From owner-freebsd-questions@FreeBSD.ORG Sun Mar 14 13:00:43 2004 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id DEAEA16A4CE for ; Sun, 14 Mar 2004 13:00:42 -0800 (PST) Received: from hosea.tallye.com (joel.tallye.com [216.99.199.78]) by mx1.FreeBSD.org (Postfix) with ESMTP id 6DC5743D31 for ; Sun, 14 Mar 2004 13:00:39 -0800 (PST) (envelope-from lorenl@alzatex.com) Received: from hosea.tallye.com (hosea.tallye.com [127.0.0.1]) by hosea.tallye.com (8.12.8/8.12.10) with ESMTP id i2EL0cWj026174 for ; Sun, 14 Mar 2004 13:00:38 -0800 Received: (from sttng359@localhost) by hosea.tallye.com (8.12.8/8.12.10/Submit) id i2EL0cIj026172 for freebsd-questions@freebsd.org; Sun, 14 Mar 2004 13:00:38 -0800 X-Authentication-Warning: hosea.tallye.com: sttng359 set sender to lorenl@alzatex.com using -f Date: Sun, 14 Mar 2004 13:00:37 -0800 From: "Loren M. Lang" To: freebsd-questions@freebsd.org Message-ID: <20040314210037.GL1378@alzatex.com> References: <20040313180447.GA25158@keyslapper.org> <20040313162259.W74681@goodwill.io.com> <20040314155805.GB49058@keyslapper.org> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="NPWyolIJAVLYbHY6" Content-Disposition: inline In-Reply-To: <20040314155805.GB49058@keyslapper.org> User-Agent: Mutt/1.4.1i X-GPG-Key: ftp://ftp.tallye.com/pub/lorenl_pubkey.asc X-GPG-Fingerprint: B3B9 D669 69C9 09EC 1BCD 835A FAF3 7A46 E4A3 280C Subject: Re: user setup question X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 14 Mar 2004 21:00:43 -0000 --NPWyolIJAVLYbHY6 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Sun, Mar 14, 2004 at 10:58:05AM -0500, Louis LeBlanc wrote: > On 03/13/04 04:29 PM, Lars Eighner sat at the `puter and typed: > > On Sat, 13 Mar 2004, Louis LeBlanc wrote: > >=20 [..] > That is exactly what I'm trying to do. I did find the login.access > file, but it didn't seem to work. >=20 > I set the user up as follows: > -:userid:ALL EXCEPT LOCAL >=20 > which I understand is the correct syntax. Problem is how to get it to > take effect without a reboot. The manpage doesn't say anything about > restarting or HUPing a process - like you would inetd after changing > inetd.conf. >=20 > A quick Google revealed that sshd doesn't honor the login.access by > default. I set UseLogin to 'yes' in /etc/ssh/sshd_config, HUPed sshd, > and it seems to work fine. >=20 > Seems to me this should be cause for concern. Why would sshd ignore > login.access by default? Shouldn't all shell access methods honor any > form of access restriction by default? >=20 Because not all OSes have login.access, openssh runs on many platforms like linux which has no login.access. Does openbsd have a login.access? Since that is it's native os then that gives even more reason. And, for security reasons openssh uses it's own login procedure and doesn't trust the systems login command. By adding UseLogin true, it will use the system login command which, of course, obeys all the system policies like login.allow. > Thanks. > Lou > --=20 > Louis LeBlanc leblanc@keyslapper.org > Fully Funded Hobbyist, KeySlapper Extrordinaire :) > http://www.keyslapper.org ???? >=20 > Recursion n.: > See Recursion. > -- Random Shack Data Processing Dictionary > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.o= rg" >=20 >=20 > !DSPAM:40548205229492008732744! >=20 --=20 I sense much NT in you. NT leads to Bluescreen. Bluescreen leads to downtime. Downtime leads to suffering. NT is the path to the darkside. Powerful Unix is. Public Key: ftp://ftp.tallye.com/pub/lorenl_pubkey.asc Fingerprint: B3B9 D669 69C9 09EC 1BCD 835A FAF3 7A46 E4A3 280C =20 --NPWyolIJAVLYbHY6 Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQFAVMf1+vN6RuSjKAwRArYeAJ4x1Qj5uFLjFGqzeVMOySDnGIhpsgCfaaBs jZc1hQsDUmNI3Ihyz5hKnqM= =1kl7 -----END PGP SIGNATURE----- --NPWyolIJAVLYbHY6--