From owner-cvs-src  Sat Feb 15 16: 7:17 2003
Delivered-To: cvs-src@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP
	id ED08037B401; Sat, 15 Feb 2003 16:07:15 -0800 (PST)
Received: from nagual.pp.ru (pobrecita.freebsd.ru [194.87.13.42])
	by mx1.FreeBSD.org (Postfix) with ESMTP
	id 9DDAD43F93; Sat, 15 Feb 2003 16:07:14 -0800 (PST)
	(envelope-from ache@pobrecita.freebsd.ru)
Received: from pobrecita.freebsd.ru (ache@localhost [127.0.0.1])
	by nagual.pp.ru (8.12.7/8.12.7) with ESMTP id h1G07DEJ072967;
	Sun, 16 Feb 2003 03:07:13 +0300 (MSK)
	(envelope-from ache@pobrecita.freebsd.ru)
Received: (from ache@localhost)
	by pobrecita.freebsd.ru (8.12.7/8.12.6/Submit) id h1G07D6X072966;
	Sun, 16 Feb 2003 03:07:13 +0300 (MSK)
	(envelope-from ache)
Date: Sun, 16 Feb 2003 03:07:12 +0300
From: "Andrey A. Chernov" <ache@nagual.pp.ru>
To: Dag-Erling Smorgrav <des@ofug.org>
Cc: src-committers@FreeBSD.org, cvs-src@FreeBSD.org,
	cvs-all@FreeBSD.org
Subject: Re: cvs commit: src/lib/libpam/modules/pam_opieaccess pam_opieaccess.c
Message-ID: <20030216000711.GA72930@nagual.pp.ru>
References: <200302152326.h1FNQnAr027546@repoman.freebsd.org> <20030215233943.GC72156@nagual.pp.ru> <xzpof5dm7jg.fsf@flood.ping.uio.no> <20030215235556.GI72156@nagual.pp.ru>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20030215235556.GI72156@nagual.pp.ru>
User-Agent: Mutt/1.5.1i
Sender: owner-cvs-src@FreeBSD.ORG
Precedence: bulk
List-ID: <cvs-src.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20cvs-src>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20cvs-src>
X-Loop: FreeBSD.ORG

On Sun, Feb 16, 2003 at 02:55:56 +0300, Andrey A. Chernov wrote:
> > It does not work by default; pam_opieaccess previously had special-
> > case code to handle this (by explicitly allowing non-OPIE logins when
> > PAM_RHOST was NULL).  This behaviour was very surprising to people who
> > wanted to prevent OPIE users from using their passwords even locally,
> > as they had no way of knowing that login(1) happened to set PAM_RHOST
> > to NULL for local logins.
> 
> It means that pam_opieaccess() tries to handle localhost before 
> accessfile.c instead of correctly passing "" there for localhost case.


To summarize it, localhost is "" for OPIE functions. Not NULL, not 
"localhost" string. PAM code must be fixed to pass what OPIE expected, 
i.e. "", instead of hacking OPIE code and config to do something unusual.

-- 
Andrey A. Chernov
http://ache.pp.ru/

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe cvs-src" in the body of the message