Hi, Yar Tikhiy wrote: > yar 2007-06-17 17:25:53 UTC > > FreeBSD src repository > > Modified files: > etc/pam.d Makefile > usr.sbin/cron/cron Makefile cron.8 cron.h database.c > do_command.c > usr.sbin/cron/lib Makefile entry.c > Added files: > etc/pam.d cron > Log: > Add PAM support to cron(8). Now cron(8) will skip commands scheduled > by unavailable accounts, e.g., those locked, expired, not allowed in at > the moment by nologin(5), or whatever, depending on cron's pam.conf(5). > This applies to personal crontabs only, /etc/crontab is unaffected.
This will silently break a lot of ports, for instance mail/mailman, which creates nologin(5) users with crontab entry. Can we for now (because we are near a new release) try not disabling nologin(5) users, and discuss a better solution? A possible alternative is to make a pam_ftpusers(8) alike PAM module which is marked as "sufficient" and explicitly pass /var/cron/allow users (especially ports) to override the policy. Cheers, -- Xin LI <[EMAIL PROTECTED]> http://www.delphij.net/ FreeBSD - The Power to Serve!
signature.asc
Description: OpenPGP digital signature
