From owner-freebsd-security@FreeBSD.ORG  Mon Jul 14 04:58:01 2003
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Delivered-To: freebsd-security@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 22F3537B401
	for <freebsd-security@freebsd.org>;
	Mon, 14 Jul 2003 04:58:01 -0700 (PDT)
Received: from cage.simianscience.com (cage.simianscience.com [64.7.134.1])
	by mx1.FreeBSD.org (Postfix) with ESMTP id F38A743F85
	for <freebsd-security@freebsd.org>;
	Mon, 14 Jul 2003 04:57:59 -0700 (PDT)	(envelope-from mike@sentex.net)
Received: from house.sentex.net (fcage [192.168.0.2])h6EBvtlD065506;
	Mon, 14 Jul 2003 07:57:56 -0400 (EDT)	(envelope-from mike@sentex.net)
Message-Id: <5.2.0.9.0.20030714075530.0642be10@192.168.0.12>
X-Sender: mdtancsa@192.168.0.12
X-Mailer: QUALCOMM Windows Eudora Version 5.2.0.9
Date: Mon, 14 Jul 2003 07:55:58 -0400
To: des@des.no (Dag-Erling =?iso-8859-1?Q?Sm=F8rgrav?= )
From: Mike Tancsa <mike@sentex.net>
In-Reply-To: <xzpwuelz5zt.fsf@dwp.des.no>
References: <5.2.0.9.0.20030714073542.05d587b0@192.168.0.12>
 <BB3599D2.58A0%scott@g-it.ca>
 <BB3599D2.58A0%scott@g-it.ca>
 <5.2.0.9.0.20030714073542.05d587b0@192.168.0.12>
Mime-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"; format=flowed
Content-Transfer-Encoding: quoted-printable
X-Virus-Scanned: amavis-20020220
cc: freebsd-security@freebsd.org
cc: Scott Gerhardt <scott@g-it.ca>
Subject: Re: Login.Access
X-BeenThere: freebsd-security@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Security issues [members-only posting]
	<freebsd-security.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>,
	<mailto:freebsd-security-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security>
List-Post: <mailto:freebsd-security@freebsd.org>
List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>,
	<mailto:freebsd-security-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 14 Jul 2003 11:58:01 -0000

At 01:45 PM 7/14/2003 +0200, Dag-Erling Sm=F8rgrav wrote:
>Mike Tancsa <mike@sentex.net> writes:
> > 4.8 STABLE.  So, how do you get sshd to listen to login.access ?
> > i.e. what is the correct solution
>
>What does 'grep sshd /etc/pam.conf' say?

Its the default thats in the current cvs tree

shell2% uname -a
FreeBSD shell2.sentex.ca 4.8-STABLE FreeBSD 4.8-STABLE #0: Fri Jul  4=20
05:47:48 EDT=20
2003     mdtancsa@shell2.sentex.ca:/usr/obj/usr/src/sys/shell2  i386
shell2% diff /etc/pam.conf /usr/src/etc/pam.conf
shell2% grep -i sshd /etc/pam.conf | grep -v ^#
sshd    auth    sufficient      pam_skey.so
sshd    auth    sufficient      pam_opie.so                    =
 no_fake_prompts
sshd    auth    required        pam_unix.so                    =
 try_first_pass
sshd    account required        pam_unix.so
sshd    password required       pam_permit.so
sshd    session required        pam_permit.so
shell2%

         ---Mike
--------------------------------------------------------------------
Mike Tancsa,                          	          tel +1 519 651 3400
Sentex Communications,     			  mike@sentex.net
Providing Internet since 1994                    www.sentex.net
Cambridge, Ontario Canada			  www.sentex.net/mike