From owner-freebsd-questions  Wed Nov  7  9:26:30 2001
Delivered-To: freebsd-questions@freebsd.org
Received: from trinity.magpage.com (trinity.magpage.com [216.155.0.8])
	by hub.freebsd.org (Postfix) with ESMTP id 97B5D37B416
	for <freebsd-questions@FreeBSD.ORG>; Wed,  7 Nov 2001 09:26:27 -0800 (PST)
Received: from magpage.com (poomba.magpage.com [216.155.24.136])
	by trinity.magpage.com (8.11.6/8.11.3) with ESMTP id fA7HQQI65858;
	Wed, 7 Nov 2001 12:26:26 -0500 (EST)
Message-ID: <3BE96EC2.70603@magpage.com>
Date: Wed, 07 Nov 2001 12:26:26 -0500
From: Daniel Frazier <dfrazier@magpage.com>
User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:0.9.4) Gecko/20011010
X-Accept-Language: en-us
MIME-Version: 1.0
To: Daniel Frazier <dfrazier@magpage.com>
Cc: freebsd-questions@FreeBSD.ORG
Subject: Any progress on bin/25263? was: Re: login.access borked???
References: <3BE852D5.1080902@magpage.com>
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
X-RRT-Status: UNKNOWN
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-questions.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-questions>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-questions>
X-Loop: FreeBSD.ORG

Daniel Frazier wrote:

> /etc/login.access doesn't seem to be working as expected.  I've tried
> to restrict logins using all the different values in the origin field
> that I can think of, but the only one that works as expected is if I
> use ALL.  If I have this line...
> 
> -:dfrazier:ALL
> 
> ...I am prevented from logging into the server as dfrazier from my
> workstation, but if I use this line...
> 
> -:dfrazier:216.155.24.136
> 
> ...I can log in even though that is my workstation's ip.  Is anyone
> successfully using login.access to restrict logins to specific login
> id's?
> 

ok, it seems that I'm running into the problem described in bin/25263,
http://www.freebsd.org/cgi/query-pr.cgi?pr=25263.  Any progress on
this?   I know a workaround would be to use hostnames in login.access,
but they're too easily spoofed to make me feel confident that I'm
restricting root logins like I want to.

-- 
----------------------------------------------------------------------
Daniel Frazier  <dfrazier@magpage.com>   Tel:  302-239-5900 Ext. 231
Systems Administrator                    Fax:  302-239-3909
MAGPAGE, We Power the Internet           WWW:  http://www.magpage.com/

"They that can give up essential liberty to obtain a little temporary
safety deserve neither liberty nor safety."
         - Benjamin Franklin, Historical Review of Pennsylvania, 1759.



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message