From: jmc Date: Tue, 4 Jan 2022 13:43:14 +0000 (+0000) Subject: - add LDAP X-Git-Url: http://artulab.com/gitweb/?a=commitdiff_plain;h=29ec0a10cef317d55f4768c7f646b88b45323ef7;p=openbsd - add LDAP - capitalise RADIUS when referring to the protocol - remove tis from raf czlonka ok sthen ajacoutot --- diff --git a/etc/etc.alpha/login.conf b/etc/etc.alpha/login.conf index 9c8776e1dd3..a05581284cd 100644 --- a/etc/etc.alpha/login.conf +++ b/etc/etc.alpha/login.conf @@ -1,4 +1,4 @@ -# $OpenBSD: login.conf,v 1.10 2021/04/25 16:36:56 mortimer Exp $ +# $OpenBSD: login.conf,v 1.11 2022/01/04 13:43:14 jmc Exp $ # # Sample login.conf file. See login.conf(5) for details. @@ -12,13 +12,13 @@ # the YP password if the user has one, else change the # local password) # lchpass Do not login; change user's local password instead -# radius Use radius authentication +# ldap Use LDAP authentication +# radius Use RADIUS authentication # reject Use rejected authentication # skey Use S/Key authentication # activ ActivCard X9.9 token authentication # crypto CRYPTOCard X9.9 token authentication # snk Digital Pathways SecureNet Key authentication -# tis TIS Firewall Toolkit authentication # token Generic X9.9 token authentication # yubikey YubiKey authentication # diff --git a/etc/etc.amd64/login.conf b/etc/etc.amd64/login.conf index edb9421811c..6dcadd06206 100644 --- a/etc/etc.amd64/login.conf +++ b/etc/etc.amd64/login.conf @@ -1,4 +1,4 @@ -# $OpenBSD: login.conf,v 1.20 2021/11/12 15:40:19 ajacoutot Exp $ +# $OpenBSD: login.conf,v 1.21 2022/01/04 13:43:14 jmc Exp $ # # Sample login.conf file. See login.conf(5) for details. @@ -12,13 +12,13 @@ # the YP password if the user has one, else change the # local password) # lchpass Do not login; change user's local password instead -# radius Use radius authentication +# ldap Use LDAP authentication +# radius Use RADIUS authentication # reject Use rejected authentication # skey Use S/Key authentication # activ ActivCard X9.9 token authentication # crypto CRYPTOCard X9.9 token authentication # snk Digital Pathways SecureNet Key authentication -# tis TIS Firewall Toolkit authentication # token Generic X9.9 token authentication # yubikey YubiKey authentication # diff --git a/etc/etc.arm64/login.conf b/etc/etc.arm64/login.conf index 28d1b6eca42..1b7ea299369 100644 --- a/etc/etc.arm64/login.conf +++ b/etc/etc.arm64/login.conf @@ -1,4 +1,4 @@ -# $OpenBSD: login.conf,v 1.11 2021/11/12 15:40:20 ajacoutot Exp $ +# $OpenBSD: login.conf,v 1.12 2022/01/04 13:43:14 jmc Exp $ # # Sample login.conf file. See login.conf(5) for details. @@ -12,13 +12,13 @@ # the YP password if the user has one, else change the # local password) # lchpass Do not login; change user's local password instead -# radius Use radius authentication +# ldap Use LDAP authentication +# radius Use RADIUS authentication # reject Use rejected authentication # skey Use S/Key authentication # activ ActivCard X9.9 token authentication # crypto CRYPTOCard X9.9 token authentication # snk Digital Pathways SecureNet Key authentication -# tis TIS Firewall Toolkit authentication # token Generic X9.9 token authentication # yubikey YubiKey authentication # diff --git a/etc/etc.armv7/login.conf b/etc/etc.armv7/login.conf index 124a70eda6f..29066c4fb96 100644 --- a/etc/etc.armv7/login.conf +++ b/etc/etc.armv7/login.conf @@ -1,4 +1,4 @@ -# $OpenBSD: login.conf,v 1.11 2021/04/25 16:36:56 mortimer Exp $ +# $OpenBSD: login.conf,v 1.12 2022/01/04 13:43:14 jmc Exp $ # # Sample login.conf file. See login.conf(5) for details. @@ -12,13 +12,13 @@ # the YP password if the user has one, else change the # local password) # lchpass Do not login; change user's local password instead -# radius Use radius authentication +# ldap Use LDAP authentication +# radius Use RADIUS authentication # reject Use rejected authentication # skey Use S/Key authentication # activ ActivCard X9.9 token authentication # crypto CRYPTOCard X9.9 token authentication # snk Digital Pathways SecureNet Key authentication -# tis TIS Firewall Toolkit authentication # token Generic X9.9 token authentication # yubikey YubiKey authentication # diff --git a/etc/etc.hppa/login.conf b/etc/etc.hppa/login.conf index 7a4eb84a719..2e09c5ea729 100644 --- a/etc/etc.hppa/login.conf +++ b/etc/etc.hppa/login.conf @@ -1,4 +1,4 @@ -# $OpenBSD: login.conf,v 1.12 2021/04/25 16:36:56 mortimer Exp $ +# $OpenBSD: login.conf,v 1.13 2022/01/04 13:43:14 jmc Exp $ # # Sample login.conf file. See login.conf(5) for details. @@ -12,13 +12,13 @@ # the YP password if the user has one, else change the # local password) # lchpass Do not login; change user's local password instead -# radius Use radius authentication +# ldap Use LDAP authentication +# radius Use RADIUS authentication # reject Use rejected authentication # skey Use S/Key authentication # activ ActivCard X9.9 token authentication # crypto CRYPTOCard X9.9 token authentication # snk Digital Pathways SecureNet Key authentication -# tis TIS Firewall Toolkit authentication # token Generic X9.9 token authentication # yubikey YubiKey authentication # diff --git a/etc/etc.i386/login.conf b/etc/etc.i386/login.conf index ba5e2e40f2d..114a401000b 100644 --- a/etc/etc.i386/login.conf +++ b/etc/etc.i386/login.conf @@ -1,4 +1,4 @@ -# $OpenBSD: login.conf,v 1.14 2021/11/12 15:40:20 ajacoutot Exp $ +# $OpenBSD: login.conf,v 1.15 2022/01/04 13:43:14 jmc Exp $ # # Sample login.conf file. See login.conf(5) for details. @@ -12,13 +12,13 @@ # the YP password if the user has one, else change the # local password) # lchpass Do not login; change user's local password instead -# radius Use radius authentication +# ldap Use LDAP authentication +# radius Use RADIUS authentication # reject Use rejected authentication # skey Use S/Key authentication # activ ActivCard X9.9 token authentication # crypto CRYPTOCard X9.9 token authentication # snk Digital Pathways SecureNet Key authentication -# tis TIS Firewall Toolkit authentication # token Generic X9.9 token authentication # yubikey YubiKey authentication # diff --git a/etc/etc.landisk/login.conf b/etc/etc.landisk/login.conf index 9c8776e1dd3..a05581284cd 100644 --- a/etc/etc.landisk/login.conf +++ b/etc/etc.landisk/login.conf @@ -1,4 +1,4 @@ -# $OpenBSD: login.conf,v 1.10 2021/04/25 16:36:56 mortimer Exp $ +# $OpenBSD: login.conf,v 1.11 2022/01/04 13:43:14 jmc Exp $ # # Sample login.conf file. See login.conf(5) for details. @@ -12,13 +12,13 @@ # the YP password if the user has one, else change the # local password) # lchpass Do not login; change user's local password instead -# radius Use radius authentication +# ldap Use LDAP authentication +# radius Use RADIUS authentication # reject Use rejected authentication # skey Use S/Key authentication # activ ActivCard X9.9 token authentication # crypto CRYPTOCard X9.9 token authentication # snk Digital Pathways SecureNet Key authentication -# tis TIS Firewall Toolkit authentication # token Generic X9.9 token authentication # yubikey YubiKey authentication # diff --git a/etc/etc.loongson/login.conf b/etc/etc.loongson/login.conf index b935b0b1a74..5396087e95b 100644 --- a/etc/etc.loongson/login.conf +++ b/etc/etc.loongson/login.conf @@ -1,4 +1,4 @@ -# $OpenBSD: login.conf,v 1.15 2021/04/25 16:36:56 mortimer Exp $ +# $OpenBSD: login.conf,v 1.16 2022/01/04 13:43:14 jmc Exp $ # # Sample login.conf file. See login.conf(5) for details. @@ -12,13 +12,13 @@ # the YP password if the user has one, else change the # local password) # lchpass Do not login; change user's local password instead -# radius Use radius authentication +# ldap Use LDAP authentication +# radius Use RADIUS authentication # reject Use rejected authentication # skey Use S/Key authentication # activ ActivCard X9.9 token authentication # crypto CRYPTOCard X9.9 token authentication # snk Digital Pathways SecureNet Key authentication -# tis TIS Firewall Toolkit authentication # token Generic X9.9 token authentication # yubikey YubiKey authentication # diff --git a/etc/etc.luna88k/login.conf b/etc/etc.luna88k/login.conf index 9c8776e1dd3..a05581284cd 100644 --- a/etc/etc.luna88k/login.conf +++ b/etc/etc.luna88k/login.conf @@ -1,4 +1,4 @@ -# $OpenBSD: login.conf,v 1.10 2021/04/25 16:36:56 mortimer Exp $ +# $OpenBSD: login.conf,v 1.11 2022/01/04 13:43:14 jmc Exp $ # # Sample login.conf file. See login.conf(5) for details. @@ -12,13 +12,13 @@ # the YP password if the user has one, else change the # local password) # lchpass Do not login; change user's local password instead -# radius Use radius authentication +# ldap Use LDAP authentication +# radius Use RADIUS authentication # reject Use rejected authentication # skey Use S/Key authentication # activ ActivCard X9.9 token authentication # crypto CRYPTOCard X9.9 token authentication # snk Digital Pathways SecureNet Key authentication -# tis TIS Firewall Toolkit authentication # token Generic X9.9 token authentication # yubikey YubiKey authentication # diff --git a/etc/etc.macppc/login.conf b/etc/etc.macppc/login.conf index cc5c2485cdf..fa8e58fcfb7 100644 --- a/etc/etc.macppc/login.conf +++ b/etc/etc.macppc/login.conf @@ -1,4 +1,4 @@ -# $OpenBSD: login.conf,v 1.16 2021/09/19 18:49:09 cwen Exp $ +# $OpenBSD: login.conf,v 1.17 2022/01/04 13:43:14 jmc Exp $ # # Sample login.conf file. See login.conf(5) for details. @@ -12,13 +12,13 @@ # the YP password if the user has one, else change the # local password) # lchpass Do not login; change user's local password instead -# radius Use radius authentication +# ldap Use LDAP authentication +# radius Use RADIUS authentication # reject Use rejected authentication # skey Use S/Key authentication # activ ActivCard X9.9 token authentication # crypto CRYPTOCard X9.9 token authentication # snk Digital Pathways SecureNet Key authentication -# tis TIS Firewall Toolkit authentication # token Generic X9.9 token authentication # yubikey YubiKey authentication # diff --git a/etc/etc.octeon/login.conf b/etc/etc.octeon/login.conf index f94778573de..800ef6f7049 100644 --- a/etc/etc.octeon/login.conf +++ b/etc/etc.octeon/login.conf @@ -1,4 +1,4 @@ -# $OpenBSD: login.conf,v 1.13 2021/04/25 16:36:57 mortimer Exp $ +# $OpenBSD: login.conf,v 1.14 2022/01/04 13:43:14 jmc Exp $ # # Sample login.conf file. See login.conf(5) for details. @@ -12,13 +12,13 @@ # the YP password if the user has one, else change the # local password) # lchpass Do not login; change user's local password instead -# radius Use radius authentication +# ldap Use LDAP authentication +# radius Use RADIUS authentication # reject Use rejected authentication # skey Use S/Key authentication # activ ActivCard X9.9 token authentication # crypto CRYPTOCard X9.9 token authentication # snk Digital Pathways SecureNet Key authentication -# tis TIS Firewall Toolkit authentication # token Generic X9.9 token authentication # yubikey YubiKey authentication # diff --git a/etc/etc.powerpc64/login.conf b/etc/etc.powerpc64/login.conf index 6e863c9bddf..4811f6248f9 100644 --- a/etc/etc.powerpc64/login.conf +++ b/etc/etc.powerpc64/login.conf @@ -1,4 +1,4 @@ -# $OpenBSD: login.conf,v 1.4 2021/04/25 16:36:57 mortimer Exp $ +# $OpenBSD: login.conf,v 1.5 2022/01/04 13:43:14 jmc Exp $ # # Sample login.conf file. See login.conf(5) for details. @@ -12,13 +12,13 @@ # the YP password if the user has one, else change the # local password) # lchpass Do not login; change user's local password instead -# radius Use radius authentication +# ldap Use LDAP authentication +# radius Use RADIUS authentication # reject Use rejected authentication # skey Use S/Key authentication # activ ActivCard X9.9 token authentication # crypto CRYPTOCard X9.9 token authentication # snk Digital Pathways SecureNet Key authentication -# tis TIS Firewall Toolkit authentication # token Generic X9.9 token authentication # yubikey YubiKey authentication # diff --git a/etc/etc.riscv64/login.conf b/etc/etc.riscv64/login.conf index 18a98adf5e2..f1f6ec5f001 100644 --- a/etc/etc.riscv64/login.conf +++ b/etc/etc.riscv64/login.conf @@ -1,4 +1,4 @@ -# $OpenBSD: login.conf,v 1.2 2021/11/12 15:40:20 ajacoutot Exp $ +# $OpenBSD: login.conf,v 1.3 2022/01/04 13:43:14 jmc Exp $ # # Sample login.conf file. See login.conf(5) for details. @@ -12,13 +12,13 @@ # the YP password if the user has one, else change the # local password) # lchpass Do not login; change user's local password instead -# radius Use radius authentication +# ldap Use LDAP authentication +# radius Use RADIUS authentication # reject Use rejected authentication # skey Use S/Key authentication # activ ActivCard X9.9 token authentication # crypto CRYPTOCard X9.9 token authentication # snk Digital Pathways SecureNet Key authentication -# tis TIS Firewall Toolkit authentication # token Generic X9.9 token authentication # yubikey YubiKey authentication # diff --git a/etc/etc.sparc64/login.conf b/etc/etc.sparc64/login.conf index bb9c527919c..76efe7716f7 100644 --- a/etc/etc.sparc64/login.conf +++ b/etc/etc.sparc64/login.conf @@ -1,4 +1,4 @@ -# $OpenBSD: login.conf,v 1.17 2021/11/12 15:40:20 ajacoutot Exp $ +# $OpenBSD: login.conf,v 1.18 2022/01/04 13:43:14 jmc Exp $ # # Sample login.conf file. See login.conf(5) for details. @@ -12,13 +12,13 @@ # the YP password if the user has one, else change the # local password) # lchpass Do not login; change user's local password instead -# radius Use radius authentication +# ldap Use LDAP authentication +# radius Use RADIUS authentication # reject Use rejected authentication # skey Use S/Key authentication # activ ActivCard X9.9 token authentication # crypto CRYPTOCard X9.9 token authentication # snk Digital Pathways SecureNet Key authentication -# tis TIS Firewall Toolkit authentication # token Generic X9.9 token authentication # yubikey YubiKey authentication # diff --git a/libexec/login_radius/login_radius.8 b/libexec/login_radius/login_radius.8 index b83f49e7cb3..d61cc73c98a 100644 --- a/libexec/login_radius/login_radius.8 +++ b/libexec/login_radius/login_radius.8 @@ -1,4 +1,4 @@ -.\" $OpenBSD: login_radius.8,v 1.14 2015/10/02 13:50:17 sthen Exp $ +.\" $OpenBSD: login_radius.8,v 1.15 2022/01/04 13:43:14 jmc Exp $ .\" .\" Copyright (c) 1996 Berkeley Software Design, Inc. All rights reserved. .\" @@ -32,7 +32,7 @@ .\" .\" BSDI $From: login_radius.8,v 1.2 1996/11/11 18:42:02 prb Exp $ .\" -.Dd $Mdocdate: October 2 2015 $ +.Dd $Mdocdate: January 4 2022 $ .Dt LOGIN_RADIUS 8 .Os .Sh NAME @@ -94,7 +94,7 @@ It is expected that rather than requesting the RADIUS style directly .Nm will be linked to the various mechanisms desired. For instance, to have all CRYPTOCard and ActivCard authentication take -place on a remote server via the radius protocol, remove the +place on a remote server via the RADIUS protocol, remove the .Pa login_activ and .Pa login_crypto diff --git a/share/man/man5/login.conf.5 b/share/man/man5/login.conf.5 index e45c2984e06..da935fa223e 100644 --- a/share/man/man5/login.conf.5 +++ b/share/man/man5/login.conf.5 @@ -30,10 +30,10 @@ .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.\" $OpenBSD: login.conf.5,v 1.66 2019/09/02 21:18:41 deraadt Exp $ +.\" $OpenBSD: login.conf.5,v 1.67 2022/01/04 13:43:14 jmc Exp $ .\" BSDI $From: login.conf.5,v 2.20 2000/06/26 14:50:38 prb Exp $ .\" -.Dd $Mdocdate: September 2 2019 $ +.Dd $Mdocdate: January 4 2022 $ .Dt LOGIN.CONF 5 .Os .Sh NAME @@ -460,13 +460,18 @@ Change user's local password. See .Xr login_lchpass 8 . .\" +.It Li ldap +Authenticate using an LDAP server. +See +.Xr login_ldap 8 . +.\" .It Li passwd Request a password and check it against the password in the master.passwd file. See .Xr login_passwd 8 . .\" .It Li radius -Normally linked to another authentication type, contact the radius server +Normally linked to another authentication type, contact a RADIUS server to do authentication. See .Xr login_radius 8 .