end experimental login.conf template support. one file per machine.

ok deraadt millert

src/etc/Makefile

@@ -1,4 +1,4 @@
-#	$OpenBSD: Makefile,v 1.350 2014/03/24 20:40:03 sthen Exp $
+#	$OpenBSD: Makefile,v 1.351 2014/03/26 20:17:00 tedu Exp $
 
 TZDIR=		/usr/share/zoneinfo
 LOCALTIME=	Canada/Mountain
@@ -36,6 +36,7 @@ BIN1=	changelist csh.cshrc csh.login csh.logout daily dhcpd.conf \
 	netstart networks newsyslog.conf printcap protocols \
 	rbootd.conf rc rc.conf rc.local rc.securelevel rc.shutdown \
 	remote rpc services shells syslog.conf weekly \
+	etc.${MACHINE}/login.conf \
 	etc.${MACHINE}/disktab dhclient.conf mailer.conf ntpd.conf \
 	moduli pf.os sensorsd.conf ifstated.conf mixerctl.conf
 
@@ -104,10 +105,6 @@ distribution-etc-root-var: distrib-dirs
 	    chown ${BINOWN} ${DESTDIR}/etc/fbtab && \
 	    chgrp ${BINGRP} ${DESTDIR}/etc/fbtab && \
 	    chmod 644 ${DESTDIR}/etc/fbtab
-	awk -f mklogin.conf `test -f etc.${MACHINE}/login.conf.overrides && echo etc.${MACHINE}/login.conf.overrides` < login.conf.in > \
-	    ${DESTDIR}/etc/login.conf && \
-	    chown ${BINOWN}:${BINGRP} ${DESTDIR}/etc/login.conf && \
-	    chmod 644 ${DESTDIR}/etc/login.conf
 	${INSTALL} -c -o ${BINOWN} -g ${BINGRP} -m 664 ${BIN2} ${DESTDIR}/etc
 	${INSTALL} -c -o root -g wheel -m 600 hosts.equiv ${DESTDIR}/etc
 	${INSTALL} -c -o root -g crontab -m 600 crontab ${DESTDIR}/var/cron/tabs/root

src/etc/login.conf.in → src/etc/etc.alpha/login.conf

@@ -1,4 +1,4 @@
-# $OpenBSD: login.conf.in,v 1.6 2012/02/06 21:25:13 sobrado Exp $
+# $OpenBSD: login.conf,v 1.1 2014/03/26 20:17:00 tedu Exp $
 
 #
 # Sample login.conf file.  See login.conf(5) for details.
@@ -43,13 +43,13 @@ auth-ftp-defaults:auth-ftp=passwd:
 default:\
 	:path=/usr/bin /bin /usr/sbin /sbin /usr/X11R6/bin /usr/local/bin /usr/local/sbin:\
 	:umask=022:\
-	:datasize-max=@DEF_DATASIZE_MAX@:\
-	:datasize-cur=@DEF_DATASIZE_CUR@:\
-	:maxproc-max=@DEF_MAXPROC_MAX@:\
-	:maxproc-cur=@DEF_MAXPROC_CUR@:\
-	:openfiles-cur=@DEF_OPENFILES_CUR@:\
+	:datasize-max=512M:\
+	:datasize-cur=512M:\
+	:maxproc-max=256:\
+	:maxproc-cur=128:\
+	:openfiles-cur=512:\
 	:stacksize-cur=4M:\
-	:localcipher=blowfish,@DEF_BLOWFISH_RNDS@:\
+	:localcipher=blowfish,8:\
 	:ypcipher=old:\
 	:tc=auth-defaults:\
 	:tc=auth-ftp-defaults:
@@ -65,17 +65,17 @@ daemon:\
 	:maxproc=infinity:\
 	:openfiles-cur=128:\
 	:stacksize-cur=8M:\
-	:localcipher=blowfish,@ROOT_BLOWFISH_RNDS@:\
+	:localcipher=blowfish,9:\
 	:tc=default:
 
 #
 # Staff have fewer restrictions and can login even when nologins are set.
 #
 staff:\
-	:datasize-cur=@STAFF_DATASIZE_CUR@:\
-	:datasize-max=@STAFF_DATASIZE_MAX@:\
-	:maxproc-max=@STAFF_MAXPROC_MAX@:\
-	:maxproc-cur=@STAFF_MAXPROC_CUR@:\
+	:datasize-cur=512M:\
+	:datasize-max=infinity:\
+	:maxproc-max=512:\
+	:maxproc-cur=128:\
 	:ignorenologin:\
 	:requirehome@:\
 	:tc=default:

src/etc/etc.amd64/login.conf

@@ -0,0 +1,96 @@
+# $OpenBSD: login.conf,v 1.1 2014/03/26 20:17:00 tedu Exp $
+
+#
+# Sample login.conf file.  See login.conf(5) for details.
+#
+
+#
+# Standard authentication styles:
+#
+# krb5-or-pwd	First try Kerberos V password, then local password file
+# passwd	Use only the local password file
+# krb5		Use only the Kerberos V password
+# chpass	Do not authenticate, but change users password (change
+#		the YP password if the user has one, else change the
+#		local password)
+# lchpass	Do not login; change user's local password instead
+# radius	Use radius authentication
+# reject	Use rejected authentication
+# skey		Use S/Key authentication
+# activ		ActivCard X9.9 token authentication
+# crypto	CRYPTOCard X9.9 token authentication
+# snk		Digital Pathways SecureNet Key authentication
+# tis		TIS Firewall Toolkit authentication
+# token		Generic X9.9 token authentication
+# yubikey	YubiKey authentication
+#
+
+# Default allowed authentication styles
+auth-defaults:auth=passwd,skey:
+
+# Default allowed authentication styles for authentication type ftp
+auth-ftp-defaults:auth-ftp=passwd:
+
+#
+# The default values
+# To alter the default authentication types change the line:
+#	:tc=auth-defaults:\
+# to be read something like: (enables passwd, "myauth", and activ)
+#	:auth=passwd,myauth,activ:\
+# Any value changed in the daemon class should be reset in default
+# class.
+#
+default:\
+	:path=/usr/bin /bin /usr/sbin /sbin /usr/X11R6/bin /usr/local/bin /usr/local/sbin:\
+	:umask=022:\
+	:datasize-max=512M:\
+	:datasize-cur=512M:\
+	:maxproc-max=256:\
+	:maxproc-cur=128:\
+	:openfiles-cur=512:\
+	:stacksize-cur=4M:\
+	:localcipher=blowfish,8:\
+	:ypcipher=old:\
+	:tc=auth-defaults:\
+	:tc=auth-ftp-defaults:
+
+#
+# Settings used by /etc/rc and root
+# This must be set properly for daemons started as root by inetd as well.
+# Be sure reset these values back to system defaults in the default class!
+#
+daemon:\
+	:ignorenologin:\
+	:datasize=infinity:\
+	:maxproc=infinity:\
+	:openfiles-cur=128:\
+	:stacksize-cur=8M:\
+	:localcipher=blowfish,9:\
+	:tc=default:
+
+#
+# Staff have fewer restrictions and can login even when nologins are set.
+#
+staff:\
+	:datasize-cur=512M:\
+	:datasize-max=infinity:\
+	:maxproc-max=512:\
+	:maxproc-cur=128:\
+	:ignorenologin:\
+	:requirehome@:\
+	:tc=default:
+
+#
+# Authpf accounts get a special motd and shell
+#
+authpf:\
+	:welcome=/etc/motd.authpf:\
+	:shell=/usr/sbin/authpf:\
+	:tc=default:
+
+#
+# Override resource limits for certain daemons started by rc.d(8)
+#
+bgpd:\
+	:openfiles-cur=512:\
+	:tc=daemon:

src/etc/etc.armish/login.conf

@@ -0,0 +1,96 @@
+# $OpenBSD: login.conf,v 1.1 2014/03/26 20:17:00 tedu Exp $
+
+#
+# Sample login.conf file.  See login.conf(5) for details.
+#
+
+#
+# Standard authentication styles:
+#
+# krb5-or-pwd	First try Kerberos V password, then local password file
+# passwd	Use only the local password file
+# krb5		Use only the Kerberos V password
+# chpass	Do not authenticate, but change users password (change
+#		the YP password if the user has one, else change the
+#		local password)
+# lchpass	Do not login; change user's local password instead
+# radius	Use radius authentication
+# reject	Use rejected authentication
+# skey		Use S/Key authentication
+# activ		ActivCard X9.9 token authentication
+# crypto	CRYPTOCard X9.9 token authentication
+# snk		Digital Pathways SecureNet Key authentication
+# tis		TIS Firewall Toolkit authentication
+# token		Generic X9.9 token authentication
+# yubikey	YubiKey authentication
+#
+
+# Default allowed authentication styles
+auth-defaults:auth=passwd,skey:
+
+# Default allowed authentication styles for authentication type ftp
+auth-ftp-defaults:auth-ftp=passwd:
+
+#
+# The default values
+# To alter the default authentication types change the line:
+#	:tc=auth-defaults:\
+# to be read something like: (enables passwd, "myauth", and activ)
+#	:auth=passwd,myauth,activ:\
+# Any value changed in the daemon class should be reset in default
+# class.
+#
+default:\
+	:path=/usr/bin /bin /usr/sbin /sbin /usr/X11R6/bin /usr/local/bin /usr/local/sbin:\
+	:umask=022:\
+	:datasize-max=512M:\
+	:datasize-cur=512M:\
+	:maxproc-max=256:\
+	:maxproc-cur=128:\
+	:openfiles-cur=512:\
+	:stacksize-cur=4M:\
+	:localcipher=blowfish,8:\
+	:ypcipher=old:\
+	:tc=auth-defaults:\
+	:tc=auth-ftp-defaults:
+
+#
+# Settings used by /etc/rc and root
+# This must be set properly for daemons started as root by inetd as well.
+# Be sure reset these values back to system defaults in the default class!
+#
+daemon:\
+	:ignorenologin:\
+	:datasize=infinity:\
+	:maxproc=infinity:\
+	:openfiles-cur=128:\
+	:stacksize-cur=8M:\
+	:localcipher=blowfish,9:\
+	:tc=default:
+
+#
+# Staff have fewer restrictions and can login even when nologins are set.
+#
+staff:\
+	:datasize-cur=512M:\
+	:datasize-max=infinity:\
+	:maxproc-max=512:\
+	:maxproc-cur=128:\
+	:ignorenologin:\
+	:requirehome@:\
+	:tc=default:
+
+#
+# Authpf accounts get a special motd and shell
+#
+authpf:\
+	:welcome=/etc/motd.authpf:\
+	:shell=/usr/sbin/authpf:\
+	:tc=default:
+
+#
+# Override resource limits for certain daemons started by rc.d(8)
+#
+bgpd:\
+	:openfiles-cur=512:\
+	:tc=daemon:

src/etc/etc.armv7/login.conf

@@ -0,0 +1,96 @@
+# $OpenBSD: login.conf,v 1.1 2014/03/26 20:17:00 tedu Exp $
+
+#
+# Sample login.conf file.  See login.conf(5) for details.
+#
+
+#
+# Standard authentication styles:
+#
+# krb5-or-pwd	First try Kerberos V password, then local password file
+# passwd	Use only the local password file
+# krb5		Use only the Kerberos V password
+# chpass	Do not authenticate, but change users password (change
+#		the YP password if the user has one, else change the
+#		local password)
+# lchpass	Do not login; change user's local password instead
+# radius	Use radius authentication
+# reject	Use rejected authentication
+# skey		Use S/Key authentication
+# activ		ActivCard X9.9 token authentication
+# crypto	CRYPTOCard X9.9 token authentication
+# snk		Digital Pathways SecureNet Key authentication
+# tis		TIS Firewall Toolkit authentication
+# token		Generic X9.9 token authentication
+# yubikey	YubiKey authentication
+#
+
+# Default allowed authentication styles
+auth-defaults:auth=passwd,skey:
+
+# Default allowed authentication styles for authentication type ftp
+auth-ftp-defaults:auth-ftp=passwd:
+
+#
+# The default values
+# To alter the default authentication types change the line:
+#	:tc=auth-defaults:\
+# to be read something like: (enables passwd, "myauth", and activ)
+#	:auth=passwd,myauth,activ:\
+# Any value changed in the daemon class should be reset in default
+# class.
+#
+default:\
+	:path=/usr/bin /bin /usr/sbin /sbin /usr/X11R6/bin /usr/local/bin /usr/local/sbin:\
+	:umask=022:\
+	:datasize-max=512M:\
+	:datasize-cur=512M:\
+	:maxproc-max=256:\
+	:maxproc-cur=128:\
+	:openfiles-cur=512:\
+	:stacksize-cur=4M:\
+	:localcipher=blowfish,8:\
+	:ypcipher=old:\
+	:tc=auth-defaults:\
+	:tc=auth-ftp-defaults:
+
+#
+# Settings used by /etc/rc and root
+# This must be set properly for daemons started as root by inetd as well.
+# Be sure reset these values back to system defaults in the default class!
+#
+daemon:\
+	:ignorenologin:\
+	:datasize=infinity:\
+	:maxproc=infinity:\
+	:openfiles-cur=128:\
+	:stacksize-cur=8M:\
+	:localcipher=blowfish,9:\
+	:tc=default:
+
+#
+# Staff have fewer restrictions and can login even when nologins are set.
+#
+staff:\
+	:datasize-cur=512M:\
+	:datasize-max=infinity:\
+	:maxproc-max=512:\
+	:maxproc-cur=128:\
+	:ignorenologin:\
+	:requirehome@:\
+	:tc=default:
+
+#
+# Authpf accounts get a special motd and shell
+#
+authpf:\
+	:welcome=/etc/motd.authpf:\
+	:shell=/usr/sbin/authpf:\
+	:tc=default:
+
+#
+# Override resource limits for certain daemons started by rc.d(8)
+#
+bgpd:\
+	:openfiles-cur=512:\
+	:tc=daemon:

src/etc/etc.aviion/login.conf

@@ -0,0 +1,96 @@
+# $OpenBSD: login.conf,v 1.1 2014/03/26 20:17:00 tedu Exp $
+
+#
+# Sample login.conf file.  See login.conf(5) for details.
+#
+
+#
+# Standard authentication styles:
+#
+# krb5-or-pwd	First try Kerberos V password, then local password file
+# passwd	Use only the local password file
+# krb5		Use only the Kerberos V password
+# chpass	Do not authenticate, but change users password (change
+#		the YP password if the user has one, else change the
+#		local password)
+# lchpass	Do not login; change user's local password instead
+# radius	Use radius authentication
+# reject	Use rejected authentication
+# skey		Use S/Key authentication
+# activ		ActivCard X9.9 token authentication
+# crypto	CRYPTOCard X9.9 token authentication
+# snk		Digital Pathways SecureNet Key authentication
+# tis		TIS Firewall Toolkit authentication
+# token		Generic X9.9 token authentication
+# yubikey	YubiKey authentication
+#
+
+# Default allowed authentication styles
+auth-defaults:auth=passwd,skey:
+
+# Default allowed authentication styles for authentication type ftp
+auth-ftp-defaults:auth-ftp=passwd:
+
+#
+# The default values
+# To alter the default authentication types change the line:
+#	:tc=auth-defaults:\
+# to be read something like: (enables passwd, "myauth", and activ)
+#	:auth=passwd,myauth,activ:\
+# Any value changed in the daemon class should be reset in default
+# class.
+#
+default:\
+	:path=/usr/bin /bin /usr/sbin /sbin /usr/X11R6/bin /usr/local/bin /usr/local/sbin:\
+	:umask=022:\
+	:datasize-max=512M:\
+	:datasize-cur=512M:\
+	:maxproc-max=256:\
+	:maxproc-cur=128:\
+	:openfiles-cur=512:\
+	:stacksize-cur=4M:\
+	:localcipher=blowfish,8:\
+	:ypcipher=old:\
+	:tc=auth-defaults:\
+	:tc=auth-ftp-defaults:
+
+#
+# Settings used by /etc/rc and root
+# This must be set properly for daemons started as root by inetd as well.
+# Be sure reset these values back to system defaults in the default class!
+#
+daemon:\
+	:ignorenologin:\
+	:datasize=infinity:\
+	:maxproc=infinity:\
+	:openfiles-cur=128:\
+	:stacksize-cur=8M:\
+	:localcipher=blowfish,9:\
+	:tc=default:
+
+#
+# Staff have fewer restrictions and can login even when nologins are set.
+#
+staff:\
+	:datasize-cur=512M:\
+	:datasize-max=infinity:\
+	:maxproc-max=512:\
+	:maxproc-cur=128:\
+	:ignorenologin:\
+	:requirehome@:\
+	:tc=default:
+
+#
+# Authpf accounts get a special motd and shell
+#
+authpf:\
+	:welcome=/etc/motd.authpf:\
+	:shell=/usr/sbin/authpf:\
+	:tc=default:
+
+#
+# Override resource limits for certain daemons started by rc.d(8)
+#
+bgpd:\
+	:openfiles-cur=512:\
+	:tc=daemon:

src/etc/etc.hppa/login.conf

@@ -0,0 +1,96 @@
+# $OpenBSD: login.conf,v 1.1 2014/03/26 20:17:00 tedu Exp $
+
+#
+# Sample login.conf file.  See login.conf(5) for details.
+#
+
+#
+# Standard authentication styles:
+#
+# krb5-or-pwd	First try Kerberos V password, then local password file
+# passwd	Use only the local password file
+# krb5		Use only the Kerberos V password
+# chpass	Do not authenticate, but change users password (change
+#		the YP password if the user has one, else change the
+#		local password)
+# lchpass	Do not login; change user's local password instead
+# radius	Use radius authentication
+# reject	Use rejected authentication
+# skey		Use S/Key authentication
+# activ		ActivCard X9.9 token authentication
+# crypto	CRYPTOCard X9.9 token authentication
+# snk		Digital Pathways SecureNet Key authentication
+# tis		TIS Firewall Toolkit authentication
+# token		Generic X9.9 token authentication
+# yubikey	YubiKey authentication
+#
+
+# Default allowed authentication styles
+auth-defaults:auth=passwd,skey:
+
+# Default allowed authentication styles for authentication type ftp
+auth-ftp-defaults:auth-ftp=passwd:
+
+#
+# The default values
+# To alter the default authentication types change the line:
+#	:tc=auth-defaults:\
+# to be read something like: (enables passwd, "myauth", and activ)
+#	:auth=passwd,myauth,activ:\
+# Any value changed in the daemon class should be reset in default
+# class.
+#
+default:\
+	:path=/usr/bin /bin /usr/sbin /sbin /usr/X11R6/bin /usr/local/bin /usr/local/sbin:\
+	:umask=022:\
+	:datasize-max=512M:\
+	:datasize-cur=512M:\
+	:maxproc-max=256:\
+	:maxproc-cur=128:\
+	:openfiles-cur=512:\
+	:stacksize-cur=4M:\
+	:localcipher=blowfish,8:\
+	:ypcipher=old:\
+	:tc=auth-defaults:\
+	:tc=auth-ftp-defaults:
+
+#
+# Settings used by /etc/rc and root
+# This must be set properly for daemons started as root by inetd as well.
+# Be sure reset these values back to system defaults in the default class!
+#
+daemon:\
+	:ignorenologin:\
+	:datasize=infinity:\
+	:maxproc=infinity:\
+	:openfiles-cur=128:\
+	:stacksize-cur=8M:\
+	:localcipher=blowfish,9:\
+	:tc=default:
+
+#
+# Staff have fewer restrictions and can login even when nologins are set.
+#
+staff:\
+	:datasize-cur=512M:\
+	:datasize-max=infinity:\
+	:maxproc-max=512:\
+	:maxproc-cur=128:\
+	:ignorenologin:\
+	:requirehome@:\
+	:tc=default:
+
+#
+# Authpf accounts get a special motd and shell
+#
+authpf:\
+	:welcome=/etc/motd.authpf:\
+	:shell=/usr/sbin/authpf:\
+	:tc=default:
+
+#
+# Override resource limits for certain daemons started by rc.d(8)
+#
+bgpd:\
+	:openfiles-cur=512:\
+	:tc=daemon:

src/etc/etc.hppa64/login.conf

@@ -0,0 +1,96 @@
+# $OpenBSD: login.conf,v 1.1 2014/03/26 20:17:00 tedu Exp $
+
+#
+# Sample login.conf file.  See login.conf(5) for details.
+#
+
+#
+# Standard authentication styles:
+#
+# krb5-or-pwd	First try Kerberos V password, then local password file
+# passwd	Use only the local password file
+# krb5		Use only the Kerberos V password
+# chpass	Do not authenticate, but change users password (change
+#		the YP password if the user has one, else change the
+#		local password)
+# lchpass	Do not login; change user's local password instead
+# radius	Use radius authentication
+# reject	Use rejected authentication
+# skey		Use S/Key authentication
+# activ		ActivCard X9.9 token authentication
+# crypto	CRYPTOCard X9.9 token authentication
+# snk		Digital Pathways SecureNet Key authentication
+# tis		TIS Firewall Toolkit authentication
+# token		Generic X9.9 token authentication
+# yubikey	YubiKey authentication
+#
+
+# Default allowed authentication styles
+auth-defaults:auth=passwd,skey:
+
+# Default allowed authentication styles for authentication type ftp
+auth-ftp-defaults:auth-ftp=passwd:
+
+#
+# The default values
+# To alter the default authentication types change the line:
+#	:tc=auth-defaults:\
+# to be read something like: (enables passwd, "myauth", and activ)
+#	:auth=passwd,myauth,activ:\
+# Any value changed in the daemon class should be reset in default
+# class.
+#
+default:\
+	:path=/usr/bin /bin /usr/sbin /sbin /usr/X11R6/bin /usr/local/bin /usr/local/sbin:\
+	:umask=022:\
+	:datasize-max=512M:\
+	:datasize-cur=512M:\
+	:maxproc-max=256:\
+	:maxproc-cur=128:\
+	:openfiles-cur=512:\
+	:stacksize-cur=4M:\
+	:localcipher=blowfish,8:\
+	:ypcipher=old:\
+	:tc=auth-defaults:\
+	:tc=auth-ftp-defaults:
+
+#
+# Settings used by /etc/rc and root
+# This must be set properly for daemons started as root by inetd as well.
+# Be sure reset these values back to system defaults in the default class!
+#
+daemon:\
+	:ignorenologin:\
+	:datasize=infinity:\
+	:maxproc=infinity:\
+	:openfiles-cur=128:\
+	:stacksize-cur=8M:\
+	:localcipher=blowfish,9:\
+	:tc=default:
+
+#
+# Staff have fewer restrictions and can login even when nologins are set.
+#
+staff:\
+	:datasize-cur=512M:\
+	:datasize-max=infinity:\
+	:maxproc-max=512:\
+	:maxproc-cur=128:\
+	:ignorenologin:\
+	:requirehome@:\
+	:tc=default:
+
+#
+# Authpf accounts get a special motd and shell
+#
+authpf:\
+	:welcome=/etc/motd.authpf:\
+	:shell=/usr/sbin/authpf:\
+	:tc=default:
+
+#
+# Override resource limits for certain daemons started by rc.d(8)
+#
+bgpd:\
+	:openfiles-cur=512:\
+	:tc=daemon:

src/etc/etc.i386/login.conf

@@ -0,0 +1,96 @@
+# $OpenBSD: login.conf,v 1.1 2014/03/26 20:17:00 tedu Exp $
+
+#
+# Sample login.conf file.  See login.conf(5) for details.
+#
+
+#
+# Standard authentication styles:
+#
+# krb5-or-pwd	First try Kerberos V password, then local password file
+# passwd	Use only the local password file
+# krb5		Use only the Kerberos V password
+# chpass	Do not authenticate, but change users password (change
+#		the YP password if the user has one, else change the
+#		local password)
+# lchpass	Do not login; change user's local password instead
+# radius	Use radius authentication
+# reject	Use rejected authentication
+# skey		Use S/Key authentication
+# activ		ActivCard X9.9 token authentication
+# crypto	CRYPTOCard X9.9 token authentication
+# snk		Digital Pathways SecureNet Key authentication
+# tis		TIS Firewall Toolkit authentication
+# token		Generic X9.9 token authentication
+# yubikey	YubiKey authentication
+#
+
+# Default allowed authentication styles
+auth-defaults:auth=passwd,skey:
+
+# Default allowed authentication styles for authentication type ftp
+auth-ftp-defaults:auth-ftp=passwd:
+
+#
+# The default values
+# To alter the default authentication types change the line:
+#	:tc=auth-defaults:\
+# to be read something like: (enables passwd, "myauth", and activ)
+#	:auth=passwd,myauth,activ:\
+# Any value changed in the daemon class should be reset in default
+# class.
+#
+default:\
+	:path=/usr/bin /bin /usr/sbin /sbin /usr/X11R6/bin /usr/local/bin /usr/local/sbin:\
+	:umask=022:\
+	:datasize-max=512M:\
+	:datasize-cur=512M:\
+	:maxproc-max=256:\
+	:maxproc-cur=128:\
+	:openfiles-cur=512:\
+	:stacksize-cur=4M:\
+	:localcipher=blowfish,8:\
+	:ypcipher=old:\
+	:tc=auth-defaults:\
+	:tc=auth-ftp-defaults:
+
+#
+# Settings used by /etc/rc and root
+# This must be set properly for daemons started as root by inetd as well.
+# Be sure reset these values back to system defaults in the default class!
+#
+daemon:\
+	:ignorenologin:\
+	:datasize=infinity:\
+	:maxproc=infinity:\
+	:openfiles-cur=128:\
+	:stacksize-cur=8M:\
+	:localcipher=blowfish,9:\
+	:tc=default:
+
+#
+# Staff have fewer restrictions and can login even when nologins are set.
+#
+staff:\
+	:datasize-cur=512M:\
+	:datasize-max=infinity:\
+	:maxproc-max=512:\
+	:maxproc-cur=128:\
+	:ignorenologin:\
+	:requirehome@:\
+	:tc=default:
+
+#
+# Authpf accounts get a special motd and shell
+#
+authpf:\
+	:welcome=/etc/motd.authpf:\
+	:shell=/usr/sbin/authpf:\
+	:tc=default:
+
+#
+# Override resource limits for certain daemons started by rc.d(8)
+#
+bgpd:\
+	:openfiles-cur=512:\
+	:tc=daemon:

src/etc/etc.landisk/login.conf

@@ -0,0 +1,96 @@
+# $OpenBSD: login.conf,v 1.1 2014/03/26 20:17:01 tedu Exp $
+
+#
+# Sample login.conf file.  See login.conf(5) for details.
+#
+
+#
+# Standard authentication styles:
+#
+# krb5-or-pwd	First try Kerberos V password, then local password file
+# passwd	Use only the local password file
+# krb5		Use only the Kerberos V password
+# chpass	Do not authenticate, but change users password (change
+#		the YP password if the user has one, else change the
+#		local password)
+# lchpass	Do not login; change user's local password instead
+# radius	Use radius authentication
+# reject	Use rejected authentication
+# skey		Use S/Key authentication
+# activ		ActivCard X9.9 token authentication
+# crypto	CRYPTOCard X9.9 token authentication
+# snk		Digital Pathways SecureNet Key authentication
+# tis		TIS Firewall Toolkit authentication
+# token		Generic X9.9 token authentication
+# yubikey	YubiKey authentication
+#
+
+# Default allowed authentication styles
+auth-defaults:auth=passwd,skey:
+
+# Default allowed authentication styles for authentication type ftp
+auth-ftp-defaults:auth-ftp=passwd:
+
+#
+# The default values
+# To alter the default authentication types change the line:
+#	:tc=auth-defaults:\
+# to be read something like: (enables passwd, "myauth", and activ)
+#	:auth=passwd,myauth,activ:\
+# Any value changed in the daemon class should be reset in default
+# class.
+#
+default:\
+	:path=/usr/bin /bin /usr/sbin /sbin /usr/X11R6/bin /usr/local/bin /usr/local/sbin:\
+	:umask=022:\
+	:datasize-max=512M:\
+	:datasize-cur=512M:\
+	:maxproc-max=256:\
+	:maxproc-cur=128:\
+	:openfiles-cur=512:\
+	:stacksize-cur=4M:\
+	:localcipher=blowfish,8:\
+	:ypcipher=old:\
+	:tc=auth-defaults:\
+	:tc=auth-ftp-defaults:
+
+#
+# Settings used by /etc/rc and root
+# This must be set properly for daemons started as root by inetd as well.
+# Be sure reset these values back to system defaults in the default class!
+#
+daemon:\
+	:ignorenologin:\
+	:datasize=infinity:\
+	:maxproc=infinity:\
+	:openfiles-cur=128:\
+	:stacksize-cur=8M:\
+	:localcipher=blowfish,9:\
+	:tc=default:
+
+#
+# Staff have fewer restrictions and can login even when nologins are set.
+#
+staff:\
+	:datasize-cur=512M:\
+	:datasize-max=infinity:\
+	:maxproc-max=512:\
+	:maxproc-cur=128:\
+	:ignorenologin:\
+	:requirehome@:\
+	:tc=default:
+
+#
+# Authpf accounts get a special motd and shell
+#
+authpf:\
+	:welcome=/etc/motd.authpf:\
+	:shell=/usr/sbin/authpf:\
+	:tc=default:
+
+#
+# Override resource limits for certain daemons started by rc.d(8)
+#
+bgpd:\
+	:openfiles-cur=512:\
+	:tc=daemon:

src/etc/etc.loongson/login.conf

@@ -0,0 +1,96 @@
+# $OpenBSD: login.conf,v 1.1 2014/03/26 20:17:01 tedu Exp $
+
+#
+# Sample login.conf file.  See login.conf(5) for details.
+#
+
+#
+# Standard authentication styles:
+#
+# krb5-or-pwd	First try Kerberos V password, then local password file
+# passwd	Use only the local password file
+# krb5		Use only the Kerberos V password
+# chpass	Do not authenticate, but change users password (change
+#		the YP password if the user has one, else change the
+#		local password)
+# lchpass	Do not login; change user's local password instead
+# radius	Use radius authentication
+# reject	Use rejected authentication
+# skey		Use S/Key authentication
+# activ		ActivCard X9.9 token authentication
+# crypto	CRYPTOCard X9.9 token authentication
+# snk		Digital Pathways SecureNet Key authentication
+# tis		TIS Firewall Toolkit authentication
+# token		Generic X9.9 token authentication
+# yubikey	YubiKey authentication
+#
+
+# Default allowed authentication styles
+auth-defaults:auth=passwd,skey:
+
+# Default allowed authentication styles for authentication type ftp
+auth-ftp-defaults:auth-ftp=passwd:
+
+#
+# The default values
+# To alter the default authentication types change the line:
+#	:tc=auth-defaults:\
+# to be read something like: (enables passwd, "myauth", and activ)
+#	:auth=passwd,myauth,activ:\
+# Any value changed in the daemon class should be reset in default
+# class.
+#
+default:\
+	:path=/usr/bin /bin /usr/sbin /sbin /usr/X11R6/bin /usr/local/bin /usr/local/sbin:\
+	:umask=022:\
+	:datasize-max=512M:\
+	:datasize-cur=512M:\
+	:maxproc-max=256:\
+	:maxproc-cur=128:\
+	:openfiles-cur=512:\
+	:stacksize-cur=4M:\
+	:localcipher=blowfish,8:\
+	:ypcipher=old:\
+	:tc=auth-defaults:\
+	:tc=auth-ftp-defaults:
+
+#
+# Settings used by /etc/rc and root
+# This must be set properly for daemons started as root by inetd as well.
+# Be sure reset these values back to system defaults in the default class!
+#
+daemon:\
+	:ignorenologin:\
+	:datasize=infinity:\
+	:maxproc=infinity:\
+	:openfiles-cur=128:\
+	:stacksize-cur=8M:\
+	:localcipher=blowfish,9:\
+	:tc=default:
+
+#
+# Staff have fewer restrictions and can login even when nologins are set.
+#
+staff:\
+	:datasize-cur=512M:\
+	:datasize-max=infinity:\
+	:maxproc-max=512:\
+	:maxproc-cur=128:\
+	:ignorenologin:\
+	:requirehome@:\
+	:tc=default:
+
+#
+# Authpf accounts get a special motd and shell
+#
+authpf:\
+	:welcome=/etc/motd.authpf:\
+	:shell=/usr/sbin/authpf:\
+	:tc=default:
+
+#
+# Override resource limits for certain daemons started by rc.d(8)
+#
+bgpd:\
+	:openfiles-cur=512:\
+	:tc=daemon:

src/etc/etc.luna88k/login.conf

@@ -0,0 +1,96 @@
+# $OpenBSD: login.conf,v 1.1 2014/03/26 20:17:01 tedu Exp $
+
+#
+# Sample login.conf file.  See login.conf(5) for details.
+#
+
+#
+# Standard authentication styles:
+#
+# krb5-or-pwd	First try Kerberos V password, then local password file
+# passwd	Use only the local password file
+# krb5		Use only the Kerberos V password
+# chpass	Do not authenticate, but change users password (change
+#		the YP password if the user has one, else change the
+#		local password)
+# lchpass	Do not login; change user's local password instead
+# radius	Use radius authentication
+# reject	Use rejected authentication
+# skey		Use S/Key authentication
+# activ		ActivCard X9.9 token authentication
+# crypto	CRYPTOCard X9.9 token authentication
+# snk		Digital Pathways SecureNet Key authentication
+# tis		TIS Firewall Toolkit authentication
+# token		Generic X9.9 token authentication
+# yubikey	YubiKey authentication
+#
+
+# Default allowed authentication styles
+auth-defaults:auth=passwd,skey:
+
+# Default allowed authentication styles for authentication type ftp
+auth-ftp-defaults:auth-ftp=passwd:
+
+#
+# The default values
+# To alter the default authentication types change the line:
+#	:tc=auth-defaults:\
+# to be read something like: (enables passwd, "myauth", and activ)
+#	:auth=passwd,myauth,activ:\
+# Any value changed in the daemon class should be reset in default
+# class.
+#
+default:\
+	:path=/usr/bin /bin /usr/sbin /sbin /usr/X11R6/bin /usr/local/bin /usr/local/sbin:\
+	:umask=022:\
+	:datasize-max=512M:\
+	:datasize-cur=512M:\
+	:maxproc-max=256:\
+	:maxproc-cur=128:\
+	:openfiles-cur=512:\
+	:stacksize-cur=4M:\
+	:localcipher=blowfish,8:\
+	:ypcipher=old:\
+	:tc=auth-defaults:\
+	:tc=auth-ftp-defaults:
+
+#
+# Settings used by /etc/rc and root
+# This must be set properly for daemons started as root by inetd as well.
+# Be sure reset these values back to system defaults in the default class!
+#
+daemon:\
+	:ignorenologin:\
+	:datasize=infinity:\
+	:maxproc=infinity:\
+	:openfiles-cur=128:\
+	:stacksize-cur=8M:\
+	:localcipher=blowfish,9:\
+	:tc=default:
+
+#
+# Staff have fewer restrictions and can login even when nologins are set.
+#
+staff:\
+	:datasize-cur=512M:\
+	:datasize-max=infinity:\
+	:maxproc-max=512:\
+	:maxproc-cur=128:\
+	:ignorenologin:\
+	:requirehome@:\
+	:tc=default:
+
+#
+# Authpf accounts get a special motd and shell
+#
+authpf:\
+	:welcome=/etc/motd.authpf:\
+	:shell=/usr/sbin/authpf:\
+	:tc=default:
+
+#
+# Override resource limits for certain daemons started by rc.d(8)
+#
+bgpd:\
+	:openfiles-cur=512:\
+	:tc=daemon:

src/etc/etc.macppc/login.conf

@@ -0,0 +1,96 @@
+# $OpenBSD: login.conf,v 1.1 2014/03/26 20:17:01 tedu Exp $
+
+#
+# Sample login.conf file.  See login.conf(5) for details.
+#
+
+#
+# Standard authentication styles:
+#
+# krb5-or-pwd	First try Kerberos V password, then local password file
+# passwd	Use only the local password file
+# krb5		Use only the Kerberos V password
+# chpass	Do not authenticate, but change users password (change
+#		the YP password if the user has one, else change the
+#		local password)
+# lchpass	Do not login; change user's local password instead
+# radius	Use radius authentication
+# reject	Use rejected authentication
+# skey		Use S/Key authentication
+# activ		ActivCard X9.9 token authentication
+# crypto	CRYPTOCard X9.9 token authentication
+# snk		Digital Pathways SecureNet Key authentication
+# tis		TIS Firewall Toolkit authentication
+# token		Generic X9.9 token authentication
+# yubikey	YubiKey authentication
+#
+
+# Default allowed authentication styles
+auth-defaults:auth=passwd,skey:
+
+# Default allowed authentication styles for authentication type ftp
+auth-ftp-defaults:auth-ftp=passwd:
+
+#
+# The default values
+# To alter the default authentication types change the line:
+#	:tc=auth-defaults:\
+# to be read something like: (enables passwd, "myauth", and activ)
+#	:auth=passwd,myauth,activ:\
+# Any value changed in the daemon class should be reset in default
+# class.
+#
+default:\
+	:path=/usr/bin /bin /usr/sbin /sbin /usr/X11R6/bin /usr/local/bin /usr/local/sbin:\
+	:umask=022:\
+	:datasize-max=512M:\
+	:datasize-cur=512M:\
+	:maxproc-max=256:\
+	:maxproc-cur=128:\
+	:openfiles-cur=512:\
+	:stacksize-cur=4M:\
+	:localcipher=blowfish,8:\
+	:ypcipher=old:\
+	:tc=auth-defaults:\
+	:tc=auth-ftp-defaults:
+
+#
+# Settings used by /etc/rc and root
+# This must be set properly for daemons started as root by inetd as well.
+# Be sure reset these values back to system defaults in the default class!
+#
+daemon:\
+	:ignorenologin:\
+	:datasize=infinity:\
+	:maxproc=infinity:\
+	:openfiles-cur=128:\
+	:stacksize-cur=8M:\
+	:localcipher=blowfish,9:\
+	:tc=default:
+
+#
+# Staff have fewer restrictions and can login even when nologins are set.
+#
+staff:\
+	:datasize-cur=512M:\
+	:datasize-max=infinity:\
+	:maxproc-max=512:\
+	:maxproc-cur=128:\
+	:ignorenologin:\
+	:requirehome@:\
+	:tc=default:
+
+#
+# Authpf accounts get a special motd and shell
+#
+authpf:\
+	:welcome=/etc/motd.authpf:\
+	:shell=/usr/sbin/authpf:\
+	:tc=default:
+
+#
+# Override resource limits for certain daemons started by rc.d(8)
+#
+bgpd:\
+	:openfiles-cur=512:\
+	:tc=daemon:

src/etc/etc.octeon/login.conf

@@ -0,0 +1,96 @@
+# $OpenBSD: login.conf,v 1.1 2014/03/26 20:17:01 tedu Exp $
+
+#
+# Sample login.conf file.  See login.conf(5) for details.
+#
+
+#
+# Standard authentication styles:
+#
+# krb5-or-pwd	First try Kerberos V password, then local password file
+# passwd	Use only the local password file
+# krb5		Use only the Kerberos V password
+# chpass	Do not authenticate, but change users password (change
+#		the YP password if the user has one, else change the
+#		local password)
+# lchpass	Do not login; change user's local password instead
+# radius	Use radius authentication
+# reject	Use rejected authentication
+# skey		Use S/Key authentication
+# activ		ActivCard X9.9 token authentication
+# crypto	CRYPTOCard X9.9 token authentication
+# snk		Digital Pathways SecureNet Key authentication
+# tis		TIS Firewall Toolkit authentication
+# token		Generic X9.9 token authentication
+# yubikey	YubiKey authentication
+#
+
+# Default allowed authentication styles
+auth-defaults:auth=passwd,skey:
+
+# Default allowed authentication styles for authentication type ftp
+auth-ftp-defaults:auth-ftp=passwd:
+
+#
+# The default values
+# To alter the default authentication types change the line:
+#	:tc=auth-defaults:\
+# to be read something like: (enables passwd, "myauth", and activ)
+#	:auth=passwd,myauth,activ:\
+# Any value changed in the daemon class should be reset in default
+# class.
+#
+default:\
+	:path=/usr/bin /bin /usr/sbin /sbin /usr/X11R6/bin /usr/local/bin /usr/local/sbin:\
+	:umask=022:\
+	:datasize-max=512M:\
+	:datasize-cur=512M:\
+	:maxproc-max=256:\
+	:maxproc-cur=128:\
+	:openfiles-cur=512:\
+	:stacksize-cur=4M:\
+	:localcipher=blowfish,8:\
+	:ypcipher=old:\
+	:tc=auth-defaults:\
+	:tc=auth-ftp-defaults:
+
+#
+# Settings used by /etc/rc and root
+# This must be set properly for daemons started as root by inetd as well.
+# Be sure reset these values back to system defaults in the default class!
+#
+daemon:\
+	:ignorenologin:\
+	:datasize=infinity:\
+	:maxproc=infinity:\
+	:openfiles-cur=128:\
+	:stacksize-cur=8M:\
+	:localcipher=blowfish,9:\
+	:tc=default:
+
+#
+# Staff have fewer restrictions and can login even when nologins are set.
+#
+staff:\
+	:datasize-cur=512M:\
+	:datasize-max=infinity:\
+	:maxproc-max=512:\
+	:maxproc-cur=128:\
+	:ignorenologin:\
+	:requirehome@:\
+	:tc=default:
+
+#
+# Authpf accounts get a special motd and shell
+#
+authpf:\
+	:welcome=/etc/motd.authpf:\
+	:shell=/usr/sbin/authpf:\
+	:tc=default:
+
+#
+# Override resource limits for certain daemons started by rc.d(8)
+#
+bgpd:\
+	:openfiles-cur=512:\
+	:tc=daemon:

src/etc/etc.sgi/login.conf

@@ -0,0 +1,96 @@
+# $OpenBSD: login.conf,v 1.1 2014/03/26 20:17:01 tedu Exp $
+
+#
+# Sample login.conf file.  See login.conf(5) for details.
+#
+
+#
+# Standard authentication styles:
+#
+# krb5-or-pwd	First try Kerberos V password, then local password file
+# passwd	Use only the local password file
+# krb5		Use only the Kerberos V password
+# chpass	Do not authenticate, but change users password (change
+#		the YP password if the user has one, else change the
+#		local password)
+# lchpass	Do not login; change user's local password instead
+# radius	Use radius authentication
+# reject	Use rejected authentication
+# skey		Use S/Key authentication
+# activ		ActivCard X9.9 token authentication
+# crypto	CRYPTOCard X9.9 token authentication
+# snk		Digital Pathways SecureNet Key authentication
+# tis		TIS Firewall Toolkit authentication
+# token		Generic X9.9 token authentication
+# yubikey	YubiKey authentication
+#
+
+# Default allowed authentication styles
+auth-defaults:auth=passwd,skey:
+
+# Default allowed authentication styles for authentication type ftp
+auth-ftp-defaults:auth-ftp=passwd:
+
+#
+# The default values
+# To alter the default authentication types change the line:
+#	:tc=auth-defaults:\
+# to be read something like: (enables passwd, "myauth", and activ)
+#	:auth=passwd,myauth,activ:\
+# Any value changed in the daemon class should be reset in default
+# class.
+#
+default:\
+	:path=/usr/bin /bin /usr/sbin /sbin /usr/X11R6/bin /usr/local/bin /usr/local/sbin:\
+	:umask=022:\
+	:datasize-max=512M:\
+	:datasize-cur=512M:\
+	:maxproc-max=256:\
+	:maxproc-cur=128:\
+	:openfiles-cur=512:\
+	:stacksize-cur=4M:\
+	:localcipher=blowfish,8:\
+	:ypcipher=old:\
+	:tc=auth-defaults:\
+	:tc=auth-ftp-defaults:
+
+#
+# Settings used by /etc/rc and root
+# This must be set properly for daemons started as root by inetd as well.
+# Be sure reset these values back to system defaults in the default class!
+#
+daemon:\
+	:ignorenologin:\
+	:datasize=infinity:\
+	:maxproc=infinity:\
+	:openfiles-cur=128:\
+	:stacksize-cur=8M:\
+	:localcipher=blowfish,9:\
+	:tc=default:
+
+#
+# Staff have fewer restrictions and can login even when nologins are set.
+#
+staff:\
+	:datasize-cur=512M:\
+	:datasize-max=infinity:\
+	:maxproc-max=512:\
+	:maxproc-cur=128:\
+	:ignorenologin:\
+	:requirehome@:\
+	:tc=default:
+
+#
+# Authpf accounts get a special motd and shell
+#
+authpf:\
+	:welcome=/etc/motd.authpf:\
+	:shell=/usr/sbin/authpf:\
+	:tc=default:
+
+#
+# Override resource limits for certain daemons started by rc.d(8)
+#
+bgpd:\
+	:openfiles-cur=512:\
+	:tc=daemon:

src/etc/etc.socppc/login.conf

@@ -0,0 +1,96 @@
+# $OpenBSD: login.conf,v 1.1 2014/03/26 20:17:01 tedu Exp $
+
+#
+# Sample login.conf file.  See login.conf(5) for details.
+#
+
+#
+# Standard authentication styles:
+#
+# krb5-or-pwd	First try Kerberos V password, then local password file
+# passwd	Use only the local password file
+# krb5		Use only the Kerberos V password
+# chpass	Do not authenticate, but change users password (change
+#		the YP password if the user has one, else change the
+#		local password)
+# lchpass	Do not login; change user's local password instead
+# radius	Use radius authentication
+# reject	Use rejected authentication
+# skey		Use S/Key authentication
+# activ		ActivCard X9.9 token authentication
+# crypto	CRYPTOCard X9.9 token authentication
+# snk		Digital Pathways SecureNet Key authentication
+# tis		TIS Firewall Toolkit authentication
+# token		Generic X9.9 token authentication
+# yubikey	YubiKey authentication
+#
+
+# Default allowed authentication styles
+auth-defaults:auth=passwd,skey:
+
+# Default allowed authentication styles for authentication type ftp
+auth-ftp-defaults:auth-ftp=passwd:
+
+#
+# The default values
+# To alter the default authentication types change the line:
+#	:tc=auth-defaults:\
+# to be read something like: (enables passwd, "myauth", and activ)
+#	:auth=passwd,myauth,activ:\
+# Any value changed in the daemon class should be reset in default
+# class.
+#
+default:\
+	:path=/usr/bin /bin /usr/sbin /sbin /usr/X11R6/bin /usr/local/bin /usr/local/sbin:\
+	:umask=022:\
+	:datasize-max=512M:\
+	:datasize-cur=512M:\
+	:maxproc-max=256:\
+	:maxproc-cur=128:\
+	:openfiles-cur=512:\
+	:stacksize-cur=4M:\
+	:localcipher=blowfish,8:\
+	:ypcipher=old:\
+	:tc=auth-defaults:\
+	:tc=auth-ftp-defaults:
+
+#
+# Settings used by /etc/rc and root
+# This must be set properly for daemons started as root by inetd as well.
+# Be sure reset these values back to system defaults in the default class!
+#
+daemon:\
+	:ignorenologin:\
+	:datasize=infinity:\
+	:maxproc=infinity:\
+	:openfiles-cur=128:\
+	:stacksize-cur=8M:\
+	:localcipher=blowfish,9:\
+	:tc=default:
+
+#
+# Staff have fewer restrictions and can login even when nologins are set.
+#
+staff:\
+	:datasize-cur=512M:\
+	:datasize-max=infinity:\
+	:maxproc-max=512:\
+	:maxproc-cur=128:\
+	:ignorenologin:\
+	:requirehome@:\
+	:tc=default:
+
+#
+# Authpf accounts get a special motd and shell
+#
+authpf:\
+	:welcome=/etc/motd.authpf:\
+	:shell=/usr/sbin/authpf:\
+	:tc=default:
+
+#
+# Override resource limits for certain daemons started by rc.d(8)
+#
+bgpd:\
+	:openfiles-cur=512:\
+	:tc=daemon:

src/etc/etc.sparc/login.conf

@@ -0,0 +1,96 @@
+# $OpenBSD: login.conf,v 1.1 2014/03/26 20:17:01 tedu Exp $
+
+#
+# Sample login.conf file.  See login.conf(5) for details.
+#
+
+#
+# Standard authentication styles:
+#
+# krb5-or-pwd	First try Kerberos V password, then local password file
+# passwd	Use only the local password file
+# krb5		Use only the Kerberos V password
+# chpass	Do not authenticate, but change users password (change
+#		the YP password if the user has one, else change the
+#		local password)
+# lchpass	Do not login; change user's local password instead
+# radius	Use radius authentication
+# reject	Use rejected authentication
+# skey		Use S/Key authentication
+# activ		ActivCard X9.9 token authentication
+# crypto	CRYPTOCard X9.9 token authentication
+# snk		Digital Pathways SecureNet Key authentication
+# tis		TIS Firewall Toolkit authentication
+# token		Generic X9.9 token authentication
+# yubikey	YubiKey authentication
+#
+
+# Default allowed authentication styles
+auth-defaults:auth=passwd,skey:
+
+# Default allowed authentication styles for authentication type ftp
+auth-ftp-defaults:auth-ftp=passwd:
+
+#
+# The default values
+# To alter the default authentication types change the line:
+#	:tc=auth-defaults:\
+# to be read something like: (enables passwd, "myauth", and activ)
+#	:auth=passwd,myauth,activ:\
+# Any value changed in the daemon class should be reset in default
+# class.
+#
+default:\
+	:path=/usr/bin /bin /usr/sbin /sbin /usr/X11R6/bin /usr/local/bin /usr/local/sbin:\
+	:umask=022:\
+	:datasize-max=512M:\
+	:datasize-cur=512M:\
+	:maxproc-max=256:\
+	:maxproc-cur=128:\
+	:openfiles-cur=512:\
+	:stacksize-cur=4M:\
+	:localcipher=blowfish,8:\
+	:ypcipher=old:\
+	:tc=auth-defaults:\
+	:tc=auth-ftp-defaults:
+
+#
+# Settings used by /etc/rc and root
+# This must be set properly for daemons started as root by inetd as well.
+# Be sure reset these values back to system defaults in the default class!
+#
+daemon:\
+	:ignorenologin:\
+	:datasize=infinity:\
+	:maxproc=infinity:\
+	:openfiles-cur=128:\
+	:stacksize-cur=8M:\
+	:localcipher=blowfish,9:\
+	:tc=default:
+
+#
+# Staff have fewer restrictions and can login even when nologins are set.
+#
+staff:\
+	:datasize-cur=512M:\
+	:datasize-max=infinity:\
+	:maxproc-max=512:\
+	:maxproc-cur=128:\
+	:ignorenologin:\
+	:requirehome@:\
+	:tc=default:
+
+#
+# Authpf accounts get a special motd and shell
+#
+authpf:\
+	:welcome=/etc/motd.authpf:\
+	:shell=/usr/sbin/authpf:\
+	:tc=default:
+
+#
+# Override resource limits for certain daemons started by rc.d(8)
+#
+bgpd:\
+	:openfiles-cur=512:\
+	:tc=daemon:

src/etc/etc.sparc64/login.conf

@@ -0,0 +1,96 @@
+# $OpenBSD: login.conf,v 1.1 2014/03/26 20:17:01 tedu Exp $
+
+#
+# Sample login.conf file.  See login.conf(5) for details.
+#
+
+#
+# Standard authentication styles:
+#
+# krb5-or-pwd	First try Kerberos V password, then local password file
+# passwd	Use only the local password file
+# krb5		Use only the Kerberos V password
+# chpass	Do not authenticate, but change users password (change
+#		the YP password if the user has one, else change the
+#		local password)
+# lchpass	Do not login; change user's local password instead
+# radius	Use radius authentication
+# reject	Use rejected authentication
+# skey		Use S/Key authentication
+# activ		ActivCard X9.9 token authentication
+# crypto	CRYPTOCard X9.9 token authentication
+# snk		Digital Pathways SecureNet Key authentication
+# tis		TIS Firewall Toolkit authentication
+# token		Generic X9.9 token authentication
+# yubikey	YubiKey authentication
+#
+
+# Default allowed authentication styles
+auth-defaults:auth=passwd,skey:
+
+# Default allowed authentication styles for authentication type ftp
+auth-ftp-defaults:auth-ftp=passwd:
+
+#
+# The default values
+# To alter the default authentication types change the line:
+#	:tc=auth-defaults:\
+# to be read something like: (enables passwd, "myauth", and activ)
+#	:auth=passwd,myauth,activ:\
+# Any value changed in the daemon class should be reset in default
+# class.
+#
+default:\
+	:path=/usr/bin /bin /usr/sbin /sbin /usr/X11R6/bin /usr/local/bin /usr/local/sbin:\
+	:umask=022:\
+	:datasize-max=512M:\
+	:datasize-cur=512M:\
+	:maxproc-max=256:\
+	:maxproc-cur=128:\
+	:openfiles-cur=512:\
+	:stacksize-cur=4M:\
+	:localcipher=blowfish,8:\
+	:ypcipher=old:\
+	:tc=auth-defaults:\
+	:tc=auth-ftp-defaults:
+
+#
+# Settings used by /etc/rc and root
+# This must be set properly for daemons started as root by inetd as well.
+# Be sure reset these values back to system defaults in the default class!
+#
+daemon:\
+	:ignorenologin:\
+	:datasize=infinity:\
+	:maxproc=infinity:\
+	:openfiles-cur=128:\
+	:stacksize-cur=8M:\
+	:localcipher=blowfish,9:\
+	:tc=default:
+
+#
+# Staff have fewer restrictions and can login even when nologins are set.
+#
+staff:\
+	:datasize-cur=512M:\
+	:datasize-max=infinity:\
+	:maxproc-max=512:\
+	:maxproc-cur=128:\
+	:ignorenologin:\
+	:requirehome@:\
+	:tc=default:
+
+#
+# Authpf accounts get a special motd and shell
+#
+authpf:\
+	:welcome=/etc/motd.authpf:\
+	:shell=/usr/sbin/authpf:\
+	:tc=default:
+
+#
+# Override resource limits for certain daemons started by rc.d(8)
+#
+bgpd:\
+	:openfiles-cur=512:\
+	:tc=daemon:

src/etc/etc.vax/login.conf

@@ -0,0 +1,96 @@
+# $OpenBSD: login.conf,v 1.1 2014/03/26 20:17:01 tedu Exp $
+
+#
+# Sample login.conf file.  See login.conf(5) for details.
+#
+
+#
+# Standard authentication styles:
+#
+# krb5-or-pwd	First try Kerberos V password, then local password file
+# passwd	Use only the local password file
+# krb5		Use only the Kerberos V password
+# chpass	Do not authenticate, but change users password (change
+#		the YP password if the user has one, else change the
+#		local password)
+# lchpass	Do not login; change user's local password instead
+# radius	Use radius authentication
+# reject	Use rejected authentication
+# skey		Use S/Key authentication
+# activ		ActivCard X9.9 token authentication
+# crypto	CRYPTOCard X9.9 token authentication
+# snk		Digital Pathways SecureNet Key authentication
+# tis		TIS Firewall Toolkit authentication
+# token		Generic X9.9 token authentication
+# yubikey	YubiKey authentication
+#
+
+# Default allowed authentication styles
+auth-defaults:auth=passwd,skey:
+
+# Default allowed authentication styles for authentication type ftp
+auth-ftp-defaults:auth-ftp=passwd:
+
+#
+# The default values
+# To alter the default authentication types change the line:
+#	:tc=auth-defaults:\
+# to be read something like: (enables passwd, "myauth", and activ)
+#	:auth=passwd,myauth,activ:\
+# Any value changed in the daemon class should be reset in default
+# class.
+#
+default:\
+	:path=/usr/bin /bin /usr/sbin /sbin /usr/X11R6/bin /usr/local/bin /usr/local/sbin:\
+	:umask=022:\
+	:datasize-max=512M:\
+	:datasize-cur=512M:\
+	:maxproc-max=256:\
+	:maxproc-cur=128:\
+	:openfiles-cur=512:\
+	:stacksize-cur=4M:\
+	:localcipher=blowfish,8:\
+	:ypcipher=old:\
+	:tc=auth-defaults:\
+	:tc=auth-ftp-defaults:
+
+#
+# Settings used by /etc/rc and root
+# This must be set properly for daemons started as root by inetd as well.
+# Be sure reset these values back to system defaults in the default class!
+#
+daemon:\
+	:ignorenologin:\
+	:datasize=infinity:\
+	:maxproc=infinity:\
+	:openfiles-cur=128:\
+	:stacksize-cur=8M:\
+	:localcipher=blowfish,9:\
+	:tc=default:
+
+#
+# Staff have fewer restrictions and can login even when nologins are set.
+#
+staff:\
+	:datasize-cur=512M:\
+	:datasize-max=infinity:\
+	:maxproc-max=512:\
+	:maxproc-cur=128:\
+	:ignorenologin:\
+	:requirehome@:\
+	:tc=default:
+
+#
+# Authpf accounts get a special motd and shell
+#
+authpf:\
+	:welcome=/etc/motd.authpf:\
+	:shell=/usr/sbin/authpf:\
+	:tc=default:
+
+#
+# Override resource limits for certain daemons started by rc.d(8)
+#
+bgpd:\
+	:openfiles-cur=512:\
+	:tc=daemon:

src/etc/etc.zaurus/login.conf

@@ -0,0 +1,96 @@
+# $OpenBSD: login.conf,v 1.1 2014/03/26 20:17:01 tedu Exp $
+
+#
+# Sample login.conf file.  See login.conf(5) for details.
+#
+
+#
+# Standard authentication styles:
+#
+# krb5-or-pwd	First try Kerberos V password, then local password file
+# passwd	Use only the local password file
+# krb5		Use only the Kerberos V password
+# chpass	Do not authenticate, but change users password (change
+#		the YP password if the user has one, else change the
+#		local password)
+# lchpass	Do not login; change user's local password instead
+# radius	Use radius authentication
+# reject	Use rejected authentication
+# skey		Use S/Key authentication
+# activ		ActivCard X9.9 token authentication
+# crypto	CRYPTOCard X9.9 token authentication
+# snk		Digital Pathways SecureNet Key authentication
+# tis		TIS Firewall Toolkit authentication
+# token		Generic X9.9 token authentication
+# yubikey	YubiKey authentication
+#
+
+# Default allowed authentication styles
+auth-defaults:auth=passwd,skey:
+
+# Default allowed authentication styles for authentication type ftp
+auth-ftp-defaults:auth-ftp=passwd:
+
+#
+# The default values
+# To alter the default authentication types change the line:
+#	:tc=auth-defaults:\
+# to be read something like: (enables passwd, "myauth", and activ)
+#	:auth=passwd,myauth,activ:\
+# Any value changed in the daemon class should be reset in default
+# class.
+#
+default:\
+	:path=/usr/bin /bin /usr/sbin /sbin /usr/X11R6/bin /usr/local/bin /usr/local/sbin:\
+	:umask=022:\
+	:datasize-max=512M:\
+	:datasize-cur=512M:\
+	:maxproc-max=256:\
+	:maxproc-cur=128:\
+	:openfiles-cur=512:\
+	:stacksize-cur=4M:\
+	:localcipher=blowfish,8:\
+	:ypcipher=old:\
+	:tc=auth-defaults:\
+	:tc=auth-ftp-defaults:
+
+#
+# Settings used by /etc/rc and root
+# This must be set properly for daemons started as root by inetd as well.
+# Be sure reset these values back to system defaults in the default class!
+#
+daemon:\
+	:ignorenologin:\
+	:datasize=infinity:\
+	:maxproc=infinity:\
+	:openfiles-cur=128:\
+	:stacksize-cur=8M:\
+	:localcipher=blowfish,9:\
+	:tc=default:
+
+#
+# Staff have fewer restrictions and can login even when nologins are set.
+#
+staff:\
+	:datasize-cur=512M:\
+	:datasize-max=infinity:\
+	:maxproc-max=512:\
+	:maxproc-cur=128:\
+	:ignorenologin:\
+	:requirehome@:\
+	:tc=default:
+
+#
+# Authpf accounts get a special motd and shell
+#
+authpf:\
+	:welcome=/etc/motd.authpf:\
+	:shell=/usr/sbin/authpf:\
+	:tc=default:
+
+#
+# Override resource limits for certain daemons started by rc.d(8)
+#
+bgpd:\
+	:openfiles-cur=512:\
+	:tc=daemon:

src/etc/mklogin.conf

@@ -1,40 +0,0 @@
-#!/usr/bin/awk -f
-#
-# Generates a login.conf file from login.conf.in and an optional
-# file containing overrides.
-#
-# Usage: mklogin.conf [overrides_file] < login.conf.in > login.conf.out
-#
-# $OpenBSD: mklogin.conf,v 1.8 2014/03/19 04:04:25 tedu Exp $
-
-BEGIN {
-	# Default substitutions
-	values["DEF_DATASIZE_MAX"]="512M"
-	values["DEF_DATASIZE_CUR"]="512M"
-	values["DEF_MAXPROC_MAX"]="256"
-	values["DEF_MAXPROC_CUR"]="128"
-	values["DEF_OPENFILES_CUR"]="512"
-	values["STAFF_DATASIZE_MAX"]="infinity"
-	values["STAFF_DATASIZE_CUR"]="512M"
-	values["STAFF_MAXPROC_MAX"]="512"
-	values["STAFF_MAXPROC_CUR"]="128"
-	values["STAFF_OPENFILES_CUR"]="512"
-	values["DEF_BLOWFISH_RNDS"]="8"
-	values["ROOT_BLOWFISH_RNDS"]="9"
-
-	# Optional overrides
-	if (ARGC > 1) {
-		while (getline override < ARGV[1]) {
-			split(override, ov)
-			values[ov[1] ""]=ov[2] ""
-		}
-		ARGC--
-	}
-}
-
-# Read in login.conf template, do substitutions and output the result
-{
-	for (key in values)
-		gsub("@" key "@", values[key], $0)
-	print $0
-}