Date: Sun, 16 Feb 2003 03:07:12 +0300 From: "Andrey A. Chernov" <ache@nagual.pp.ru> To: Dag-Erling Smorgrav <des@ofug.org> Cc: src-committers@FreeBSD.org, cvs-src@FreeBSD.org, cvs-all@FreeBSD.org Subject: Re: cvs commit: src/lib/libpam/modules/pam_opieaccess pam_opieaccess.c Message-ID: <20030216000711.GA72930@nagual.pp.ru> In-Reply-To: <20030215235556.GI72156@nagual.pp.ru> References: <200302152326.h1FNQnAr027546@repoman.freebsd.org> <20030215233943.GC72156@nagual.pp.ru> <xzpof5dm7jg.fsf@flood.ping.uio.no> <20030215235556.GI72156@nagual.pp.ru>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, Feb 16, 2003 at 02:55:56 +0300, Andrey A. Chernov wrote: > > It does not work by default; pam_opieaccess previously had special- > > case code to handle this (by explicitly allowing non-OPIE logins when > > PAM_RHOST was NULL). This behaviour was very surprising to people who > > wanted to prevent OPIE users from using their passwords even locally, > > as they had no way of knowing that login(1) happened to set PAM_RHOST > > to NULL for local logins. > > It means that pam_opieaccess() tries to handle localhost before > accessfile.c instead of correctly passing "" there for localhost case. To summarize it, localhost is "" for OPIE functions. Not NULL, not "localhost" string. PAM code must be fixed to pass what OPIE expected, i.e. "", instead of hacking OPIE code and config to do something unusual. -- Andrey A. Chernov http://ache.pp.ru/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe cvs-src" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030216000711.GA72930>