From owner-freebsd-bugs Sun Aug 19 2:48:21 2001 Delivered-To: freebsd-bugs@freebsd.org Received: from obsecurity.dyndns.org (adsl-63-207-60-7.dsl.lsan03.pacbell.net [63.207.60.7]) by hub.freebsd.org (Postfix) with ESMTP id 9ADD137B414; Sun, 19 Aug 2001 02:48:17 -0700 (PDT) (envelope-from kris@obsecurity.org) Received: by obsecurity.dyndns.org (Postfix, from userid 1000) id 21AE666C11; Sun, 19 Aug 2001 02:48:17 -0700 (PDT) Date: Sun, 19 Aug 2001 02:48:17 -0700 From: Kris Kennaway To: Ferdinand Goldmann Cc: mike@FreeBSD.org, freebsd-bugs@FreeBSD.org Subject: Re: conf/5062: login.access not evaluated correctly Message-ID: <20010819024816.C92366@xor.obsecurity.org> References: <200107220550.f6M5o0Y73296@freefall.freebsd.org> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-md5; protocol="application/pgp-signature"; boundary="Qbvjkv9qwOGw/5Fx" Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: ; from ferdl@atommuell.oeh.uni-linz.ac.at on Wed, Jul 25, 2001 at 11:42:07AM +0200 Sender: owner-freebsd-bugs@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org --Qbvjkv9qwOGw/5Fx Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Wed, Jul 25, 2001 at 11:42:07AM +0200, Ferdinand Goldmann wrote: > Hello! >=20 > On Sat, 21 Jul 2001 mike@FreeBSD.org wrote: >=20 > > Synopsis: login.access not evaluated correctly > > > > State-Changed-From-To: open->feedback > > State-Changed-By: mike > > State-Changed-When: Sat Jul 21 22:49:39 PDT 2001 > > State-Changed-Why: > > > > Does this problem still occur in newer versions of FreeBSD, > > such as 4.3-RELEASE? > > >=20 > I have a fairly recent 4.3-STABLE now, and I just tested it. >=20 > It seems to me that this problem indeed still exists: >=20 > On the server the following login.access entry: > -:k000188:ALL EXCEPT LOCAL 140.78.4.26 >=20 > yields: >=20 > Received disconnect from 140.78.4.60: Sorry, you are not allowed to con= nect. >=20 > when trying to connect from 140.78.4.26. (nice error message, BTW) >=20 > Using: > -:k000188:ALL EXCEPT LOCAL alijku05 > gives the same error. >=20 > Using the FQDN > -:k000188:ALL EXCEPT LOCAL alijku05.edvz.uni-linz.ac.at > works: >=20 > k000181@alijku05$ ssh -l k000188 control > k000188@control's password: > Last login: Tue Jul 24 14:04:41 2001 from ... I don't think login.access is well maintained or well integrated into system utilities any more..perhaps we should deprecate it instead of giving users the false sense that it's actually working as expected. Kris --Qbvjkv9qwOGw/5Fx Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (FreeBSD) Comment: For info see http://www.gnupg.org iD8DBQE7f4tgWry0BWjoQKURAg5LAJ914o1gsQZme4ni1c1NFIf7j19jhgCeJa94 DVTK6clXWbavuYkRN9SjwHw= =c85C -----END PGP SIGNATURE----- --Qbvjkv9qwOGw/5Fx-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message