Skip site navigation (1)Skip section navigation (2) 
Date:      Sat, 15 Nov 1997 17:09:12 -0800 (PST)
From:      ferdl@atommuell.oeh.uni-linz.ac.at
To:        freebsd-gnats-submit@FreeBSD.ORG
Subject:   conf/5062: login.access not evaluated correctly
Message-ID:  <199711160109.RAA08313@hub.freebsd.org>
Resent-Message-ID: <199711160110.RAA08374@hub.freebsd.org>
next in thread | raw e-mail | index | archive | help 

>Number:         5062
>Category:       conf
>Synopsis:       login.access not evaluated correctly
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    freebsd-bugs
>State:          open
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Sat Nov 15 17:10:01 PST 1997
>Last-Modified:
>Originator:     Ferdinand Goldman
>Organization:
Hochschuelerschaft Universitaet Linz
>Release:        2.2.5-RELEASE
>Environment:
FreeBSD atommuell.oeh.uni-linz.ac.at 2.2.5-RELEASE FreeBSD 2.2.5-RELEASE #0: Wed Nov 12 10:23:09 CET 1997     root@atommuell.oeh.uni-linz.ac.at:/usr/src/sys/compile/ATOMMUELL  i386

>Description:
The /etc/login.access is not evaluated correctly. I have the following 
/etc/login.access file:

-:root toor:ALL EXCEPT LOCAL .oeh.uni-linz.ac.at
-:maximus:ALL EXCEPT LOCAL 140.78.199.21
-:holy:ALL EXCEPT 193.219.43.11 193.219.43.12 193.219.43.13 193.219.43.14 193.219.43.15 193
.219.43.16 193.219.43.17 193.219.43.18
-:ALL:ALL EXCEPT LOCAL .oeh.uni-linz.ac.at .worldonline.nl .systema.co.at 195.21
2.99.6 162.49.245.41 .planet.co.at alpha.aec.at
 
According to the manpage for login.access(5),
"the login.access is scanned for the first entry
     that matches the (user, host) combination".
Well, taken the above entries in my file, this should mean that user
maximus can only log on from the IP address 140.78.199.21, and user holy
can only log on from the given IP addresses as well. But it wont work,
maximus and holy are both refused login from everywhere. I have found
out that when I specify the FQDN for maximus' host, it will work. It
seems to have a problem with IP addresses/Network numbers.
>How-To-Repeat:

>Fix:

>Audit-Trail:
>Unformatted:

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199711160109.RAA08313>