Date: Thu, 26 Dec 1996 04:30:03 -0800 (PST) From: Guido van Rooij <guido@gvr.win.tue.nl> To: freebsd-bugs Subject: Re: bin/2265: su(1) does not call skeyaccess() Message-ID: <199612261230.EAA18915@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
The following reply was made to PR bin/2265; it has been noted by GNATS. From: Guido van Rooij <guido@gvr.win.tue.nl> To: joerg_wunsch@uriah.heep.sax.de Cc: bradley@dunn.org, FreeBSD-gnats-submit@freebsd.org Subject: Re: bin/2265: su(1) does not call skeyaccess() Date: Mon, 23 Dec 1996 18:09:34 +0100 (MET) J Wunsch wrote: > As bradley@dunn.org wrote: > > > >Description: > > > > su(1) does not call skeyaccess() (from libskey), thus rendering the > > controls in /etc/skey.access useless. > > Well, it rather seems like it was deliberately omitted, as opposed to > forgotten. A user running su(1) has already been authenticated to the > system, and _that's_ where skey.access should hit. > > Guido, any comments on this (and perhaps even a manpage for > skeyaccess(3) :)? Not really. We use a modified su all the time. The advantage is that you never have to type in the root password over an insecure line. If there is enough demand I can add it. I will look for the manpage; I thought I'd already add it. -Guido
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199612261230.EAA18915>