From owner-freebsd-security  Tue Jul 25  4:31:26 2000
Delivered-To: freebsd-security@freebsd.org
Received: from axl.ops.uunet.co.za (axl.ops.uunet.co.za [196.31.2.163])
	by hub.freebsd.org (Postfix) with ESMTP id 189EC37BD66
	for <freebsd-security@freebsd.org>; Tue, 25 Jul 2000 04:31:22 -0700 (PDT)
	(envelope-from sheldonh@axl.ops.uunet.co.za)
Received: from sheldonh (helo=axl.ops.uunet.co.za)
	by axl.ops.uunet.co.za with local-esmtp (Exim 3.15 #1)
	id 13H2u8-00026Y-00; Tue, 25 Jul 2000 13:29:44 +0200
From: Sheldon Hearn <sheldonh@uunet.co.za>
To: Dmitry Pryanishnikov <dmitry@digital.dp.ua>
Cc: Victor Ivanov <v0rbiz@icon-bg.net>, freebsd-security@FreeBSD.ORG
Subject: Re: ssh2 bypasses host.allow in /etc/login.conf? 
In-reply-to: Your message of "Tue, 25 Jul 2000 13:41:13 +0300."
             <Pine.BSF.4.21.0007251330520.58876-100000@ff.dsu.dp.ua> 
Date: Tue, 25 Jul 2000 13:29:44 +0200
Message-ID: <8093.964524584@axl.ops.uunet.co.za>
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org



On Tue, 25 Jul 2000 13:41:13 +0300, Dmitry Pryanishnikov wrote:

> So this file is not only for login, but for any program which gives access
> user to the system, e.g., ftpd.

You are almost right.  The important thing to remember is that this
functionality is not a standard in the UNIX world.  This means that
many applications are not designed to make use of the functionality.  Of
course, any software for which the source is available can be taught to
obey login.conf, but that takes work and someone has to knuckle down and
to it.

Ciao,
Sheldon.


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message