From owner-freebsd-stable  Thu Jul 16 17:01:37 1998
Return-Path: <owner-freebsd-stable@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id RAA19004
          for freebsd-stable-outgoing; Thu, 16 Jul 1998 17:01:37 -0700 (PDT)
          (envelope-from owner-freebsd-stable@FreeBSD.ORG)
Received: from obie.softweyr.com ([204.68.178.33])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id RAA18995
          for <freebsd-stable@FreeBSD.ORG>; Thu, 16 Jul 1998 17:01:27 -0700 (PDT)
          (envelope-from wes@obie.softweyr.com)
Received: (from wes@localhost)
	by obie.softweyr.com (8.8.8/8.8.8) id SAA18215;
	Thu, 16 Jul 1998 18:00:59 -0600 (MDT)
	(envelope-from wes)
From: Wes Peters <wes@softweyr.com>
Message-Id: <199807170000.SAA18215@obie.softweyr.com>
Subject: Re: Finger and getpwent
In-Reply-To: <199807162105.OAA02417@freebie.dcfinc.com> from "Chad R. Larson" at "Jul 16, 98 02:05:43 pm"
To: chad@dcfinc.com
Date: Thu, 16 Jul 1998 18:00:58 -0600 (MDT)
Cc: freebsd-stable@FreeBSD.ORG
X-Mailer: ELM [version 2.4ME+ PL32 (25)]
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-stable@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

Chad Larson recommended:
> The model that make sense to me is the SysVr4 Service Access Controller
> (SAC).  From a security standpoint, there were way too many different
> ways to get a "login" prompt from the system.  The telnet daemon, the
> rlogin daemon, FTP, the regular login, the UUCP service, etc.  So now
> there is only one process that issues "login", and every thing else goes
> through it.  That gives a single point to install authentication and
> access control.
> 
> The other band-aids grew up, in my opinion, as people who didn't have
> source to their systems tried to fix things up.  We FreeBSDers have the
> facilities to implement a global solution similar to the SysVr4 one.

Hopefully without the horrible over-complexity of SAF and SAC, though.
When you have 'keys' that are so complex you have to write another
command just to generate the keys for you, something has gone horribly
wrong with your design.

-- 
       "Where am I, and what am I doing in this handbasket?"

Wes Peters                                                 Softweyr LLC
http://www.softweyr.com/~softweyr                      wes@softweyr.com

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message