Age | Commit message (Collapse) | Author |
|
update. We have to be careful and drop our lock if we are suspended
and then regain the lock on resume. This is necessary because the
user must not be allowed to keep a record locked for a long period
of time to avoid a DoS. We must be sure to re-lock when we resume
because otherwise an attacker could suspend us until a user starts
to login and then resume and then race the user for login using
the challenge response from the user.
|
|
getpass()/readpassphrase() from being able to restore the tty mode
on keyboard interrupt. Along with the recent readpassphrase.c commit
this means that if you ^C things that use login scripts (like su(1))
with a non-CBREAK shell your tty mode will be restored nicely.
TODO:
The various login scripts need to install handlers to avoid leaving
turd files or otherwise ending in a bad state. It would also be
nice to send BI_REJECT to the back channel.
|
|
millert@ ok
|
|
|
|
the invoking user.
|
|
|
|
will be used when BSD authentication is enabled
|