From owner-cvs-all  Sun Aug  5 13:29:19 2001
Delivered-To: cvs-all@freebsd.org
Received: from nagual.pp.ru (pobrecita.freebsd.ru [194.87.13.42])
	by hub.freebsd.org (Postfix) with ESMTP
	id 1F6DC37B401; Sun,  5 Aug 2001 13:29:11 -0700 (PDT)
	(envelope-from ache@nagual.pp.ru)
Received: (from ache@localhost)
	by nagual.pp.ru (8.11.4/8.11.4) id f75KSop47659;
	Mon, 6 Aug 2001 00:28:50 +0400 (MSD)
	(envelope-from ache)
Date: Mon, 6 Aug 2001 00:28:49 +0400
From: "Andrey A. Chernov" <ache@nagual.pp.ru>
To: Mark Murray <mark@grondar.za>
Cc: cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org
Subject: Re: cvs commit: src/lib/libopie Makefile
Message-ID: <20010806002848.B47300@nagual.pp.ru>
References: <20010805024631.B36079@nagual.pp.ru> <200108051444.f75EiVZ04340@grimreaper.grondar.za>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <200108051444.f75EiVZ04340@grimreaper.grondar.za>
User-Agent: Mutt/1.3.19i
Sender: owner-cvs-all@FreeBSD.ORG
Precedence: bulk
List-ID: <cvs-all.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20cvs-all>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20cvs-all>
X-Loop: FreeBSD.ORG

On Sun, Aug 05, 2001 at 15:44:31 +0100, Mark Murray wrote:
> I'm having a problem parsing this.

Sorry, it is my bad English. Typical /etc/opieaccess is:

permit 127.0.0.1 255.255.255.255
permit xx.xx.xx.xx 255.255.255.255

(second is externally visible machine address)

It allows both local ftp command and remote FTP (21) via SSH which use
external address address, but calls ftpd on local machine. I mean not
current system FTPD, but FTPD with proper OPIE integration like wu-ftpd.

> > opiepasswd:  user can't change its own password when count dropped to 0. 
> 
> Sounds like you either need to manage passwords better or that you need
> WANT_INSECURE_OPIE.

What you mean by 'better'? Each OPIE password have its count down with max
9999 value.

> I understand the X Terminal problem, and I'm hoping to fix it. For the
> rest, I have to repeat that it loooks like you need to build your world
> with WANT_INSECURE_OPIE set to "true".

Nowdays all machines used as servers with rare console access, it means
that most connections are remote connections, and it means that
_by_default_ OPIE must assume this variant. And for admins which don't
trust any remote connection we can have just opposite option.

-- 
Andrey A. Chernov
http://ache.pp.ru/

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe cvs-all" in the body of the message