Date: Wed, 15 Jul 1998 10:19:43 -0400 From: Matthew Hunt <mph@pobox.com> To: Wes Peters <wes@softweyr.com>, tom@uniserve.com Cc: paulo@nlink.com.br, jer@jorsm.com, freebsd-stable@FreeBSD.ORG Subject: Re: Finger and getpwent Message-ID: <19980715101943.A27075@mstar.astro.psu.edu> In-Reply-To: <199807151407.IAA15645@obie.softweyr.com>; from Wes Peters on Wed, Jul 15, 1998 at 08:07:59AM -0600 References: <Pine.BSF.3.96.980714105203.7431D-100000@shell.uniserve.ca> <199807151407.IAA15645@obie.softweyr.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, Jul 15, 1998 at 08:07:59AM -0600, Wes Peters wrote: > % Except that nologin just stops shell logins, not all password > % authentication. So POP, IMAP, some FTP, RADIUS, all suceed. Munging the > % password field is better. Attempts to access disabled accounts is logged > % as well, as will all incorrect passwords. > > These daemons should all be FIXED to not allow logins if the shell isn't > in /etc/shells. ftpd and wu-ftpd already do this; if the others don't, > we should ask the port maintainers to "fix" them for us. ;^) I would find it surprising if an invalid shell prevented users from using POP or IMAP. Disallowing shell logins and ftp while allowing mail retrieval seems like a very common configuration; how would you propose to setup a POP server if the POP daemon checked /etc/shells? -- Matthew Hunt <mph@pobox.com> * Stay close to the Vorlon. http://www.pobox.com/~mph/pgp.key for PGP public key 0x67203349. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19980715101943.A27075>