- add LDAP

- capitalise RADIUS when referring to the protocol
- remove tis

from raf czlonka
ok sthen ajacoutot

16 files changed, 53 insertions, 48 deletions

diff --git a/etc/etc.alpha/login.conf b/etc/etc.alpha/login.conf
index 9c8776e1dd3..a05581284cd 100644
--- a/etc/etc.alpha/login.conf
+++ b/etc/etc.alpha/login.conf
@@ -1,4 +1,4 @@
-# $OpenBSD: login.conf,v 1.10 2021/04/25 16:36:56 mortimer Exp $
+# $OpenBSD: login.conf,v 1.11 2022/01/04 13:43:14 jmc Exp $
 
 #
 # Sample login.conf file.  See login.conf(5) for details.
@@ -12,13 +12,13 @@
 #		the YP password if the user has one, else change the
 #		local password)
 # lchpass	Do not login; change user's local password instead
-# radius	Use radius authentication
+# ldap		Use LDAP authentication
+# radius	Use RADIUS authentication
 # reject	Use rejected authentication
 # skey		Use S/Key authentication
 # activ		ActivCard X9.9 token authentication
 # crypto	CRYPTOCard X9.9 token authentication
 # snk		Digital Pathways SecureNet Key authentication
-# tis		TIS Firewall Toolkit authentication
 # token		Generic X9.9 token authentication
 # yubikey	YubiKey authentication
 #
diff --git a/etc/etc.amd64/login.conf b/etc/etc.amd64/login.conf
index edb9421811c..6dcadd06206 100644
--- a/etc/etc.amd64/login.conf
+++ b/etc/etc.amd64/login.conf
@@ -1,4 +1,4 @@
-# $OpenBSD: login.conf,v 1.20 2021/11/12 15:40:19 ajacoutot Exp $
+# $OpenBSD: login.conf,v 1.21 2022/01/04 13:43:14 jmc Exp $
 
 #
 # Sample login.conf file.  See login.conf(5) for details.
@@ -12,13 +12,13 @@
 #		the YP password if the user has one, else change the
 #		local password)
 # lchpass	Do not login; change user's local password instead
-# radius	Use radius authentication
+# ldap		Use LDAP authentication
+# radius	Use RADIUS authentication
 # reject	Use rejected authentication
 # skey		Use S/Key authentication
 # activ		ActivCard X9.9 token authentication
 # crypto	CRYPTOCard X9.9 token authentication
 # snk		Digital Pathways SecureNet Key authentication
-# tis		TIS Firewall Toolkit authentication
 # token		Generic X9.9 token authentication
 # yubikey	YubiKey authentication
 #
diff --git a/etc/etc.arm64/login.conf b/etc/etc.arm64/login.conf
index 28d1b6eca42..1b7ea299369 100644
--- a/etc/etc.arm64/login.conf
+++ b/etc/etc.arm64/login.conf
@@ -1,4 +1,4 @@
-# $OpenBSD: login.conf,v 1.11 2021/11/12 15:40:20 ajacoutot Exp $
+# $OpenBSD: login.conf,v 1.12 2022/01/04 13:43:14 jmc Exp $
 
 #
 # Sample login.conf file.  See login.conf(5) for details.
@@ -12,13 +12,13 @@
 #		the YP password if the user has one, else change the
 #		local password)
 # lchpass	Do not login; change user's local password instead
-# radius	Use radius authentication
+# ldap		Use LDAP authentication
+# radius	Use RADIUS authentication
 # reject	Use rejected authentication
 # skey		Use S/Key authentication
 # activ		ActivCard X9.9 token authentication
 # crypto	CRYPTOCard X9.9 token authentication
 # snk		Digital Pathways SecureNet Key authentication
-# tis		TIS Firewall Toolkit authentication
 # token		Generic X9.9 token authentication
 # yubikey	YubiKey authentication
 #
diff --git a/etc/etc.armv7/login.conf b/etc/etc.armv7/login.conf
index 124a70eda6f..29066c4fb96 100644
--- a/etc/etc.armv7/login.conf
+++ b/etc/etc.armv7/login.conf
@@ -1,4 +1,4 @@
-# $OpenBSD: login.conf,v 1.11 2021/04/25 16:36:56 mortimer Exp $
+# $OpenBSD: login.conf,v 1.12 2022/01/04 13:43:14 jmc Exp $
 
 #
 # Sample login.conf file.  See login.conf(5) for details.
@@ -12,13 +12,13 @@
 #		the YP password if the user has one, else change the
 #		local password)
 # lchpass	Do not login; change user's local password instead
-# radius	Use radius authentication
+# ldap		Use LDAP authentication
+# radius	Use RADIUS authentication
 # reject	Use rejected authentication
 # skey		Use S/Key authentication
 # activ		ActivCard X9.9 token authentication
 # crypto	CRYPTOCard X9.9 token authentication
 # snk		Digital Pathways SecureNet Key authentication
-# tis		TIS Firewall Toolkit authentication
 # token		Generic X9.9 token authentication
 # yubikey	YubiKey authentication
 #
diff --git a/etc/etc.hppa/login.conf b/etc/etc.hppa/login.conf
index 7a4eb84a719..2e09c5ea729 100644
--- a/etc/etc.hppa/login.conf
+++ b/etc/etc.hppa/login.conf
@@ -1,4 +1,4 @@
-# $OpenBSD: login.conf,v 1.12 2021/04/25 16:36:56 mortimer Exp $
+# $OpenBSD: login.conf,v 1.13 2022/01/04 13:43:14 jmc Exp $
 
 #
 # Sample login.conf file.  See login.conf(5) for details.
@@ -12,13 +12,13 @@
 #		the YP password if the user has one, else change the
 #		local password)
 # lchpass	Do not login; change user's local password instead
-# radius	Use radius authentication
+# ldap		Use LDAP authentication
+# radius	Use RADIUS authentication
 # reject	Use rejected authentication
 # skey		Use S/Key authentication
 # activ		ActivCard X9.9 token authentication
 # crypto	CRYPTOCard X9.9 token authentication
 # snk		Digital Pathways SecureNet Key authentication
-# tis		TIS Firewall Toolkit authentication
 # token		Generic X9.9 token authentication
 # yubikey	YubiKey authentication
 #
diff --git a/etc/etc.i386/login.conf b/etc/etc.i386/login.conf
index ba5e2e40f2d..114a401000b 100644
--- a/etc/etc.i386/login.conf
+++ b/etc/etc.i386/login.conf
@@ -1,4 +1,4 @@
-# $OpenBSD: login.conf,v 1.14 2021/11/12 15:40:20 ajacoutot Exp $
+# $OpenBSD: login.conf,v 1.15 2022/01/04 13:43:14 jmc Exp $
 
 #
 # Sample login.conf file.  See login.conf(5) for details.
@@ -12,13 +12,13 @@
 #		the YP password if the user has one, else change the
 #		local password)
 # lchpass	Do not login; change user's local password instead
-# radius	Use radius authentication
+# ldap		Use LDAP authentication
+# radius	Use RADIUS authentication
 # reject	Use rejected authentication
 # skey		Use S/Key authentication
 # activ		ActivCard X9.9 token authentication
 # crypto	CRYPTOCard X9.9 token authentication
 # snk		Digital Pathways SecureNet Key authentication
-# tis		TIS Firewall Toolkit authentication
 # token		Generic X9.9 token authentication
 # yubikey	YubiKey authentication
 #
diff --git a/etc/etc.landisk/login.conf b/etc/etc.landisk/login.conf
index 9c8776e1dd3..a05581284cd 100644
--- a/etc/etc.landisk/login.conf
+++ b/etc/etc.landisk/login.conf
@@ -1,4 +1,4 @@
-# $OpenBSD: login.conf,v 1.10 2021/04/25 16:36:56 mortimer Exp $
+# $OpenBSD: login.conf,v 1.11 2022/01/04 13:43:14 jmc Exp $
 
 #
 # Sample login.conf file.  See login.conf(5) for details.
@@ -12,13 +12,13 @@
 #		the YP password if the user has one, else change the
 #		local password)
 # lchpass	Do not login; change user's local password instead
-# radius	Use radius authentication
+# ldap		Use LDAP authentication
+# radius	Use RADIUS authentication
 # reject	Use rejected authentication
 # skey		Use S/Key authentication
 # activ		ActivCard X9.9 token authentication
 # crypto	CRYPTOCard X9.9 token authentication
 # snk		Digital Pathways SecureNet Key authentication
-# tis		TIS Firewall Toolkit authentication
 # token		Generic X9.9 token authentication
 # yubikey	YubiKey authentication
 #
diff --git a/etc/etc.loongson/login.conf b/etc/etc.loongson/login.conf
index b935b0b1a74..5396087e95b 100644
--- a/etc/etc.loongson/login.conf
+++ b/etc/etc.loongson/login.conf
@@ -1,4 +1,4 @@
-# $OpenBSD: login.conf,v 1.15 2021/04/25 16:36:56 mortimer Exp $
+# $OpenBSD: login.conf,v 1.16 2022/01/04 13:43:14 jmc Exp $
 
 #
 # Sample login.conf file.  See login.conf(5) for details.
@@ -12,13 +12,13 @@
 #		the YP password if the user has one, else change the
 #		local password)
 # lchpass	Do not login; change user's local password instead
-# radius	Use radius authentication
+# ldap		Use LDAP authentication
+# radius	Use RADIUS authentication
 # reject	Use rejected authentication
 # skey		Use S/Key authentication
 # activ		ActivCard X9.9 token authentication
 # crypto	CRYPTOCard X9.9 token authentication
 # snk		Digital Pathways SecureNet Key authentication
-# tis		TIS Firewall Toolkit authentication
 # token		Generic X9.9 token authentication
 # yubikey	YubiKey authentication
 #
diff --git a/etc/etc.luna88k/login.conf b/etc/etc.luna88k/login.conf
index 9c8776e1dd3..a05581284cd 100644
--- a/etc/etc.luna88k/login.conf
+++ b/etc/etc.luna88k/login.conf
@@ -1,4 +1,4 @@
-# $OpenBSD: login.conf,v 1.10 2021/04/25 16:36:56 mortimer Exp $
+# $OpenBSD: login.conf,v 1.11 2022/01/04 13:43:14 jmc Exp $
 
 #
 # Sample login.conf file.  See login.conf(5) for details.
@@ -12,13 +12,13 @@
 #		the YP password if the user has one, else change the
 #		local password)
 # lchpass	Do not login; change user's local password instead
-# radius	Use radius authentication
+# ldap		Use LDAP authentication
+# radius	Use RADIUS authentication
 # reject	Use rejected authentication
 # skey		Use S/Key authentication
 # activ		ActivCard X9.9 token authentication
 # crypto	CRYPTOCard X9.9 token authentication
 # snk		Digital Pathways SecureNet Key authentication
-# tis		TIS Firewall Toolkit authentication
 # token		Generic X9.9 token authentication
 # yubikey	YubiKey authentication
 #
diff --git a/etc/etc.macppc/login.conf b/etc/etc.macppc/login.conf
index cc5c2485cdf..fa8e58fcfb7 100644
--- a/etc/etc.macppc/login.conf
+++ b/etc/etc.macppc/login.conf
@@ -1,4 +1,4 @@
-# $OpenBSD: login.conf,v 1.16 2021/09/19 18:49:09 cwen Exp $
+# $OpenBSD: login.conf,v 1.17 2022/01/04 13:43:14 jmc Exp $
 
 #
 # Sample login.conf file.  See login.conf(5) for details.
@@ -12,13 +12,13 @@
 #		the YP password if the user has one, else change the
 #		local password)
 # lchpass	Do not login; change user's local password instead
-# radius	Use radius authentication
+# ldap		Use LDAP authentication
+# radius	Use RADIUS authentication
 # reject	Use rejected authentication
 # skey		Use S/Key authentication
 # activ		ActivCard X9.9 token authentication
 # crypto	CRYPTOCard X9.9 token authentication
 # snk		Digital Pathways SecureNet Key authentication
-# tis		TIS Firewall Toolkit authentication
 # token		Generic X9.9 token authentication
 # yubikey	YubiKey authentication
 #
diff --git a/etc/etc.octeon/login.conf b/etc/etc.octeon/login.conf
index f94778573de..800ef6f7049 100644
--- a/etc/etc.octeon/login.conf
+++ b/etc/etc.octeon/login.conf
@@ -1,4 +1,4 @@
-# $OpenBSD: login.conf,v 1.13 2021/04/25 16:36:57 mortimer Exp $
+# $OpenBSD: login.conf,v 1.14 2022/01/04 13:43:14 jmc Exp $
 
 #
 # Sample login.conf file.  See login.conf(5) for details.
@@ -12,13 +12,13 @@
 #		the YP password if the user has one, else change the
 #		local password)
 # lchpass	Do not login; change user's local password instead
-# radius	Use radius authentication
+# ldap		Use LDAP authentication
+# radius	Use RADIUS authentication
 # reject	Use rejected authentication
 # skey		Use S/Key authentication
 # activ		ActivCard X9.9 token authentication
 # crypto	CRYPTOCard X9.9 token authentication
 # snk		Digital Pathways SecureNet Key authentication
-# tis		TIS Firewall Toolkit authentication
 # token		Generic X9.9 token authentication
 # yubikey	YubiKey authentication
 #
diff --git a/etc/etc.powerpc64/login.conf b/etc/etc.powerpc64/login.conf
index 6e863c9bddf..4811f6248f9 100644
--- a/etc/etc.powerpc64/login.conf
+++ b/etc/etc.powerpc64/login.conf
@@ -1,4 +1,4 @@
-# $OpenBSD: login.conf,v 1.4 2021/04/25 16:36:57 mortimer Exp $
+# $OpenBSD: login.conf,v 1.5 2022/01/04 13:43:14 jmc Exp $
 
 #
 # Sample login.conf file.  See login.conf(5) for details.
@@ -12,13 +12,13 @@
 #		the YP password if the user has one, else change the
 #		local password)
 # lchpass	Do not login; change user's local password instead
-# radius	Use radius authentication
+# ldap		Use LDAP authentication
+# radius	Use RADIUS authentication
 # reject	Use rejected authentication
 # skey		Use S/Key authentication
 # activ		ActivCard X9.9 token authentication
 # crypto	CRYPTOCard X9.9 token authentication
 # snk		Digital Pathways SecureNet Key authentication
-# tis		TIS Firewall Toolkit authentication
 # token		Generic X9.9 token authentication
 # yubikey	YubiKey authentication
 #
diff --git a/etc/etc.riscv64/login.conf b/etc/etc.riscv64/login.conf
index 18a98adf5e2..f1f6ec5f001 100644
--- a/etc/etc.riscv64/login.conf
+++ b/etc/etc.riscv64/login.conf
@@ -1,4 +1,4 @@
-# $OpenBSD: login.conf,v 1.2 2021/11/12 15:40:20 ajacoutot Exp $
+# $OpenBSD: login.conf,v 1.3 2022/01/04 13:43:14 jmc Exp $
 
 #
 # Sample login.conf file.  See login.conf(5) for details.
@@ -12,13 +12,13 @@
 #		the YP password if the user has one, else change the
 #		local password)
 # lchpass	Do not login; change user's local password instead
-# radius	Use radius authentication
+# ldap		Use LDAP authentication
+# radius	Use RADIUS authentication
 # reject	Use rejected authentication
 # skey		Use S/Key authentication
 # activ		ActivCard X9.9 token authentication
 # crypto	CRYPTOCard X9.9 token authentication
 # snk		Digital Pathways SecureNet Key authentication
-# tis		TIS Firewall Toolkit authentication
 # token		Generic X9.9 token authentication
 # yubikey	YubiKey authentication
 #
diff --git a/etc/etc.sparc64/login.conf b/etc/etc.sparc64/login.conf
index bb9c527919c..76efe7716f7 100644
--- a/etc/etc.sparc64/login.conf
+++ b/etc/etc.sparc64/login.conf
@@ -1,4 +1,4 @@
-# $OpenBSD: login.conf,v 1.17 2021/11/12 15:40:20 ajacoutot Exp $
+# $OpenBSD: login.conf,v 1.18 2022/01/04 13:43:14 jmc Exp $
 
 #
 # Sample login.conf file.  See login.conf(5) for details.
@@ -12,13 +12,13 @@
 #		the YP password if the user has one, else change the
 #		local password)
 # lchpass	Do not login; change user's local password instead
-# radius	Use radius authentication
+# ldap		Use LDAP authentication
+# radius	Use RADIUS authentication
 # reject	Use rejected authentication
 # skey		Use S/Key authentication
 # activ		ActivCard X9.9 token authentication
 # crypto	CRYPTOCard X9.9 token authentication
 # snk		Digital Pathways SecureNet Key authentication
-# tis		TIS Firewall Toolkit authentication
 # token		Generic X9.9 token authentication
 # yubikey	YubiKey authentication
 #
diff --git a/libexec/login_radius/login_radius.8 b/libexec/login_radius/login_radius.8
index b83f49e7cb3..d61cc73c98a 100644
--- a/libexec/login_radius/login_radius.8
+++ b/libexec/login_radius/login_radius.8
@@ -1,4 +1,4 @@
-.\" $OpenBSD: login_radius.8,v 1.14 2015/10/02 13:50:17 sthen Exp $
+.\" $OpenBSD: login_radius.8,v 1.15 2022/01/04 13:43:14 jmc Exp $
 .\"
 .\" Copyright (c) 1996 Berkeley Software Design, Inc. All rights reserved.
 .\"
@@ -32,7 +32,7 @@
 .\"
 .\"	BSDI $From: login_radius.8,v 1.2 1996/11/11 18:42:02 prb Exp $
 .\"
-.Dd $Mdocdate: October 2 2015 $
+.Dd $Mdocdate: January 4 2022 $
 .Dt LOGIN_RADIUS 8
 .Os
 .Sh NAME
@@ -94,7 +94,7 @@ It is expected that rather than requesting the RADIUS style directly
 .Nm
 will be linked to the various mechanisms desired.
 For instance, to have all CRYPTOCard and ActivCard authentication take
-place on a remote server via the radius protocol, remove the
+place on a remote server via the RADIUS protocol, remove the
 .Pa login_activ
 and
 .Pa login_crypto
diff --git a/share/man/man5/login.conf.5 b/share/man/man5/login.conf.5
index e45c2984e06..da935fa223e 100644
--- a/share/man/man5/login.conf.5
+++ b/share/man/man5/login.conf.5
@@ -30,10 +30,10 @@
 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 .\" SUCH DAMAGE.
 .\"
-.\" $OpenBSD: login.conf.5,v 1.66 2019/09/02 21:18:41 deraadt Exp $
+.\" $OpenBSD: login.conf.5,v 1.67 2022/01/04 13:43:14 jmc Exp $
 .\" BSDI $From: login.conf.5,v 2.20 2000/06/26 14:50:38 prb Exp $
 .\"
-.Dd $Mdocdate: September 2 2019 $
+.Dd $Mdocdate: January 4 2022 $
 .Dt LOGIN.CONF 5
 .Os
 .Sh NAME
@@ -460,13 +460,18 @@ Change user's local password.
 See
 .Xr login_lchpass 8 .
 .\"
+.It Li ldap
+Authenticate using an LDAP server.
+See
+.Xr login_ldap 8 .
+.\"
 .It Li passwd
 Request a password and check it against the password in the master.passwd file.
 See
 .Xr login_passwd 8 .
 .\"
 .It Li radius
-Normally linked to another authentication type, contact the radius server
+Normally linked to another authentication type, contact a RADIUS server
 to do authentication.
 See
 .Xr login_radius 8 .