Skip site navigation (1)Skip section navigation (2) 
Date:      Tue, 25 Jul 2000 13:41:13 +0300 (EEST)
From:      Dmitry Pryanishnikov <dmitry@digital.dp.ua>
To:        Victor Ivanov <v0rbiz@icon-bg.net>
Cc:        freebsd-security@FreeBSD.ORG
Subject:   Re: ssh2 bypasses host.allow in /etc/login.conf?
Message-ID:  <Pine.BSF.4.21.0007251330520.58876-100000@ff.dsu.dp.ua>
In-Reply-To: <004601bff546$9cfe71a0$03c507d4@icon1.icon-bg.net>
next in thread | previous in thread | raw e-mail | index | archive | help 

Hello!

On Mon, 24 Jul 2000, Victor Ivanov wrote:
> login.conf is for login. It is no good if a program depend on another
> program's config file which is subject to change... (i think)


From man login.conf:

     login.conf contains various attributes and capabilities of login classes.
     A login class (an optional annotation against each record in the user ac-
     count database, /etc/master.passwd) determines session accounting, re-
     source limits and user environment settings.  It is used by various pro-
                                                              ^^^^^^^^^^^^^^
     grams in the system to set up a user's login environment and to enforce
     ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
     policy, accounting and administrative restrictions.  It also provides the
     ^^^^^^

So this file is not only for login, but for any program which gives access
user to the system, e.g., ftpd.
  BTW, ssh2 uses part of login.conf entry to establish resource limits,
why don't use rest of specification?

> maybe ssh2 does not use login? like openssh? or it is enabled with some
> option?
> is there 'UseLogin' option in the ssh2 config file (or something like?)

 Haven't seen such an option both in sshd2_config and in sshd2's manpage.

 BTW, there are other ways to check login.conf restrictions besides
direct login execution (e.g., auth_hostok()).


Sincerely, Dmitry

Dnipropetrovsk State University,        E-mail:  dmitry@digital.dp.ua
Physical Faculty,                       WWW:      http://ff.dsu.dp.ua
Department of Experimental Physics      
Dnipropetrovsk, Ukraine                 FTP:  ftp://digital.dp.ua/DEC



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.21.0007251330520.58876-100000>