From owner-cvs-all  Fri Aug  3  9:34: 8 2001
Delivered-To: cvs-all@freebsd.org
Received: from nagual.pp.ru (pobrecita.freebsd.ru [194.87.13.42])
	by hub.freebsd.org (Postfix) with ESMTP
	id 4237F37B403; Fri,  3 Aug 2001 09:34:01 -0700 (PDT)
	(envelope-from ache@nagual.pp.ru)
Received: (from ache@localhost)
	by nagual.pp.ru (8.11.4/8.11.4) id f73GSOM15806;
	Fri, 3 Aug 2001 20:28:24 +0400 (MSD)
	(envelope-from ache)
Date: Fri, 3 Aug 2001 20:28:23 +0400
From: "Andrey A. Chernov" <ache@nagual.pp.ru>
To: Mark Murray <mark@grondar.za>
Cc: cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org
Subject: Re: cvs commit: src/lib/libopie Makefile
Message-ID: <20010803202823.A15671@nagual.pp.ru>
References: <20010803002200.C3285@nagual.pp.ru> <200108031444.f73EiFr06031@grimreaper.grondar.za>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <200108031444.f73EiFr06031@grimreaper.grondar.za>
User-Agent: Mutt/1.3.19i
Sender: owner-cvs-all@FreeBSD.ORG
Precedence: bulk
List-ID: <cvs-all.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20cvs-all>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20cvs-all>
X-Loop: FreeBSD.ORG

On Fri, Aug 03, 2001 at 15:44:14 +0100, Mark Murray wrote:
> > Maintaining /etc/opieaccess NOT belongs to INSECURE in OPIE meaning.
> 
> Do a "man opieaccess" and you will see that it _is_ insecure, and is
> meant as a temporary feature for migration purposes only, and is NOT
> meant for permanent installation.

Practical reason behind of it was:
various sorts of tunneling (FTP via SSH f.e.) can't be enabled, if local
host addresses (excepting localhost) was not added to /etc/opieaccess

> Read the man page.

Of course, I already read it, but disagree. My point is that OPIE must
either:

a) Detect SSH connection present (which _is_ secure).
b) Relax its insecure restrictions.

Otherwise it is not possible to use OPIE in SSH connections which are more
common nowdays than ever telnet connections.

Old SKEY library use way b)

-- 
Andrey A. Chernov
http://ache.pp.ru/

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe cvs-all" in the body of the message