Date: Wed, 15 Jul 1998 08:07:59 -0600 (MDT) From: Wes Peters <wes@softweyr.com> To: tom@uniserve.com Cc: paulo@nlink.com.br, jer@jorsm.com, freebsd-stable@FreeBSD.ORG Subject: Re: Finger and getpwent Message-ID: <199807151407.IAA15645@obie.softweyr.com> In-Reply-To: <Pine.BSF.3.96.980714105203.7431D-100000@shell.uniserve.ca> References: <Pine.BSF.3.96.980714105203.7431D-100000@shell.uniserve.ca>
next in thread | previous in thread | raw e-mail | index | archive | help
My hidden microphone recorded Tom (tom@uniserve.com) saying:
%
% On Mon, 13 Jul 1998, Wes Peters wrote:
%
% > A *somewhat* better solution is to use my nologin program, which logs
% > attempts to login to disabled accounts via syslog. You can retrieve
%
% Except that nologin just stops shell logins, not all password
% authentication. So POP, IMAP, some FTP, RADIUS, all suceed. Munging the
% password field is better. Attempts to access disabled accounts is logged
% as well, as will all incorrect passwords.
These daemons should all be FIXED to not allow logins if the shell isn't
in /etc/shells. ftpd and wu-ftpd already do this; if the others don't,
we should ask the port maintainers to "fix" them for us. ;^)
--
"Where am I, and what am I doing in this handbasket?"
Wes Peters Softweyr LLC
http://www.softweyr.com/~softweyr wes@softweyr.com
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199807151407.IAA15645>