From owner-cvs-src Sun Feb 16 8: 3:53 2003 Delivered-To: cvs-src@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7ABED37B401; Sun, 16 Feb 2003 08:03:51 -0800 (PST) Received: from storm.FreeBSD.org.uk (storm.FreeBSD.org.uk [194.242.157.42]) by mx1.FreeBSD.org (Postfix) with ESMTP id 8ED8F43F85; Sun, 16 Feb 2003 08:03:50 -0800 (PST) (envelope-from mark@grondar.org) Received: from storm.FreeBSD.org.uk (Ugrondar@localhost [127.0.0.1]) by storm.FreeBSD.org.uk (8.12.6/8.12.6) with ESMTP id h1GG3nja080742; Sun, 16 Feb 2003 16:03:49 GMT (envelope-from mark@grondar.org) Received: (from Ugrondar@localhost) by storm.FreeBSD.org.uk (8.12.6/8.12.6/Submit) with UUCP id h1GG3nKO080741; Sun, 16 Feb 2003 16:03:49 GMT X-Authentication-Warning: storm.FreeBSD.org.uk: Ugrondar set sender to mark@grondar.org using -f Received: from grondar.org (localhost [127.0.0.1]) by grimreaper.grondar.org (8.12.6/8.12.6) with ESMTP id h1GFvfaX033398; Sun, 16 Feb 2003 17:57:41 +0200 (SAST) (envelope-from mark@grondar.org) From: Mark Murray Message-Id: <200302161557.h1GFvfaX033398@grimreaper.grondar.org> To: "Andrey A. Chernov" Cc: Dag-Erling Smorgrav , src-committers@FreeBSD.org, cvs-src@FreeBSD.org, cvs-all@FreeBSD.org Subject: Re: Correct patch In-Reply-To: Your message of "Sun, 16 Feb 2003 13:38:22 +0300." <20030216103822.GA99479@nagual.pp.ru> Date: Sun, 16 Feb 2003 15:57:41 +0000 Sender: owner-cvs-src@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG "Andrey A. Chernov" writes: > On Sun, Feb 16, 2003 at 11:31:26 +0100, Dag-Erling Smorgrav wrote: > > > > What you fail to realize in spite of my attempts to explain it to you > > is that there are Real Users [tm] out there who want to be able to > > control localhost logins (or loopback ssh connections) just like > > remote logins, and your patches make that impossible. > > I understand that such users may exists, but their desires are against > OPIE way of things (at least in the form you implement it). Pre-PAMed OPIE > always allows localhost (which is "" for it). Your changes breaks "always > allowing" mode, because you made /etc/opieaccess not optional. If you want > to add a feature to OPIE, do it in the non-destructive compatible way. This splits policy between "OPIE Rules" and "PAM Rules". In order to give PAM the casting vote in policy control, OPIE may have to be "dumbed down". This may not be "Vanilla OPIE", but it is the way we are trying to push PAM, and issues like this block it. Are you more concerned about having unmodified OPIE, or are you concerned that you'll lose needed login policy control? PAM's intention is to keep the policy control, but not spread over N different types of config file and config file type. M -- Mark Murray iumop ap!sdn w,I idlaH To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe cvs-src" in the body of the message