Date: Sun, 14 Mar 2004 13:00:37 -0800 From: "Loren M. Lang" <lorenl@alzatex.com> To: freebsd-questions@freebsd.org Subject: Re: user setup question Message-ID: <20040314210037.GL1378@alzatex.com> In-Reply-To: <20040314155805.GB49058@keyslapper.org> References: <20040313180447.GA25158@keyslapper.org> <20040313162259.W74681@goodwill.io.com> <20040314155805.GB49058@keyslapper.org>
next in thread | previous in thread | raw e-mail | index | archive | help
--NPWyolIJAVLYbHY6 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Sun, Mar 14, 2004 at 10:58:05AM -0500, Louis LeBlanc wrote: > On 03/13/04 04:29 PM, Lars Eighner sat at the `puter and typed: > > On Sat, 13 Mar 2004, Louis LeBlanc wrote: > >=20 [..] > That is exactly what I'm trying to do. I did find the login.access > file, but it didn't seem to work. >=20 > I set the user up as follows: > -:userid:ALL EXCEPT LOCAL >=20 > which I understand is the correct syntax. Problem is how to get it to > take effect without a reboot. The manpage doesn't say anything about > restarting or HUPing a process - like you would inetd after changing > inetd.conf. >=20 > A quick Google revealed that sshd doesn't honor the login.access by > default. I set UseLogin to 'yes' in /etc/ssh/sshd_config, HUPed sshd, > and it seems to work fine. >=20 > Seems to me this should be cause for concern. Why would sshd ignore > login.access by default? Shouldn't all shell access methods honor any > form of access restriction by default? >=20 Because not all OSes have login.access, openssh runs on many platforms like linux which has no login.access. Does openbsd have a login.access? Since that is it's native os then that gives even more reason. And, for security reasons openssh uses it's own login procedure and doesn't trust the systems login command. By adding UseLogin true, it will use the system login command which, of course, obeys all the system policies like login.allow. > Thanks. > Lou > --=20 > Louis LeBlanc leblanc@keyslapper.org > Fully Funded Hobbyist, KeySlapper Extrordinaire :) > http://www.keyslapper.org ???? >=20 > Recursion n.: > See Recursion. > -- Random Shack Data Processing Dictionary > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.o= rg" >=20 >=20 > !DSPAM:40548205229492008732744! >=20 --=20 I sense much NT in you. NT leads to Bluescreen. Bluescreen leads to downtime. Downtime leads to suffering. NT is the path to the darkside. Powerful Unix is. Public Key: ftp://ftp.tallye.com/pub/lorenl_pubkey.asc Fingerprint: B3B9 D669 69C9 09EC 1BCD 835A FAF3 7A46 E4A3 280C =20 --NPWyolIJAVLYbHY6 Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQFAVMf1+vN6RuSjKAwRArYeAJ4x1Qj5uFLjFGqzeVMOySDnGIhpsgCfaaBs jZc1hQsDUmNI3Ihyz5hKnqM= =1kl7 -----END PGP SIGNATURE----- --NPWyolIJAVLYbHY6--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20040314210037.GL1378>