From owner-freebsd-hackers Tue Dec 3 05:04:01 1996 Return-Path: owner-hackers Received: (from root@localhost) by freefall.freebsd.org (8.7.5/8.7.3) id FAA10370 for hackers-outgoing; Tue, 3 Dec 1996 05:04:01 -0800 (PST) Received: from suburbia.net (suburbia.net [203.4.184.1]) by freefall.freebsd.org (8.7.5/8.7.3) with ESMTP id FAA10360 for ; Tue, 3 Dec 1996 05:03:53 -0800 (PST) Received: (from proff@localhost) by suburbia.net (8.8.3/8.8.2) id AAA07300; Wed, 4 Dec 1996 00:02:25 +1100 (EST) From: Julian Assange Message-Id: <199612031302.AAA07300@suburbia.net> Subject: Re: Does anybody need it ? In-Reply-To: <199612030812.NAA00839@hq.icb.chel.su> from "Serge A. Babkin" at "Dec 3, 96 01:12:12 pm" To: babkin@hq.icb.chel.su (Serge A. Babkin) Date: Wed, 4 Dec 1996 00:02:25 +1100 (EST) Cc: hackers@freebsd.org X-Mailer: ELM [version 2.4ME+ PL28 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-hackers@freebsd.org X-Loop: FreeBSD.org Precedence: bulk > Hi! > > In order to use a FreeBSD box in our working environment I > did implemented an additional security feature in it. The question > is: would it be possible to commit these changes ? > > The idea is to limit certain logins to be accessible from > certain hosts only. So I added a database that describes allowed > hosts, say /etc/userhost.conf, in format like: > > *:host1,host2,host3 > user1:host1,host4 > user2:* > > where * means `any user' or `any host'. Then added a function I don't like these solutions, though I'd be reluctant to say no to anything that is functioning code even if it isn't optimal. Ideally we should have a general authentication library that performs matching of credentials and credential types seeking services. Credentials are items such as tty, password authentication, various crypto- graphic authenticators and groups of equivalient credentials. Services are items such as finger, ftpd, shell, mail and grouping of services. This is about as good a generic authentication scheme as you can achive without resorting to mac esotrics. Julian A.