smoketests to prevent this in the future. | |||
2021-09-02 | login: radius: T3192: drop workaround required by get_config_dict() | Christian Poessinger | |
The workaround is no longer required, as the issue was resolved in get_config_dict() so if it is a <multi/> node, a list is always returned. | |||
2021-07-23 | login: T3699: verify system username does not conflict with Linux base users | Christian Poessinger | |
(cherry picked from commit 7292631373ea50f9908796ef2eda32e672d1df2e) | |||
2021-05-02 | login: T1948: use long options when calling adduser | Christian Poessinger | |
... just to make it easier for users to read the commandline. | |||
2021-04-13 | login: T3455: Fix edit level configuration for user | sever-sever | |
2021-01-11 | login: T3208: fix wrong string formatting on my_setvyos/1.4dev0 | Christian Poessinger | |
Commit e8a1c291 ("login: radius: T3192: migrate to get_config_dict()") did an invalid forward of the newly encrypted passwort to my_set to store it inside the config. | |||
2021-01-09 | login: radius: T3192: remove debug print() | Christian Poessinger | |
2021-01-07 | login: radius: T3192: migrate to get_config_dict() | Christian Poessinger | |
2021-01-07 | login: radius: T3192: support IPv6 server(s) and source-address | Christian Poessinger | |
2020-11-27 | vyos.template: T2720: always enable Jinja2 trim_blocks feature | Christian Poessinger | |
2020-10-09 | login: T2492: remove empty plaintext-password node | Christian Poessinger | |
2020-08-31 | configd: T2582: add scripts to include list for daemon | John Estabrook | |
2020-07-22 | T2725: Fix config parse for users without passwords | Esa Varemo | |
Fix for https://phabricator.vyos.net/T2725 T2492 / a07e22377ab83104ac925e13d1824f241f0f8d4a introduced a change which broke the initialization of the user dict. In case the config contained an user without an encrypted-password set, the property would be missing and the commit would crash with `KeyError: 'password_encrypted'` | |||
2020-06-17 | login: radius: T2299: Implement RADIUS servers priority | DmitriyEshenko | |
2020-05-29 | airbag: T2088: explicit enabling of the feature | Thomas Mangin | |
airbag must now be explicitly installed. the patch also allow to fully disables the installation of the logging code at setup (and not just installing and doing nothing) | |||
2020-05-22 | login: T2492: must use try/except when adding user for the first time | Christian Poessinger | |
2020-05-22 | login: T2492: re-use code from vyos.util | Christian Poessinger | |
2020-05-22 | login: T2492: force setting of encrypted password on first boot | Christian Poessinger | |
2020-05-22 | login: T2492: fix flake8 warnings | Christian Poessinger | |
2020-05-22 | login: T2492: do not set encrypted user password when it is not changed | Christian Poessinger | |
2020-04-25 | login: radius: T2304: add VRF support | Christian Poessinger | |
This allows the radius client to work when a management VRF is in use. | |||
2020-04-15 | login: T2295: move from calling an os binary to Python crypt() function | Christian Poessinger | |
2020-04-12 | template: T2230: use render to generate templates | Thomas Mangin | |
convert all call to jinja to use template.render | |||
2020-04-11 | util: T2205: convert system login to call and cmd | Thomas Mangin | |
2020-04-09 | util: T2226: os.system was wrongly converted to run | Thomas Mangin | |
os.system does print the ouput of the command, run() does not. A new function called call() does the printing and return the error code. | |||
2020-04-06 | util: T2226: rewrite certbot to use cmd | Thomas Mangin | |
Previously failures of mkpasswd would not be reported to users | |||
2020-04-05 | system-login: T2230: move inlined templates to dedicated files | Christian Poessinger | |
2020-03-05 | login: T2050: extend verify() on public-keys | Christian Poessinger | |
* A type must be present for any one public-key element * A key must be present for any one public-key element | |||
2020-02-27 | login: T2050: retrieve home directory for SSH keys from OS and not guess it | Christian Poessinger | |
We should not rely on the home dir value stored in user['home_dir'] as if a crazy user will choose username root or any other system user this will fail. Should be deny using root at all? |