rooty/yubico-pam
1
0
Fork 0
mirror of https://github.com/Yubico/yubico-pam.git synced 2024-11-29 00:24:11 +01:00
Code Issues Projects Releases Wiki Activity
755 Commits 19 Branches 44 Tags 1.2 MiB
027f5950d8
Commit Graph

113 Commits

Author SHA1 Message Date
Stephen Gelman
1c693f562c Add always_prompt configuration option to skip initial check for YubiKey 
As raised in #174, ldap_bind_as_user cannot be used if this module is
set to get YubiKey+OTP because the initial ldap lookup fails (since the
password is not set yet).  `always_prompt` will stil the initial lookup,
meaning that the user will be given the chance to enter their password.
 2019-01-08 04:51:13 +00:00
Stephen Gelman
c8c76fbf4c Add support for LDAP client certificate authentication 
This adds support for using a client cert/key to authenticate to an LDAP
server.  It is separate from binding with a username and password and
can either be used alongside it or with an anonymous bind to the server.
 2018-11-12 18:28:56 +00:00
Stephen Gelman
fc2dc1a025 Add STARTTLS support for LDAP 
This allows connecting to LDAP servers that only listen on port 389 but
use STARTTLS to get a TLS connection
 2018-11-12 18:28:56 +00:00
Stephen Gelman
8512e5cee8 Add ldap_bind_as_user support 
This allows using the authenticating user's username and password to
bind to the LDAP server.  This is desirable because it allows for
looking up the yubikey attributes without needing to create a service
account.
 2018-11-12 18:28:50 +00:00
Tero Paloheimo
2af4dafb55 Add man page building dependencies to README 
Some further packages are needed to build the man page so I added them
to the README to other users who are building from source.
 2018-10-27 13:57:04 +03:00
Klas Lindfors
b72fa76113
Merge branch 'pr-156' 2018-05-18 11:47:18 +02:00
Klas Lindfors
3339cd2864
add note about physical security. 2018-05-16 09:13:50 +02:00
Karol Babioch
b9aaee97ab Remove double space after periods 2018-05-04 10:45:52 +02:00
Karol Babioch
320f487265 Spell YubiKey consistently 
This makes sure that YubiKey is spelled consistently throughout the project,
since it was spelled in many different ways beforehand.
 2018-05-03 10:59:44 +02:00
Karol Babioch
4427abb932 README: Add Travis build status 
This adds a Travis build status badge to the README file, so the current
status can be seen on the GitHub page instantly.
 2018-05-02 15:39:02 +02:00
Klas Lindfors
b86e9a2b42
Merge branch 'pr-151' 2018-05-02 14:04:32 +02:00
Klas Lindfors
0c616bc065
Merge branch 'pr-150' 2018-05-02 14:04:27 +02:00
Karol Babioch
5ad10385df README: Add missing descriptions for undocumented options 2018-05-02 14:01:17 +02:00
Karol Babioch
35407b5d4c Add documentation for cainfo option 
This adds documentation about the cainfo parameter to both the README as
well as the man page.
 2018-05-02 13:48:32 +02:00
Karol Babioch
44e315cdd8 README: Add a section about chalresp_path 
This adds a short section about the chalresp_path option, which was missing
previously from the overview of available options in the README file.
 2018-05-02 13:36:18 +02:00
Klas Lindfors
f567af6e41
Drop the blurb about rewriting of this project 2018-04-18 09:05:23 +02:00
Robert Giles
504c838b5a Update ldap_bind_user to wrap in brackets, in the likely case the actually bind DN will reside in an OU with spaces in the name. 2017-12-14 11:51:20 -06:00
Robert Giles
c1995a70b7 Typo in asciidoc syntax. 2017-12-14 10:06:19 -06:00
Robert Giles
c0d1646853 Clarify documentation; this example configuration is also useful for just regular pam_yubico configuration elsewhere against AD, too. 2017-12-14 10:04:48 -06:00
Klas Lindfors
3d0d9f52e5
doc: fixup which proxy schemes are supported, add http and https 
fixes #127
 2017-08-07 12:39:58 +02:00
Alessio Di Mauro
f3061d627e
Add message about project rewrite to README 2017-06-16 11:20:04 +02:00
Mickaël Thomas
7b6aad719a Return early if the user has no authorized tokens 
Currently, if a user has no associated tokens, we still prompt for an
OTP challenge and attempt to verify it.

This adds a check earlier to avoid the useless prompt in that case.

The `nullok` option is also added. It changes the return value from
PAM_USER_UNKNOWN to PAM_IGNORE. (fixes #97)

Finally, some constants have been turned to symbolic form for clarity
and debugging output is improved.
 2017-02-27 00:21:07 +01:00
Klas Lindfors
afb575a092
drop reference to dead google groups 
fixes #106
 2016-09-08 10:38:24 +02:00
Klas Lindfors
174b09e298 let debug_accept stdout. also check that file exists and is regular 2016-06-22 10:19:53 +02:00
Klas Lindfors
0c079febe2 documentation for debug_file option 2016-06-16 12:35:30 +02:00
Klas Lindfors
b7e7da494a verbose_otp can not be used with OpenSSH 
fixes #25
 2016-03-29 11:09:58 +02:00
mikemn
e231b8217c Update Readme with proxy parameter description 2015-11-16 09:07:49 +01:00
Klas Lindfors
c97dac4bd9 remove forgotten references to wiki 
There is no wiki for this project, that information is either in the doc
folder or in the project manpages. Both of which accessible from
https://developers.yubico.com/yubico-pam/

fixes #81
 2015-10-05 10:07:56 +02:00
Klas Lindfors
8d93297619 fix typo 2015-03-17 09:32:50 +01:00
Klas Lindfors
2708fc90b5 fix the git url again 
fixes #54
 2015-03-13 21:20:28 +01:00
Remco Wendt
d7d1bbfb1a fixed typo 2015-03-06 20:07:19 +01:00
Remco Wendt
70540bd02d Clarified the notion of id when using the pam_yubico module 2015-03-06 20:05:52 +01:00
Klas Lindfors
8241cd0423 Merge branch 'feature/ldap_refactor' 
Conflicts:
	pam_yubico.c
 2015-03-04 14:40:57 +01:00
Klas Lindfors
951d02252d use ldap_bind_user and ldap_bind_password in example 2015-03-04 13:08:30 +01:00
Klas Lindfors
8dc05e338e reference github with https, not git@ 
fixes #54
 2015-02-20 22:34:53 +01:00
Klas Lindfors
f579f256c0 Merge commit 'aa87979eb84adb3adef170dac6ff2285ba43cd26' into features/ldap 
Conflicts:
	README
 2015-02-16 09:03:45 +01:00
Klas Lindfors
bee24b3672 add notice about tests requiring perl and Net::LDAP::Server 2015-01-20 09:19:53 +01:00
Henrik Stråth
b37463491e Update README 2014-12-01 15:04:11 +01:00
Meno Abels
aa87979eb8 integrate https://github.com/Yubico/yubico-pam/pull/39/files 2014-11-20 23:59:36 +01:00
Meno Abels
37553c41ce enable that openvpn can now run without any local user 2014-11-20 23:22:59 +01:00
Henrik Stråth
b0e243835e Update README 2014-10-31 16:42:03 +01:00
Henrik Stråth
7c9acb1786 Update README 2014-10-29 16:04:11 +01:00
Henrik Stråth
721c20573d Update README 2014-10-29 15:29:10 +01:00
Henrik Stråth
f9c8418c81 Update README 2014-10-29 15:10:14 +01:00
Henrik Stråth
a8723663e5 Update README 2014-10-29 14:58:32 +01:00
Henrik Stråth
acaf01ba0d Update README 2014-10-29 14:57:34 +01:00
Henrik Stråth
6ddea6426d Update README 2014-10-29 14:55:40 +01:00
Henrik Stråth
305b583f23 Update README 2014-10-29 14:46:11 +01:00
Klas Lindfors
5744fdbc15 asciidoc is needed to build from git 2014-06-11 16:15:11 +02:00
Klas Lindfors
164296af28 add urllist to README 2014-04-30 13:40:10 +02:00