Fincer
/
openntpd-openbsd
mirror of https://github.com/Fincer/openntpd-openbsd
1
0
Fork 0
Code Issues 0 Projects 0 Releases 61 Wiki Activity
Source code pulled from OpenBSD for OpenNTPD. The place to contribute to this code is via the OpenBSD CVS tree.
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
8727 Commits
49 Branches
422 MiB
Tree: d8877c6c9a
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'd8877c6c9a'
${ noResults }
openntpd-openbsd/src/etc/etc.macppc/login.conf

109 lines
2.5 KiB
Raw Normal View History

Remove useless line from daemon class in login.conf We used to have different numbers of blowfish rounds between the default and daemon classes in login.conf. On Jun 26, 2016, tedu committed "upgrade selected login.conf to use auto rounds for bcrypt" for amd64, sparc64, i386, and maccpc. Since the class daemon inherits from the default class, the :localcipher=blowfish,a:\ is a duplicate. ok millert@ deraadt@ sthen@
4 years ago
Add calls to setusercontext() and login_get*(). We basically call setusercontext() in most places where previously we did a setlogin(). Add default login.conf file and put root in the "daemon" login class.
24 years ago
List all authentication types; krb4-or-pwd is still the default...
23 years ago
be more consistent in terminology in comments
19 years ago
List all authentication types; krb4-or-pwd is still the default...
23 years ago
spelling/grammar fixes; from larry hynes
5 years ago
chpass will not change the kerberos password ok jmc@ millert@
19 years ago
List all authentication types; krb4-or-pwd is still the default...
23 years ago
mention radius but don't put it in the list of default authentication styles
23 years ago
add missing authentication styles. initially intended for YubiKey, jmc@ noted that list was out of date. ok deraadt@, jmc@
12 years ago
List all authentication types; krb4-or-pwd is still the default...
23 years ago
add missing authentication styles. initially intended for YubiKey, jmc@ noted that list was out of date. ok deraadt@, jmc@
12 years ago
List all authentication types; krb4-or-pwd is still the default...
23 years ago
add missing authentication styles. initially intended for YubiKey, jmc@ noted that list was out of date. ok deraadt@, jmc@
12 years ago
List all authentication types; krb4-or-pwd is still the default...
23 years ago
add auth defaults
23 years ago
be more consistent in terminology in comments
19 years ago
the kerberos people can bite me. or enable kerberos themselves if they really want this. secure by default, and as i say, bite me. millert and markus and miod ok
22 years ago
add auth defaults
23 years ago
typo in comment; from Brian Poole
19 years ago
the kerberos people can bite me. or enable kerberos themselves if they really want this. secure by default, and as i say, bite me. millert and markus and miod ok
22 years ago
List all authentication types; krb4-or-pwd is still the default...
23 years ago
zap trailing spaces and tabs
22 years ago
List all authentication types; krb4-or-pwd is still the default...
23 years ago
spelling/grammar fixes; from larry hynes
5 years ago
List all authentication types; krb4-or-pwd is still the default...
23 years ago
Add calls to setusercontext() and login_get*(). We basically call setusercontext() in most places where previously we did a setlogin(). Add default login.conf file and put root in the "daemon" login class.
24 years ago
Add /usr/local/sbin to the default path (/sbin and /usr/sbin are already there). ok sthen@ millert@ gilles@ deraadt@
12 years ago
Add calls to setusercontext() and login_get*(). We basically call setusercontext() in most places where previously we did a setlogin(). Add default login.conf file and put root in the "daemon" login class.
24 years ago
grow limits a bit because clang is a pig.
4 years ago
end experimental login.conf template support. one file per machine. ok deraadt millert
10 years ago
List openfiles-max explicitly in default /etc/login.conf files. Otherwise, raising openfiles-cur above the implicit -max value (1024 on at least the common arch) results in the setting not being applied at all. Earlier version OK tom@ danj@ ajacoutot@ benno@ krw@ beck@, suggestion about openfiles= from millert@ - changes in this version are to use 1024 for -max rather than 512 to avoid changing the existing hard limit, and just use openfiles= for bgpd/unbound where max and cur are the same value.
7 years ago
end experimental login.conf template support. one file per machine. ok deraadt millert
10 years ago
add auth defaults
23 years ago
upgrade selected login.conf to use auto rounds for bcrypt. the installer already does this, so we don't want to go backwards on password changes. ok krw
8 years ago
add auth defaults
23 years ago
Add calls to setusercontext() and login_get*(). We basically call setusercontext() in most places where previously we did a setlogin(). Add default login.conf file and put root in the "daemon" login class.
24 years ago
spelling/grammar fixes; from larry hynes
5 years ago
Add calls to setusercontext() and login_get*(). We basically call setusercontext() in most places where previously we did a setlogin(). Add default login.conf file and put root in the "daemon" login class.
24 years ago
List openfiles-max explicitly in default /etc/login.conf files. Otherwise, raising openfiles-cur above the implicit -max value (1024 on at least the common arch) results in the setting not being applied at all. Earlier version OK tom@ danj@ ajacoutot@ benno@ krw@ beck@, suggestion about openfiles= from millert@ - changes in this version are to use 1024 for -max rather than 512 to avoid changing the existing hard limit, and just use openfiles= for bgpd/unbound where max and cur are the same value.
7 years ago
Add calls to setusercontext() and login_get*(). We basically call setusercontext() in most places where previously we did a setlogin(). Add default login.conf file and put root in the "daemon" login class.
24 years ago
end experimental login.conf template support. one file per machine. ok deraadt millert
10 years ago
Add calls to setusercontext() and login_get*(). We basically call setusercontext() in most places where previously we did a setlogin(). Add default login.conf file and put root in the "daemon" login class.
24 years ago
Add authpf class as per the pf faq; from Alex Holst. OK beck@.
17 years ago
Show an example of overriding a limit for a specific daemon with rc.d(8). Use bgpd(8) for this which on a peering router often needs openfiles-cur to be higher than the default. ok henning@ claudio@ deraadt@
13 years ago
add class used by the _pbuild user for DPB, ok ajacoutot@
8 years ago
Add a default priority of 5 for user _pbuild, this should help keeping system responsive during packages compilation, especially on slower machines. feedback welcome from people building ports discussed with deraadt@
4 years ago
add class used by the _pbuild user for DPB, ok ajacoutot@
8 years ago
Show an example of overriding a limit for a specific daemon with rc.d(8). Use bgpd(8) for this which on a peering router often needs openfiles-cur to be higher than the default. ok henning@ claudio@ deraadt@
13 years ago
List openfiles-max explicitly in default /etc/login.conf files. Otherwise, raising openfiles-cur above the implicit -max value (1024 on at least the common arch) results in the setting not being applied at all. Earlier version OK tom@ danj@ ajacoutot@ benno@ krw@ beck@, suggestion about openfiles= from millert@ - changes in this version are to use 1024 for -max rather than 512 to avoid changing the existing hard limit, and just use openfiles= for bgpd/unbound where max and cur are the same value.
7 years ago
Show an example of overriding a limit for a specific daemon with rc.d(8). Use bgpd(8) for this which on a peering router often needs openfiles-cur to be higher than the default. ok henning@ claudio@ deraadt@
13 years ago
Add class section for unbound, using openfiles-cur=512 rather than the daemon class' default of 128. Reminded by/ok ajacoutot@
9 years ago
List openfiles-max explicitly in default /etc/login.conf files. Otherwise, raising openfiles-cur above the implicit -max value (1024 on at least the common arch) results in the setting not being applied at all. Earlier version OK tom@ danj@ ajacoutot@ benno@ krw@ beck@, suggestion about openfiles= from millert@ - changes in this version are to use 1024 for -max rather than 512 to avoid changing the existing hard limit, and just use openfiles= for bgpd/unbound where max and cur are the same value.
7 years ago
Add class section for unbound, using openfiles-cur=512 rather than the daemon class' default of 128. Reminded by/ok ajacoutot@
9 years ago
 
  1. # $OpenBSD: login.conf,v 1.13 2020/05/23 13:16:03 danj Exp $
  2. 

  3. #
  4. # Sample login.conf file.  See login.conf(5) for details.
  5. #
  6. 

  7. #
  8. # Standard authentication styles:
  9. #
  10. # passwd	Use only the local password file
  11. # chpass	Do not authenticate, but change user's password (change
  12. #		the YP password if the user has one, else change the
  13. #		local password)
  14. # lchpass	Do not login; change user's local password instead
  15. # radius	Use radius authentication
  16. # reject	Use rejected authentication
  17. # skey		Use S/Key authentication
  18. # activ		ActivCard X9.9 token authentication
  19. # crypto	CRYPTOCard X9.9 token authentication
  20. # snk		Digital Pathways SecureNet Key authentication
  21. # tis		TIS Firewall Toolkit authentication
  22. # token		Generic X9.9 token authentication
  23. # yubikey	YubiKey authentication
  24. #
  25. 

  26. # Default allowed authentication styles
  27. auth-defaults:auth=passwd,skey:
  28. 

  29. # Default allowed authentication styles for authentication type ftp
  30. auth-ftp-defaults:auth-ftp=passwd:
  31. 

  32. #
  33. # The default values
  34. # To alter the default authentication types change the line:
  35. #	:tc=auth-defaults:\
  36. # to read something like: (enables passwd, "myauth", and activ)
  37. #	:auth=passwd,myauth,activ:\
  38. # Any value changed in the daemon class should be reset in default
  39. # class.
  40. #
  41. default:\
  42. 	:path=/usr/bin /bin /usr/sbin /sbin /usr/X11R6/bin /usr/local/bin /usr/local/sbin:\
  43. 	:umask=022:\
  44. 	:datasize-max=2048M:\
  45. 	:datasize-cur=2048M:\
  46. 	:maxproc-max=256:\
  47. 	:maxproc-cur=128:\
  48. 	:openfiles-max=1024:\
  49. 	:openfiles-cur=512:\
  50. 	:stacksize-cur=4M:\
  51. 	:localcipher=blowfish,a:\
  52. 	:tc=auth-defaults:\
  53. 	:tc=auth-ftp-defaults:
  54. 

  55. #
  56. # Settings used by /etc/rc and root
  57. # This must be set properly for daemons started as root by inetd as well.
  58. # Be sure to reset these values to system defaults in the default class!
  59. #
  60. daemon:\
  61. 	:ignorenologin:\
  62. 	:datasize=infinity:\
  63. 	:maxproc=infinity:\
  64. 	:openfiles-max=1024:\
  65. 	:openfiles-cur=128:\
  66. 	:stacksize-cur=8M:\
  67. 	:tc=default:
  68. 

  69. #
  70. # Staff have fewer restrictions and can login even when nologins are set.
  71. #
  72. staff:\
  73. 	:datasize-cur=512M:\
  74. 	:datasize-max=infinity:\
  75. 	:maxproc-max=512:\
  76. 	:maxproc-cur=128:\
  77. 	:ignorenologin:\
  78. 	:requirehome@:\
  79. 	:tc=default:
  80. 

  81. #
  82. # Authpf accounts get a special motd and shell
  83. #
  84. authpf:\
  85. 	:welcome=/etc/motd.authpf:\
  86. 	:shell=/usr/sbin/authpf:\
  87. 	:tc=default:
  88. 

  89. #
  90. # Building ports with DPB uses raised limits
  91. #
  92. pbuild:\
  93. 	:datasize-max=infinity:\
  94. 	:datasize-cur=1024M:\
  95. 	:maxproc-max=1024:\
  96. 	:maxproc-cur=256:\
  97. 	:priority=5:\
  98. 	:tc=default:
  99. 

  100. #
  101. # Override resource limits for certain daemons started by rc.d(8)
  102. #
  103. bgpd:\
  104. 	:openfiles=512:\
  105. 	:tc=daemon:
  106. 

  107. unbound:\
  108. 	:openfiles=512:\
  109. 	:tc=daemon: