On Sun, Mar 14, 2004 at 10:58:05AM -0500, Louis LeBlanc wrote:
> On 03/13/04 04:29 PM, Lars Eighner sat at the `puter and typed:
> > On Sat, 13 Mar 2004, Louis LeBlanc wrote:
> > 
> That is exactly what I'm trying to do.  I did find the login.access
> file, but it didn't seem to work.
> I set the user up as follows:
> which I understand is the correct syntax.  Problem is how to get it to
> take effect without a reboot.  The manpage doesn't say anything about
> restarting or HUPing a process - like you would inetd after changing
> inetd.conf.
> A quick Google revealed that sshd doesn't honor the login.access by
> default.  I set UseLogin to 'yes' in /etc/ssh/sshd_config, HUPed sshd,
> and it seems to work fine.
> Seems to me this should be cause for concern.  Why would sshd ignore
> login.access by default?  Shouldn't all shell access methods honor any
> form of access restriction by default?

Because not all OSes have login.access, openssh runs on many platforms
like linux which has no login.access.  Does openbsd have a login.access?
Since that is it's native os then that gives even more reason.  And, for
security reasons openssh uses it's own login procedure and doesn't trust
the systems login command.  By adding UseLogin true, it will use the
system login command which, of course, obeys all the system policies
like login.allow.

> Thanks.
> Lou
> -- 
> Louis LeBlanc               [EMAIL PROTECTED]
> Fully Funded Hobbyist, KeySlapper Extrordinaire :)
> http://www.keyslapper.org                     ????
> Recursion n.:
>   See Recursion.
>     -- Random Shack Data Processing Dictionary
> _______________________________________________
> [EMAIL PROTECTED] mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to "[EMAIL PROTECTED]"
> !DSPAM:40548205229492008732744!

I sense much NT in you.
NT leads to Bluescreen.
Bluescreen leads to downtime.
Downtime leads to suffering.
NT is the path to the darkside.
Powerful Unix is.

Public Key: ftp://ftp.tallye.com/pub/lorenl_pubkey.asc
Fingerprint: B3B9 D669 69C9 09EC 1BCD  835A FAF3 7A46 E4A3 280C

Attachment: pgp00000.pgp
Description: PGP signature

Reply via email to