On Tue, Jun 23, 2015 at 09:47:19AM -0400, Kurt Mosiejczuk wrote: > On Mon, Jun 22, 2015 at 11:06:36PM +0200, Antoine Jacoutot wrote: > > On Mon, Jun 22, 2015 at 09:09:01AM +0100, Stuart Henderson wrote: > > > > IIRC it is correct that "non-system" methods have a - prefix. > > > How is your login class set? I haven't used krb5, but I *think* it should > > > look like this, > > > > :auth=-krb5-or-pwd: > > > Correct, this is all explained in login.conf(5): > > > Local authentication styles may be added by creating a login script for > > the style (see below). To prevent collisions with future official BSD > > Authentication style names, all local style names should start with a > > dash (-). Current plans are for all official BSD Authentication style > > names to begin with a lower case alphabetic character. For example, if > > you have a new style you refer to as slick then you should create an > > authentication script named /usr/libexec/auth/login_-slick using the > > style name -slick. When logging in via the login(1) program, the > > syntax > > user:-slick would be used. > > I had wondered if I was missing something. Would it be good to note the > difference in the manpages? The manpage talks only about it being login_krb5. > Between that and my historical usage when it was in base, I just put it in > without the dash.
Yes that's a good idea, I will do that. Thanks. -- Antoine
