From owner-freebsd-hackers Tue Dec 3 00:12:14 1996 Return-Path: owner-hackers Received: (from root@localhost) by freefall.freebsd.org (8.7.5/8.7.3) id AAA18328 for hackers-outgoing; Tue, 3 Dec 1996 00:12:14 -0800 (PST) Received: from hq.icb.chel.su (hq.icb.chel.su [193.125.10.33]) by freefall.freebsd.org (8.7.5/8.7.3) with ESMTP id AAA18289 for ; Tue, 3 Dec 1996 00:12:00 -0800 (PST) Received: (babkin@localhost) by hq.icb.chel.su (8.8.3/8.6.5) id NAA00839 for hackers@freebsd.org; Tue, 3 Dec 1996 13:12:13 +0500 (ESK) From: "Serge A. Babkin" Message-Id: <199612030812.NAA00839@hq.icb.chel.su> Subject: Does anybody need it ? To: hackers@freebsd.org Date: Tue, 3 Dec 1996 13:12:12 +0500 (ESK) X-Mailer: ELM [version 2.4 PL23] Content-Type: text Sender: owner-hackers@freebsd.org X-Loop: FreeBSD.org Precedence: bulk Hi! In order to use a FreeBSD box in our working environment I did implemented an additional security feature in it. The question is: would it be possible to commit these changes ? The idea is to limit certain logins to be accessible from certain hosts only. So I added a database that describes allowed hosts, say /etc/userhost.conf, in format like: *:host1,host2,host3 user1:host1,host4 user2:* where * means `any user' or `any host'. Then added a function userhostok(user,host) char *user; char *host; that returns 0 if access is permitted or -1 if not, just like ruserok(). Then I added this call to /usr/sbin/login. Perhaps there are other login-like programs that need this call to be added. -SB P.S. By the way, the limit of at most 200 users in one group and the maximal length of record in /etc/group of 1024 characters are TOO small. Perhaps they need to be multiplied by at least 10 to be shure that they wouldn't make a problem.