From owner-freebsd-security  Sat Aug 17 14:36:47 2002
Delivered-To: freebsd-security@freebsd.org
Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP
	id 0E2D837B493; Sat, 17 Aug 2002 14:36:41 -0700 (PDT)
Received: from emmi.physik.TU-Berlin.DE (emmi.physik.TU-Berlin.DE [130.149.160.103])
	by mx1.FreeBSD.org (Postfix) with ESMTP
	id 2ED6C43E42; Sat, 17 Aug 2002 14:36:40 -0700 (PDT)
	(envelope-from jschlesn@emmi.physik.TU-Berlin.DE)
Received: from emmi.physik.TU-Berlin.DE (localhost.physik.TU-Berlin.DE [127.0.0.1])
	by emmi.physik.TU-Berlin.DE (8.12.5/8.11.6) with ESMTP id g7HLacuo092646;
	Sat, 17 Aug 2002 23:36:38 +0200 (CEST)
	(envelope-from jschlesn@emmi.physik.TU-Berlin.DE)
Received: (from jschlesn@localhost)
	by emmi.physik.TU-Berlin.DE (8.12.5/8.12.3/Submit) id g7HLacYO092645;
	Sat, 17 Aug 2002 23:36:38 +0200 (CEST)
Date: Sat, 17 Aug 2002 23:36:38 +0200
From: Jan Schlesner <jschlesn@physik.TU-Berlin.DE>
To: Mike Tancsa <mike@sentex.net>
Cc: stable@freebsd.org, security@freebsd.org
Subject: Re: login.access no longer works with default sshd
Message-ID: <20020817213638.GA92398@physik.TU-Berlin.DE>
References: <5.1.1.6.0.20020816104955.03cdcc98@marble.sentex.ca>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <5.1.1.6.0.20020816104955.03cdcc98@marble.sentex.ca>
User-Agent: Mutt/1.4i
X-PGP-Key: <http://wwwnlds.physik.tu-berlin.de/~schlesner/jschlesn.gpg>
X-Operating-System: FreeBSD 4.6-STABLE, i386
X-Mailer: Mutt 1.4i ( i386 FreeBSD 4.6-STABLE )
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

On Fri, Aug 16, 2002 at 10:53:52AM -0400, Mike Tancsa wrote:
> I noticed that /etc/login.access is no longer consulted with sshd by 
> default.  Are there any dangers/caveats of turning on UseLogin yes ?  As 

Login don't know how to handel xauth cookies. With "UseLogin yes"
X11-forwarding do not work. But with the options AllowGroups,
AllowUsers, DennyGroups and DennyUsers you can control the sshd-login.

Jan
-- 
[ gpg key: http://wwwnlds.physik.tu-berlin.de/~schlesner/jschlesn.gpg ]
[ key fingerprint: 4236 3497 C4CF 4F3A 274F  B6E2 C4F6 B639 1DF4 CF0A ]
--
It's better to reign in hell,
	than to serve in heaven...

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message