From owner-freebsd-hackers Wed Feb 21 00:46:48 1996 Return-Path: owner-hackers Received: (from root@localhost) by freefall.freebsd.org (8.7.3/8.7.3) id AAA18436 for hackers-outgoing; Wed, 21 Feb 1996 00:46:48 -0800 (PST) Received: from baygull.rtd.com (baygull.rtd.com [198.102.68.5]) by freefall.freebsd.org (8.7.3/8.7.3) with SMTP id AAA18431 for ; Wed, 21 Feb 1996 00:46:45 -0800 (PST) Received: (from news@localhost) by baygull.rtd.com (8.6.9/8.6.9.1) id BAA16754; Wed, 21 Feb 1996 01:46:26 -0700 To: hackers@freebsd.org Path: freefall.freebsd.org!owner-freebsd-hackers From: mpp@mpp.minn.net ("Mike Pritchard") Newsgroups: rtd.freebsd.hackers Subject: Re: pop3 and blocked users Date: Tue, 20 Feb 1996 22:44:02 -0600 (CST) Lines: 28 Message-ID: <199602210444.WAA00325@mpp.minn.net> NNTP-Posting-Host: seagull.rtd.com Sender: owner-hackers@freebsd.org Precedence: bulk Mark Huizer wrote: > > > Shouldn't pop implementation check if users are having a shell not > > listed in /etc/shells? Otherwise, blocked users will stil be able to > > recieve mail.. > > Well... it's quite simple to change that. I just did it for my computing > society. Simply check it in pop_pass.c and give a POP_FAILURE. > But I feel a bit funny about it. When I had a machine with pop-accounts, I > could imagine WANTING to give ppl a non-existant shell, so they can only > access mail. > Another thing I am going to do tomorrow or something is changing it > so it won't give an error when the blocked user is connecting. It would > be even better if it would standard generate a mailbox containing of > only 1 message telling that the *()^^&* user is blocked and should take > some serious action in stead of trying to read mail You might want to change the pop daemon to honor the account expiration field (the pw_expire field in the pwd struct) instead of keying off the shell. That would let you set an nologin type shell for POP only users, but still allow you a method to totally disable the account. Take a look at the source to "login" for an example. I fixed all of the other access methods to the system to support account expiration sometime last summer/fall. -- Mike Pritchard mpp@minn.net "Go that way. Really fast. If something gets in your way, turn"