Date: Mon, 21 Jan 2002 03:49:08 +0300 From: "Andrey A. Chernov" <ache@nagual.pp.ru> To: Dag-Erling Smorgrav <des@ofug.org> Cc: Mark Murray <mark@grondar.za>, current@FreeBSD.ORG Subject: Re: Step5, pam_opie OPIE auth fix for review Message-ID: <20020121004906.GA28231@nagual.pp.ru> In-Reply-To: <xzpelkk1qnb.fsf@flood.ping.uio.no> References: <20020120220254.GA25886@nagual.pp.ru> <200201202314.g0KNEDt34526@grimreaper.grondar.org> <20020120233050.GA26913@nagual.pp.ru> <xzpvgdw1sqp.fsf@flood.ping.uio.no> <20020121000446.GB27206@nagual.pp.ru> <xzpn0z81rrr.fsf@flood.ping.uio.no> <20020121002557.GB27831@nagual.pp.ru> <xzpelkk1qnb.fsf@flood.ping.uio.no>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, Jan 21, 2002 at 01:42:00 +0100, Dag-Erling Smorgrav wrote: > > The admin can't enforce "always OPIE" for a user, because the user can > always delete his ~/.opiealways. This is per-machine choice. Long time ago, for S-KEY, it was per-terminal choice too, but OPIE currently not have per-terminal module. There is no needs to enforce it for user logged from trusted machine since whole machine is trusted. But paranoid users can enforce it for themselfs. > How about I write a pam_opieaccess(8) module and you tell me what you > think of it? It's really the cleanest solution from PAM's point of > view. Ok, I'll write it and send for review. -- Andrey A. Chernov http://ache.pp.ru/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-current" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020121004906.GA28231>