I was inspired by a related mail to send out this doas auth diff again.
Hopefully my phone won't ruin the formatting.
. . . . .
Add a type to auth_userokay() to allow for giving a specific
authentication method for doas in login.conf, e.g.
staff:\
...
:auth-doas=yubikey:\
:auth=passwd:\
:tc=default:
OK?
/Alexander
Index: doas.c
===================================================================
RCS file: /cvs/src/usr.bin/doas/doas.c,v
retrieving revision 1.14
diff -u -p -r1.14 doas.c
--- doas.c 20 Jul 2015 01:04:37 -0000 1.14
+++ doas.c 21 Jul 2015 07:43:53 -0000
@@ -341,7 +341,7 @@ main(int argc, char **argv, char **envp)
}
if (!(rule->options & NOPASS)) {
- if (!auth_userokay(myname, NULL, NULL, NULL)) {
+ if (!auth_userokay(myname, NULL, "auth-doas", NULL)) {
syslog(LOG_AUTHPRIV | LOG_NOTICE,
"failed password for %s", myname);
fail();
