Skip site navigation (1)Skip section navigation (2) 
Date:      Fri, 03 Aug 2001 15:44:14 +0100
From:      Mark Murray <mark@grondar.za>
To:        "Andrey A. Chernov" <ache@nagual.pp.ru>
Cc:        cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org
Subject:   Re: cvs commit: src/lib/libopie Makefile 
Message-ID:  <200108031444.f73EiFr06031@grimreaper.grondar.za>
In-Reply-To: <20010803002200.C3285@nagual.pp.ru> ; from "Andrey A. Chernov" <ache@nagual.pp.ru>  "Fri, 03 Aug 2001 00:22:01 %2B0400."
References:  <20010803002200.C3285@nagual.pp.ru>
next in thread | previous in thread | raw e-mail | index | archive | help 
> On Thu, Aug 02, 2001 at 11:58:52 -0700, Mark Murray wrote:
> > markm       2001/08/02 11:58:52 PDT
> > 
> >   Modified files:
> >     lib/libopie          Makefile 
> >   Log:
> >   Add opieaccess(5) functionality under the INSECURE_OPIE .ifdef.
> 
> Umm, it is not what I ask exactly. 

Yes, I know. :-)

> Maintaining /etc/opieaccess NOT belongs to INSECURE in OPIE meaning.

Do a "man opieaccess" and you will see that it _is_ insecure, and is
meant as a temporary feature for migration purposes only, and is NOT
meant for permanent installation.

>                                                                      By
> INSECURE OPIE means connection that could be potentially spyed, but
> /etc/opieaccess modification belongs to root and completely outside OPIE
> scope because not use OPIE anyhow, just system resources, so it must be
> always enabled. I.e. this sysadmin action not envolve insecure connection
> in OPIE meaning.

Read the man page.

> Now about /etc/opieaccess _contents_ (which possible could lead to
> insecure connection): lets sysadmin deside, what is secure for him and
> what is not. We should not restrict by default his right to have
> /etc/opieaccess if he wants.

That is what INSECURE_OPIE is for.

> BTW, if we plan to keep SKEY compatibility, the same /etc/skey.access was
> _always_ enabled too.

And it was insecure, too.

M
-- 
Mark Murray
Warning: this .sig is umop ap!sdn

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe cvs-all" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200108031444.f73EiFr06031>