From owner-cvs-all  Thu Aug  2 13:22:14 2001
Delivered-To: cvs-all@freebsd.org
Received: from nagual.pp.ru (pobrecita.freebsd.ru [194.87.13.42])
	by hub.freebsd.org (Postfix) with ESMTP
	id E34B837B403; Thu,  2 Aug 2001 13:22:05 -0700 (PDT)
	(envelope-from ache@nagual.pp.ru)
Received: (from ache@localhost)
	by nagual.pp.ru (8.11.4/8.11.4) id f72KM3603592;
	Fri, 3 Aug 2001 00:22:04 +0400 (MSD)
	(envelope-from ache)
Date: Fri, 3 Aug 2001 00:22:01 +0400
From: "Andrey A. Chernov" <ache@nagual.pp.ru>
To: Mark Murray <markm@FreeBSD.org>
Cc: cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org
Subject: Re: cvs commit: src/lib/libopie Makefile
Message-ID: <20010803002200.C3285@nagual.pp.ru>
References: <200108021858.f72Iwqv85338@freefall.freebsd.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <200108021858.f72Iwqv85338@freefall.freebsd.org>
User-Agent: Mutt/1.3.19i
Sender: owner-cvs-all@FreeBSD.ORG
Precedence: bulk
List-ID: <cvs-all.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20cvs-all>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20cvs-all>
X-Loop: FreeBSD.ORG

On Thu, Aug 02, 2001 at 11:58:52 -0700, Mark Murray wrote:
> markm       2001/08/02 11:58:52 PDT
> 
>   Modified files:
>     lib/libopie          Makefile 
>   Log:
>   Add opieaccess(5) functionality under the INSECURE_OPIE .ifdef.

Umm, it is not what I ask exactly. 

Maintaining /etc/opieaccess NOT belongs to INSECURE in OPIE meaning. By
INSECURE OPIE means connection that could be potentially spyed, but
/etc/opieaccess modification belongs to root and completely outside OPIE
scope because not use OPIE anyhow, just system resources, so it must be
always enabled. I.e. this sysadmin action not envolve insecure connection
in OPIE meaning.

Now about /etc/opieaccess _contents_ (which possible could lead to
insecure connection): lets sysadmin deside, what is secure for him and
what is not. We should not restrict by default his right to have
/etc/opieaccess if he wants.

BTW, if we plan to keep SKEY compatibility, the same /etc/skey.access was
_always_ enabled too.

-- 
Andrey A. Chernov
http://ache.pp.ru/

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe cvs-all" in the body of the message