From owner-freebsd-security Tue Dec 15 08:46:00 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id IAA17344 for freebsd-security-outgoing; Tue, 15 Dec 1998 08:46:00 -0800 (PST) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from fallout.campusview.indiana.edu (fallout.campusview.indiana.edu [149.159.1.1]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id IAA17317; Tue, 15 Dec 1998 08:45:57 -0800 (PST) (envelope-from jfieber@fallout.campusview.indiana.edu) Received: from localhost (jfieber@localhost) by fallout.campusview.indiana.edu (8.9.1/8.9.1) with ESMTP id LAA90727; Tue, 15 Dec 1998 11:45:49 -0500 (EST) Date: Tue, 15 Dec 1998 11:45:48 -0500 (EST) From: John Fieber To: Robert Watson cc: Frank Tobin , FreeBSD-security Mailing List , jdp@FreeBSD.ORG Subject: Re: Limiting which users can login via xdm In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Tue, 15 Dec 1998, Robert Watson wrote: > Presumably a login.conf module could be assembled that verified the user > fell within the various bounds listed for their class in /etc/login.conf. The login(1) program currently does this to some degree. While the authentication has been PAMified, it looks to me like a lot more needs to be moved out into PAM account and session modules. The simplest would be to stick it all in pam_unix, or it could be broken down into finer grained modules. Does anyone already have plans for this? Thin it should be easy to hook xdm into this. I would assume that the Linux crowd already have some XDM patches kicking around for PAM.... -john To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message