Date: Tue, 20 Feb 2001 01:07:57 -0600 From: ryanb <ryanb@goddamnbastard.org> To: freebsd-stable@freebsd.org Subject: login(1)/login.access(5) and numeric IP restrictions Message-ID: <20010220010757.E41047@bjorn.goddamnbastard.org>
next in thread | raw e-mail | index | archive | help
Good morning/afternoon/evening -STABLE! As the subject implies, I'm running into a problem w/ restricting based on IP/network via login.access(5). I couldn't track anything down in the -STABLE archives so far re: this behavior, but if anyone can refer me to other postings, I'll gladly check 'em out. In /etc/login.access, I have an entry like this: +:wheel staff:192.168.100.102 Any service attempting to use this info (using login(1), I assume) will fail the request regardless of uid/gid. Now, based on what the man page says re: network addresses, I've also tried the following: +:wheel staff:192.168.100. That, too, fails. I've tried at least 5-10 various permutations, all failing if numeric addressing is involved. Using "ALL" or hostnames / domains works flawlessly. What I'm trying to figure out is whether login.access simply won't work with numeric address restrictions (login(1) prob?) or whether I'm just a fool. :) Yes, I know about hosts_access(5). I'm ultimately going to use that in conjunction w/ login.access(5). However, if login(1)/login.access(5) is really the source of the problem (numeric stuffs deprecated maybe), then I think a PR might be necessary for the documentation team. Thanks much in advance. - ryan -- Ryan Beasley e-mail: <ryanb@goddamnbastard.org> God Damn Bastard, Inc. web: http://www.goddamnbastard.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010220010757.E41047>