From owner-freebsd-audit  Fri Nov 10  5:27:50 2000
Delivered-To: freebsd-audit@freebsd.org
Received: from fledge.watson.org (fledge.watson.org [204.156.12.50])
	by hub.freebsd.org (Postfix) with ESMTP id 8596D37B4E5
	for <audit@freebsd.org>; Fri, 10 Nov 2000 05:27:48 -0800 (PST)
Received: from fledge.watson.org (robert@fledge.pr.watson.org [192.0.2.3])
	by fledge.watson.org (8.9.3/8.9.3) with SMTP id IAA60892;
	Fri, 10 Nov 2000 08:27:39 -0500 (EST)
	(envelope-from robert@fledge.watson.org)
Date: Fri, 10 Nov 2000 08:27:39 -0500 (EST)
From: Robert Watson <rwatson@freebsd.org>
X-Sender: robert@fledge.watson.org
To: Warner Losh <imp@village.org>
Cc: audit@freebsd.org
Subject: Re: Please review
In-Reply-To: <200011090004.RAA34374@harmony.village.org>
Message-ID: <Pine.NEB.3.96L.1001110082556.60481D-100000@fledge.watson.org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-audit@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG


Is there any way we could make the enabling of null passwords an account
class property and not a property of passwd?  In SSH, the acceptance of
null passwords is similarly an sshd property, and should be an account
property via classes.  While I recognize that you probably don't have room
for a full login.conf, there is presumably a way to make the default
policy without a policy file do the right thing.

Robert N M Watson             FreeBSD Core Team, TrustedBSD Project
robert@fledge.watson.org      NAI Labs, Safeport Network Services



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-audit" in the body of the message