From owner-freebsd-security@FreeBSD.ORG  Sat Jul 12 09:56:25 2003
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Delivered-To: freebsd-security@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id EFA4337B404
	for <freebsd-security@freebsd.org>;
	Sat, 12 Jul 2003 09:56:25 -0700 (PDT)
Received: from blue.gerhardt-it.com (gw.gerhardt-it.com [204.83.38.103])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 9A1D143FB1
	for <freebsd-security@freebsd.org>;
	Sat, 12 Jul 2003 09:56:20 -0700 (PDT)	(envelope-from scott@g-it.ca)
Received: from [24.78.101.202] (h24-78-101-202.ss.shawcable.net
	[24.78.101.202])	by blue.gerhardt-it.com (Postfix) with ESMTP
	id 16EFEFDC9; Sat, 12 Jul 2003 10:56:19 -0600 (CST)
User-Agent: Microsoft-Entourage/10.1.1.2418
Date: Sat, 12 Jul 2003 10:56:18 -0600
From: Scott Gerhardt <scott@g-it.ca>
To: Mike Tancsa <mike@sentex.net>, <freebsd-security@freebsd.org>
Message-ID: <BB3599D2.58A0%scott@g-it.ca>
In-Reply-To: <5.2.0.9.0.20030712123406.04558440@209.112.4.2>
Mime-version: 1.0
Content-type: text/plain; charset="US-ASCII"
Content-transfer-encoding: 7bit
Subject: Re: Login.Access
X-BeenThere: freebsd-security@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Security issues [members-only posting]
	<freebsd-security.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>,
	<mailto:freebsd-security-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security>
List-Post: <mailto:freebsd-security@freebsd.org>
List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>,
	<mailto:freebsd-security-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 12 Jul 2003 16:56:26 -0000


I was using the default sshd config which has "UseLogin no".  I changed it
to "yes, restarted sshd and logins are now denied/allowd as defined in my
/etc/login.access.

Thanks!


I would like to know if there any negative effect or implications of setting
"UseLogin yes" in sshd_config?

Cheers,

--
Scott


On 7/12/03 10:35 AM, "Mike Tancsa" <mike@sentex.net> wrote:

> I am not sure if sshd out of the box honours it or not.  Do you have
> UseLogin yes or no ?
> 
>        ---Mike
> At 08:23 AM 11/07/2003 -0600, Scott Gerhardt wrote:
> 
>> Login seems to be ignoring my /etc/login.access settings.
>> 
>> I have the following entries (see below) in my login.access, yet any new
>> user (not in the wheel group) is still allowed to login.  What am I missing?
>> 
>> 
>> # $FreeBSD: src/etc/login.access,v 1.3 1999/08/27 23:23:42 peter Exp $
>> #
>> -:ALL EXCEPT wheel:console
>> -:ALL EXCEPT wheel:ALL
>> 
>> 
>> Thanks,
>> 
>> 
>> --
>> Scott Gerhardt, P.Geo.
>> Gerhardt Information Technologies [G-IT]
>> 
>> 
>> _______________________________________________
>> freebsd-security@freebsd.org mailing list
>> http://lists.freebsd.org/mailman/listinfo/freebsd-security
>> To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"
> 
> _______________________________________________
> freebsd-security@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-security
> To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"


-- 
Scott Gerhardt, P.Geo.
Gerhardt Information Technologies [G-IT]