From owner-freebsd-hackers Tue Feb 20 20:44:52 1996 Return-Path: owner-hackers Received: (from root@localhost) by freefall.freebsd.org (8.7.3/8.7.3) id UAA04828 for hackers-outgoing; Tue, 20 Feb 1996 20:44:52 -0800 (PST) Received: from mpp.minn.net (root@mpp.Minn.Net [204.157.201.242]) by freefall.freebsd.org (8.7.3/8.7.3) with ESMTP id UAA04823 for ; Tue, 20 Feb 1996 20:44:47 -0800 (PST) Received: (from mpp@localhost) by mpp.minn.net (8.7.3/8.6.9) id WAA00325; Tue, 20 Feb 1996 22:44:02 -0600 (CST) Message-Id: <199602210444.WAA00325@mpp.minn.net> Subject: Re: pop3 and blocked users To: freebsd@xaa.stack.urc.tue.nl (Mark Huizer) Date: Tue, 20 Feb 1996 22:44:02 -0600 (CST) From: "Mike Pritchard" Cc: hackers@FreeBSD.org In-Reply-To: <199602202159.WAA00598@xaa.stack.urc.tue.nl> from "Mark Huizer" at Feb 20, 96 10:59:04 pm X-Mailer: ELM [version 2.4 PL25 ME8b] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-hackers@FreeBSD.org Precedence: bulk Mark Huizer wrote: > > > Shouldn't pop implementation check if users are having a shell not > > listed in /etc/shells? Otherwise, blocked users will stil be able to > > recieve mail.. > > Well... it's quite simple to change that. I just did it for my computing > society. Simply check it in pop_pass.c and give a POP_FAILURE. > But I feel a bit funny about it. When I had a machine with pop-accounts, I > could imagine WANTING to give ppl a non-existant shell, so they can only > access mail. > Another thing I am going to do tomorrow or something is changing it > so it won't give an error when the blocked user is connecting. It would > be even better if it would standard generate a mailbox containing of > only 1 message telling that the *()^^&* user is blocked and should take > some serious action in stead of trying to read mail You might want to change the pop daemon to honor the account expiration field (the pw_expire field in the pwd struct) instead of keying off the shell. That would let you set an nologin type shell for POP only users, but still allow you a method to totally disable the account. Take a look at the source to "login" for an example. I fixed all of the other access methods to the system to support account expiration sometime last summer/fall. -- Mike Pritchard mpp@minn.net "Go that way. Really fast. If something gets in your way, turn"