Date: Thu, 26 Dec 1996 04:30:02 -0800 (PST) From: Guido van Rooij <guido@gvr.win.tue.nl> To: freebsd-bugs Subject: Re: bin/2265: su(1) does not call skeyaccess() Message-ID: <199612261230.EAA18907@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
The following reply was made to PR bin/2265; it has been noted by GNATS. From: Guido van Rooij <guido@gvr.win.tue.nl> To: bradley@dunn.org (Bradley Dunn) Cc: joerg_wunsch@uriah.heep.sax.de, FreeBSD-gnats-submit@freebsd.org Subject: Re: bin/2265: su(1) does not call skeyaccess() Date: Mon, 23 Dec 1996 18:12:57 +0100 (MET) Bradley Dunn wrote: > Someone running su(1) has already been authenticated, but as someone else. > Correct. > I think that if one puts a "deny user foo" in skey.access, the intention > is that foo should not be able to gain access to the system using foo's > UNIX password. With the current su, foo has a way of gaining access with > his UNIX password, even though it is desired that he not be able to.A All of your reasoning is correct. If there's enough demand, I'll add the su skey code to su. Btw: there is a manpage for skey.access: skey.access(5) - S/Key password control table -Guido
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199612261230.EAA18907>