Date: Sun, 16 Feb 2003 15:57:41 +0000 From: Mark Murray <mark@grondar.org> To: "Andrey A. Chernov" <ache@nagual.pp.ru> Cc: Dag-Erling Smorgrav <des@ofug.org>, src-committers@FreeBSD.org, cvs-src@FreeBSD.org, cvs-all@FreeBSD.org Subject: Re: Correct patch Message-ID: <200302161557.h1GFvfaX033398@grimreaper.grondar.org> In-Reply-To: Your message of "Sun, 16 Feb 2003 13:38:22 %2B0300." <20030216103822.GA99479@nagual.pp.ru>
next in thread | previous in thread | raw e-mail | index | archive | help
"Andrey A. Chernov" writes: > On Sun, Feb 16, 2003 at 11:31:26 +0100, Dag-Erling Smorgrav wrote: > > > > What you fail to realize in spite of my attempts to explain it to you > > is that there are Real Users [tm] out there who want to be able to > > control localhost logins (or loopback ssh connections) just like > > remote logins, and your patches make that impossible. > > I understand that such users may exists, but their desires are against > OPIE way of things (at least in the form you implement it). Pre-PAMed OPIE > always allows localhost (which is "" for it). Your changes breaks "always > allowing" mode, because you made /etc/opieaccess not optional. If you want > to add a feature to OPIE, do it in the non-destructive compatible way. This splits policy between "OPIE Rules" and "PAM Rules". In order to give PAM the casting vote in policy control, OPIE may have to be "dumbed down". This may not be "Vanilla OPIE", but it is the way we are trying to push PAM, and issues like this block it. Are you more concerned about having unmodified OPIE, or are you concerned that you'll lose needed login policy control? PAM's intention is to keep the policy control, but not spread over N different types of config file and config file type. M -- Mark Murray iumop ap!sdn w,I idlaH To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe cvs-src" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200302161557.h1GFvfaX033398>