Date: Fri, 25 Jan 2002 04:11:34 +0300 From: "Andrey A. Chernov" <ache@nagual.pp.ru> To: Robert Watson <rwatson@FreeBSD.org> Cc: Dag-Erling Smorgrav <des@FreeBSD.org>, cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org Subject: Re: cvs commit: src/lib/libpam/modules/pam_opieaccess pam_opieaccess.c Message-ID: <20020125011133.GA89474@nagual.pp.ru> In-Reply-To: <Pine.NEB.3.96L.1020124200023.67438I-100000@fledge.watson.org> References: <20020125005725.GA89369@nagual.pp.ru> <Pine.NEB.3.96L.1020124200023.67438I-100000@fledge.watson.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, Jan 24, 2002 at 20:03:07 -0500, Robert Watson wrote: > > > > To prevent any tricks with resolver it is always better to pass numeric > > IP address into PAM's RHOST when possible. > > Will it ever not be possible to pass a numeric IP address? For network connection, you get IP address first, not DNS name. I see no much sense to resolve it into DNS name then pass it to PAM where modules will resolve it back to IP address. This whole part can be skipped to be more secure in case something happens with resolver. -- Andrey A. Chernov http://ache.pp.ru/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe cvs-all" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020125011133.GA89474>