From owner-cvs-all Thu Jan 24 17:11:44 2002 Delivered-To: cvs-all@freebsd.org Received: from nagual.pp.ru (pobrecita.freebsd.ru [194.87.13.42]) by hub.freebsd.org (Postfix) with ESMTP id E9B2A37B402; Thu, 24 Jan 2002 17:11:38 -0800 (PST) Received: (from ache@localhost) by nagual.pp.ru (8.11.6/8.11.6) id g0P1BaC89668; Fri, 25 Jan 2002 04:11:37 +0300 (MSK) (envelope-from ache) Date: Fri, 25 Jan 2002 04:11:34 +0300 From: "Andrey A. Chernov" To: Robert Watson Cc: Dag-Erling Smorgrav , cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org Subject: Re: cvs commit: src/lib/libpam/modules/pam_opieaccess pam_opieaccess.c Message-ID: <20020125011133.GA89474@nagual.pp.ru> References: <20020125005725.GA89369@nagual.pp.ru> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.3.27i Sender: owner-cvs-all@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Thu, Jan 24, 2002 at 20:03:07 -0500, Robert Watson wrote: > > > > To prevent any tricks with resolver it is always better to pass numeric > > IP address into PAM's RHOST when possible. > > Will it ever not be possible to pass a numeric IP address? For network connection, you get IP address first, not DNS name. I see no much sense to resolve it into DNS name then pass it to PAM where modules will resolve it back to IP address. This whole part can be skipped to be more secure in case something happens with resolver. -- Andrey A. Chernov http://ache.pp.ru/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe cvs-all" in the body of the message