where an alias may be used before it is defined. Only turned on for visudo
and testsudoers.
o Add --disable-authentication option that makes sudo not require
authentication by default. The PASSWD tag can be used to require
authentication for an entry. We no longer overload --without-passwd.
o Visudo now locks the sudoers temp file instead of bailing when
the temp file already exists. This fixes the problem of stale
temp files but it does *require* that you not try to put the
temp file in a world-writable directory. This shoud not be
an issue as the temp file should live in the same dir as sudoers.
o Visudo now only installs the temp file as sudoers if it changed.
done more reasonably--better sanity checks and tty-based stamps are
now done as files in a directory with the same name as the invoking
user, eg. /var/run/sudo/millert/ttyp1. It is not currently possible
to mix tty and non-tty based ticket schemes but this may change in
the future (it requires sudo to use a directory instead of a file
in the non-tty case). Also, ``sudo -k'' now sets the ticket back
to the epoch and ``sudo -K'' really deletes the file. That way you
don't get the lecture again just because you killed your ticket in
.logout. BSD-style copyright now.
Tgetpass now takes an echo flag for use with PAM_PROMPT_ECHO_ON
Block SIGINT and SIGTSTP during auth
remove a useless umask setting
Change error from BAD_ALLOCATION -> BAD_AUTH_INIT (for use with sia/PAM)
Some cosmetic changes to auth.c for consistency
It turns out the old DES crypt does the right thing with passwords
longert than 8 characters.
o Fix common typo (necesary -> necessary)
o Update TODO list
the empty password they entered. Perviously, they could enter anything
*but* an empty password. Also, add GETPASS macro that calls either
tgetpass() or getpass() depending on how sudo was configured.
Problem noted by jdg@maths.qmw.ac.uk
