Date: Tue, 3 Dec 1996 11:17:07 +0200 (EET) From: Andrew Stesin <stesin@gu.net> To: "Serge A. Babkin" <babkin@hq.icb.chel.su> Cc: hackers@freebsd.org Subject: Re: Does anybody need it ? Message-ID: <Pine.BSI.3.95.961203105924.19203C-100000@creator.gu.kiev.ua> In-Reply-To: <199612030812.NAA00839@hq.icb.chel.su>
next in thread | previous in thread | raw e-mail | index | archive | help
Hello Serge, > The idea is to limit certain logins to be accessible from > certain hosts only. So I added a database that describes allowed > hosts, say /etc/userhost.conf, in format like: Sorry for straightforward question, but isn't a /etc/login.access file (as like as login.access(5) manpage) already there? They are on a 2.2-960612-SNAP; and this feature worked for me last time I checked this in summer, even without using SKey (though I recall that there was some minor problem in the rule parser). > P.S. By the way, the limit of at most 200 users in one group and > the maximal length of record in /etc/group of 1024 characters are > TOO small. Perhaps they need to be multiplied by at least 10 to > be shure that they wouldn't make a problem. I agree wholeheartly with you here; probably default of up to 2048 users/group and 16k bytes would be Ok? (Hope it won't be too big a waste of resources). And another question: what about having /etc/group also indexed in [s]pwd.db? having more than some 3-4k accounts on a system, with (supposedly) a separate login group for each, + some people belonging to several groups -- might cause a considerable slowdown at getgrent(3) call. -- Best, Andrew Stesin nic-hdl: ST73-RIPE
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSI.3.95.961203105924.19203C-100000>