On Sun, Mar 14, 2004 at 10:58:05AM -0500, Louis LeBlanc wrote: > On 03/13/04 04:29 PM, Lars Eighner sat at the `puter and typed: > > On Sat, 13 Mar 2004, Louis LeBlanc wrote: > > [..] > That is exactly what I'm trying to do. I did find the login.access > file, but it didn't seem to work. > > I set the user up as follows: > -:userid:ALL EXCEPT LOCAL > > which I understand is the correct syntax. Problem is how to get it to > take effect without a reboot. The manpage doesn't say anything about > restarting or HUPing a process - like you would inetd after changing > inetd.conf. > > A quick Google revealed that sshd doesn't honor the login.access by > default. I set UseLogin to 'yes' in /etc/ssh/sshd_config, HUPed sshd, > and it seems to work fine. > > Seems to me this should be cause for concern. Why would sshd ignore > login.access by default? Shouldn't all shell access methods honor any > form of access restriction by default? >
Because not all OSes have login.access, openssh runs on many platforms like linux which has no login.access. Does openbsd have a login.access? Since that is it's native os then that gives even more reason. And, for security reasons openssh uses it's own login procedure and doesn't trust the systems login command. By adding UseLogin true, it will use the system login command which, of course, obeys all the system policies like login.allow. > Thanks. > Lou > -- > Louis LeBlanc [EMAIL PROTECTED] > Fully Funded Hobbyist, KeySlapper Extrordinaire :) > http://www.keyslapper.org ???? > > Recursion n.: > See Recursion. > -- Random Shack Data Processing Dictionary > _______________________________________________ > [EMAIL PROTECTED] mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "[EMAIL PROTECTED]" > > > !DSPAM:40548205229492008732744! > -- I sense much NT in you. NT leads to Bluescreen. Bluescreen leads to downtime. Downtime leads to suffering. NT is the path to the darkside. Powerful Unix is. Public Key: ftp://ftp.tallye.com/pub/lorenl_pubkey.asc Fingerprint: B3B9 D669 69C9 09EC 1BCD 835A FAF3 7A46 E4A3 280C
pgp00000.pgp
Description: PGP signature
