From owner-freebsd-current  Sun Feb 16 17:16:49 2003
Delivered-To: freebsd-current@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 4893337B401
	for <current@FreeBSD.ORG>; Sun, 16 Feb 2003 17:16:48 -0800 (PST)
Received: from smtp4.server.rpi.edu (smtp4.server.rpi.edu [128.113.2.4])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 670D143F3F
	for <current@FreeBSD.ORG>; Sun, 16 Feb 2003 17:16:47 -0800 (PST)
	(envelope-from drosih@rpi.edu)
Received: from [128.113.24.47] (gilead.netel.rpi.edu [128.113.24.47])
	by smtp4.server.rpi.edu (8.12.7/8.12.7) with ESMTP id h1H1Gjb6003137;
	Sun, 16 Feb 2003 20:16:45 -0500
Mime-Version: 1.0
X-Sender: drosih@mail.rpi.edu
Message-Id: <p05200f04ba75e7cb870f@[128.113.24.47]>
In-Reply-To: <200302161548.h1GFmKaX033271@grimreaper.grondar.org>
References: <200302161548.h1GFmKaX033271@grimreaper.grondar.org>
Date: Sun, 16 Feb 2003 20:16:43 -0500
To: Mark Murray <mark@grondar.org>,
	"Andrey A. Chernov" <ache@nagual.pp.ru>
From: Garance A Drosihn <drosih@rpi.edu>
Subject: Re: OPIE breakage: backout & patch for review
Cc: Dag-Erling Smorgrav <des@ofug.org>, current@FreeBSD.ORG
Content-Type: text/plain; charset="us-ascii" ; format="flowed"
X-RPI-Spam-Score: -1.6 () IN_REP_TO,QUOTED_EMAIL_TEXT,REFERENCES,SIGNATURE_SHORT_DENSE,SPAM_PHRASE_00_01
X-Scanned-By: MIMEDefang 2.28
Sender: owner-freebsd-current@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-current.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-current>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-current>
X-Loop: FreeBSD.ORG

At 3:48 PM +0000 2/16/03, Mark Murray wrote:
>"Andrey A. Chernov" writes:
>  > On Sun, Feb 16, 2003, Dag-Erling Smorgrav wrote:
>  > > "Andrey A. Chernov" <ache@nagual.pp.ru> writes:
>>  > > Admins with no /etc/opieaccess AFFECTED!
>>  >
>>  > Admins with no /etc/opieaccess IDIOTS for not running mergemaster!
>>
>  > Moreover, admins WITH old /etc/opieaccess (i.e. without your
>  > line) are affected too! Local logins becomes mysteriosly
>  > disabled for their users.
>
>With a suitable "HEADS UP!" and appropriate changes to the
>documentation, might is be possible to move _all_ policy control
>into PAM, instead of having it split between OPIE and PAM?

If I understand this right, the issue is not some split between
OPIE and PAM.  The issue is that OPIE wants a zero-length hostname
to indicate localhost.  Andrey provided a patch which allows OPIE
to keep that standard (to OPIE) meaning.  Could people try his
patch and then explain why it does not solve the problem they are
trying to solve?

If it means that PAM needs to be changed to use the same token
("") for localhost, that seems fine to me.  Just as long as it's
documented.

-- 
Garance Alistair Drosehn            =   gad@gilead.netel.rpi.edu
Senior Systems Programmer           or  gad@freebsd.org
Rensselaer Polytechnic Institute    or  drosih@rpi.edu

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-current" in the body of the message