From owner-freebsd-hackers  Tue Dec  3 01:24:25 1996
Return-Path: owner-hackers
Received: (from root@localhost)
          by freefall.freebsd.org (8.7.5/8.7.3) id BAA20434
          for hackers-outgoing; Tue, 3 Dec 1996 01:24:25 -0800 (PST)
Received: from whale.gu.kiev.ua (whale.gu.net [194.93.190.4])
          by freefall.freebsd.org (8.7.5/8.7.3) with ESMTP id BAA20427
          for <hackers@freebsd.org>; Tue, 3 Dec 1996 01:24:19 -0800 (PST)
Received: from creator.gu.kiev.ua (stesin@creator.gu.kiev.ua [194.93.190.3]) by whale.gu.kiev.ua (8.7.5/8.7.3) with SMTP id LAA41510; Tue, 3 Dec 1996 11:17:08 +0200
Date: Tue, 3 Dec 1996 11:17:07 +0200 (EET)
From: Andrew Stesin <stesin@gu.net>
X-Sender: stesin@creator.gu.kiev.ua
To: "Serge A. Babkin" <babkin@hq.icb.chel.su>
cc: hackers@freebsd.org
Subject: Re: Does anybody need it ?
In-Reply-To: <199612030812.NAA00839@hq.icb.chel.su>
Message-ID: <Pine.BSI.3.95.961203105924.19203C-100000@creator.gu.kiev.ua>
X-NCC-RegID: ua.gu
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-hackers@freebsd.org
X-Loop: FreeBSD.org
Precedence: bulk


Hello Serge,

> The idea is to limit certain logins to be accessible from
> certain hosts only. So I added a database that describes allowed
> hosts, say /etc/userhost.conf, in format like:

	Sorry for straightforward question, but isn't a /etc/login.access
	file (as like as login.access(5) manpage) already there?
	They are on a 2.2-960612-SNAP; and this feature worked for me
	last time I checked this in summer, even without using SKey (though
	I recall that there was some minor problem in the rule parser).

> P.S. By the way, the limit of at most 200 users in one group and
> the maximal length of record in /etc/group of 1024 characters are
> TOO small. Perhaps they need to be multiplied by at least 10 to
> be shure that they wouldn't make a problem.

	I agree wholeheartly with you here; probably default of up to 2048
	users/group and 16k bytes would be Ok?  (Hope it won't be too big
	a waste of resources).

	And another question: what about having /etc/group also
	indexed in [s]pwd.db? having more than some 3-4k accounts on a system,
	with (supposedly) a separate login group for each, + some people belonging
	to several groups -- might cause a considerable slowdown at getgrent(3)
	call.

--
		Best,
			Andrew Stesin

		nic-hdl: ST73-RIPE