From owner-freebsd-stable  Sat Aug 17 15:10:32 2002
Delivered-To: freebsd-stable@freebsd.org
Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP
	id B8B6937B400; Sat, 17 Aug 2002 15:10:29 -0700 (PDT)
Received: from nagual.pp.ru (pobrecita.freebsd.ru [194.87.13.42])
	by mx1.FreeBSD.org (Postfix) with ESMTP
	id B860843E42; Sat, 17 Aug 2002 15:10:28 -0700 (PDT)
	(envelope-from ache@pobrecita.freebsd.ru)
Received: from pobrecita.freebsd.ru (ache@localhost [127.0.0.1])
	by nagual.pp.ru (8.12.5/8.12.5) with ESMTP id g7HMALvs015046;
	Sun, 18 Aug 2002 02:10:24 +0400 (MSD)
	(envelope-from ache@pobrecita.freebsd.ru)
Received: (from ache@localhost)
	by pobrecita.freebsd.ru (8.12.5/8.12.5/Submit) id g7HMAING015045;
	Sun, 18 Aug 2002 02:10:18 +0400 (MSD)
	(envelope-from ache)
Date: Sun, 18 Aug 2002 02:10:16 +0400
From: "Andrey A. Chernov" <ache@nagual.pp.ru>
To: Jan Schlesner <jschlesn@physik.TU-Berlin.DE>
Cc: Mike Tancsa <mike@sentex.net>, stable@FreeBSD.ORG,
	security@FreeBSD.ORG
Subject: Re: login.access no longer works with default sshd
Message-ID: <20020817221015.GA14994@nagual.pp.ru>
References: <5.1.1.6.0.20020816104955.03cdcc98@marble.sentex.ca> <20020817213638.GA92398@physik.TU-Berlin.DE>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20020817213638.GA92398@physik.TU-Berlin.DE>
User-Agent: Mutt/1.5.1i
Sender: owner-freebsd-stable@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-stable.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-stable>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-stable>
X-Loop: FreeBSD.ORG

On Sat, Aug 17, 2002 at 23:36:38 +0200, Jan Schlesner wrote:
> On Fri, Aug 16, 2002 at 10:53:52AM -0400, Mike Tancsa wrote:
> > I noticed that /etc/login.access is no longer consulted with sshd by 
> > default.  Are there any dangers/caveats of turning on UseLogin yes ?  As 
> 
> Login don't know how to handel xauth cookies. With "UseLogin yes"
> X11-forwarding do not work. But with the options AllowGroups,
> AllowUsers, DennyGroups and DennyUsers you can control the sshd-login.

There was login.access patch which is lost in the merging of new openssh
version. It still applies almost cleanly and restore login.access
functionality. Ask DES to revive it, if you want.

-- 
Andrey A. Chernov
http://ache.pp.ru/

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message