From owner-freebsd-current Tue Mar 12 08:45:07 1996 Return-Path: owner-current Received: (from root@localhost) by freefall.freebsd.org (8.7.3/8.7.3) id IAA27985 for current-outgoing; Tue, 12 Mar 1996 08:45:07 -0800 (PST) Received: from halloran-eldar.lcs.mit.edu (halloran-eldar.lcs.mit.edu [18.26.0.159]) by freefall.freebsd.org (8.7.3/8.7.3) with SMTP id IAA27980 for ; Tue, 12 Mar 1996 08:45:05 -0800 (PST) Received: by halloran-eldar.lcs.mit.edu; (5.65/1.1.8.2/19Aug95-0530PM) id AA12584; Tue, 12 Mar 1996 11:44:45 -0500 Date: Tue, 12 Mar 1996 11:44:45 -0500 From: "Garrett A. Wollman" Message-Id: <9603121644.AA12584@halloran-eldar.lcs.mit.edu> To: Mark Murray Cc: "Garrett A. Wollman" , freebsd-current@freebsd.org Subject: Re: HEADS UP! Please check... In-Reply-To: <199603112042.WAA04844@grumble.grondar.za> References: <199603112042.WAA04844@grumble.grondar.za> Sender: owner-current@freebsd.org X-Loop: FreeBSD.org Precedence: bulk < said: > My philosohy on this one was that if there was not an acl entry for > the guy, no matter what, then he wasn't allowed in. I'm sure I could > look for the above case and add it in. Others' comments? How does this > new variant "feel" to you? Many sites may not want to use the Kerberized `su' for private reasons of their own. `su' should take the non-existence of ~root/.klogin as an indication of this and go back to UNIX / S/Key authentication. (Just as one example, a site may want to force everyone to use S/Key for `su', since they can't trust the network connection over which a user is logged in.) -GAWollman -- Garrett A. Wollman | Shashish is simple, it's discreet, it's brief. ... wollman@lcs.mit.edu | Shashish is the bonding of hearts in spite of distance. Opinions not those of| It is a bond more powerful than absence. We like people MIT, LCS, ANA, or NSA| who like Shashish. - Claude McKenzie + Florent Vollant