From owner-freebsd-current Sun Jan 20 16:50:43 2002 Delivered-To: freebsd-current@freebsd.org Received: from nagual.pp.ru (pobrecita.freebsd.ru [194.87.13.42]) by hub.freebsd.org (Postfix) with ESMTP id CCF8C37B402 for ; Sun, 20 Jan 2002 16:50:40 -0800 (PST) Received: (from ache@localhost) by nagual.pp.ru (8.11.6/8.11.6) id g0L0nBV28285; Mon, 21 Jan 2002 03:49:11 +0300 (MSK) (envelope-from ache) Date: Mon, 21 Jan 2002 03:49:08 +0300 From: "Andrey A. Chernov" To: Dag-Erling Smorgrav Cc: Mark Murray , current@FreeBSD.ORG Subject: Re: Step5, pam_opie OPIE auth fix for review Message-ID: <20020121004906.GA28231@nagual.pp.ru> References: <20020120220254.GA25886@nagual.pp.ru> <200201202314.g0KNEDt34526@grimreaper.grondar.org> <20020120233050.GA26913@nagual.pp.ru> <20020121000446.GB27206@nagual.pp.ru> <20020121002557.GB27831@nagual.pp.ru> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.3.24i Sender: owner-freebsd-current@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Mon, Jan 21, 2002 at 01:42:00 +0100, Dag-Erling Smorgrav wrote: > > The admin can't enforce "always OPIE" for a user, because the user can > always delete his ~/.opiealways. This is per-machine choice. Long time ago, for S-KEY, it was per-terminal choice too, but OPIE currently not have per-terminal module. There is no needs to enforce it for user logged from trusted machine since whole machine is trusted. But paranoid users can enforce it for themselfs. > How about I write a pam_opieaccess(8) module and you tell me what you > think of it? It's really the cleanest solution from PAM's point of > view. Ok, I'll write it and send for review. -- Andrey A. Chernov http://ache.pp.ru/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-current" in the body of the message